My post is just to question this response given by the extensions installer in DNN 5.0

1) What exactly are the 'invalid file extensions'? that are in the standard DNN build.  Every single module I have built and packaged for DNN 5.0 throws this error message.

2) Does anyone else think this message is a bad idea?  Just google the phrase 'package contains files with invalid File Extensions' and you'll get plenty of references to module FAQ and support pages (both core and third party modules) explaining to people to just tick and ignore the message.   The problem is further exacerbated by the sluggish ajax UI, which means that most people tick the option, click the browse, then find their selected file has been cleared when the ajax postback finally completes.  You end up in a 2 minute frustrating click fest with the installer, all the while it is 'yelling' at you in angry red text.

Most of the time (and reading some of the posts around the place) the users think they have either done something wrong, or they have inadvertently loaded a module with a virus or something in it. 

I think this addition to DNN 5 is a big step backwards.  And here's why:

1) If the majority of modules contain files with these invalid extensions, then they shouldn't be considered invalid.

2) the tick and upload shouldn't be a ajax postback.  It would be possible to check the checkbox value on the postback from the 'next' click, to see if the 'ignore' checkbox had been clicked.  On slow websites it becomes excruciating to load up a module or extension, whereas in dnn 4.x it was very snappy.

3) It shouldn't be in angry red text, and it should be an informative message.  It should list the files that offend, and the file types, and allow the user to make the choice whether they are a risk or not.

Whilst I applaud the effort to stop the spread of malicious module files, having a warning message that goes off every time you use the 'thing' makes the warning message pointless (Vista UAC case in point).  In addition, a lot of non-technical people feel quite apprehensive about installing extensions, and to have the system yell at them at the first step of the process has probably scared more than one person off from installing a particular module.  Remember that if one person posts about it, you can be sure another 10 have probably taken the advice and not installed the module.

I'd like to see the functionality dropped altogether, or least toned down as per my suggestions above.  But mostly I'd like to see some discussion on the topic to see what others think.  Thoughts, anyone?

So it's the .htm file?   That's what's causing it?  How strange.  I suppose a html file could be used to place content onto a server in a DNN install.  But just the presence of a .htm file seems innocuous enough.

My further problem with the ignore is the order in which the 'ignore' checkbox and 'browse' controls are shown.  If you get the warning, you immediately click on the 'browse' to reselect your file.  You then (logically) move down the page, and tick the 'ignore' checkbox.  This triggers the postback, which loses your browse selection.  So at a very minimum, the order of the checkbox and the 'browse' file select control needs to be reversed.