This directive is available in Movable Type 5.11, 5.051, 4.361 and later.
DeniedAssetFileExtensions is the blacklist. The default value is "ascx,asis,asp,aspx,bat,cfc,cfm,cgi,cmd,com,cpl,dll,exe,htaccess,htm,html, inc,jhtml,js,jsb,jsp,mht,mhtml,msi,php,php2,php3,php4,php5, phps,phtm,phtml,pif,pl,pwml,py,reg,scr,sh,shtm,shtml,vbs,vxd,pm,so,rb,htc".
Files with these extensions will not be allowed as uploads. If you wish to upload one of these blacklisted files, you must specify your own list by removing the file extensions which you wish to upload.
AssetFileExtensions is the white-list. The default value is set to null. When this configuration directive is specified, Movable Type will accept only files with the specified extensions as uploads. For example, the following list allows users to upload only images and movies. "gif,jpe?g,png,bmp,tiff?,mp3,ogg,aiff,wav,wma,aac,flac,m4a, mov,avi,3gp,asf,mp4,qt,wmv,asx,mpg,flv,mkv,ogm".
When the same file extension is set in DeniedAssetFileExtensions and in AssetFileExtension together, DeniedAssetFileExtension will override AssetFileExtensions, thus a user cannot upload files with the extension.