diff --git a/includes/file.inc b/includes/file.inc
index 30fd445..aac4737 100644
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -70,6 +70,16 @@ define('FILE_EXISTS_ERROR', 2);
 define('FILE_STATUS_PERMANENT', 1);
 
 /**
+ * Allow only the listed file extensions.
+ */
+define('FILE_ALLOW_EXTENSIONS_LISTED', 0);
+
+/**
+ * Allow all extensions except those listed.
+ */
+define('FILE_ALLOW_EXTENSIONS_NOTLISTED', 1);
+
+/**
  * Methods to manage a registry of stream wrappers.
  */
 
@@ -1636,13 +1646,17 @@ function file_validate_name_length(stdClass $file) {
  *
  * @see hook_file_validate()
  */
-function file_validate_extensions(stdClass $file, $extensions) {
+function file_validate_extensions(stdClass $file, $extensions, $inclusive = FILE_ALLOW_EXTENSIONS_LISTED) {
   $errors = array();
 
   $regex = '/\.(' . preg_replace('/ +/', '|', preg_quote($extensions)) . ')$/i';
-  if (!preg_match($regex, $file->filename)) {
+  
+  if ($inclusive == FILE_ALLOW_EXTENSIONS_LISTED && !preg_match($regex, $file->filename)) {
     $errors[] = t('Only files with the following extensions are allowed: %files-allowed.', array('%files-allowed' => $extensions));
   }
+  elseif ($inclusive == FILE_ALLOW_EXTENSIONS_NOTLISTED && preg_match($regex, $file->filename))  {
+    $errors[] = t('Files with the following extensions are not allowed: %files-allowed.', array('%files-allowed' => $extensions));
+  }
   return $errors;
 }
 
diff --git a/modules/file/file.field.inc b/modules/file/file.field.inc
index 2af3cb6..abd5f99 100644
--- a/modules/file/file.field.inc
+++ b/modules/file/file.field.inc
@@ -85,16 +85,21 @@ function file_field_instance_settings_form($field, $instance) {
 
   // Make the extension list a little more human-friendly by comma-separation.
   $extensions = str_replace(' ', ', ', $settings['file_extensions']);
+  $form['inclusion']= array(
+    '#type' => 'radios', 
+    '#title' => t('Allowed file extensions'),
+    '#options' => array(
+      FILE_ALLOW_EXTENSIONS_LISTED => t('Only the listed extensions'), 
+      FILE_ALLOW_EXTENSIONS_NOTLISTED => t('All extensions except those listed'),
+    ), 
+    '#default_value' => isset($settings['inclusion']) ? $settings['inclusion'] : FILE_ALLOW_EXTENSIONS_LISTED,
+  );
   $form['file_extensions'] = array(
     '#type' => 'textfield',
-    '#title' => t('Allowed file extensions'),
     '#default_value' => $extensions,
     '#description' => t('Separate extensions with a space or comma and do not include the leading dot.'),
     '#element_validate' => array('_file_generic_settings_extensions'),
     '#weight' => 1,
-    // By making this field required, we prevent a potential security issue
-    // that would allow files of any type to be uploaded.
-    '#required' => TRUE,
   );
 
   $form['max_filesize'] = array(
@@ -149,6 +154,9 @@ function _file_generic_settings_extensions($element, &$form_state) {
       form_set_value($element, $extensions, $form_state);
     }
   }
+  elseif ($form_state['values']['instance']['settings']['inclusion'] == FILE_ALLOW_EXTENSIONS_LISTED) {
+    form_error($element, t('You must provide a list of extensions. If you would like to allow all extensions, leave the list of extensions blank, and change the inclusion settings to "All extensions except those listed".'));
+  }
 }
 
 /**
@@ -547,14 +555,19 @@ function file_field_widget_upload_validators($field, $instance) {
     $max_filesize = parse_size($instance['settings']['max_filesize']);
   }
 
+  // by default make inclusion setting as secure as possible
+  if (!isset($instance['settings']['inclusion'])) {
+    $instance['settings']['inclusion'] = FILE_ALLOW_EXTENSIONS_LISTED;
+  }
+
   $validators = array();
 
   // There is always a file size limit due to the PHP server limit.
   $validators['file_validate_size'] = array($max_filesize);
 
   // Add the extension check if necessary.
-  if (!empty($instance['settings']['file_extensions'])) {
-    $validators['file_validate_extensions'] = array($instance['settings']['file_extensions']);
+  if (!empty($instance['settings']['file_extensions']) || $instance['settings']['inclusion'] == FILE_ALLOW_EXTENSIONS_NOTLISTED) {
+    $validators['file_validate_extensions'] = array($instance['settings']['file_extensions'], $instance['settings']['inclusion']);
   }
 
   return $validators;
@@ -914,8 +927,14 @@ function theme_file_upload_help($variables) {
   if (isset($upload_validators['file_validate_size'])) {
     $descriptions[] = t('Files must be less than !size.', array('!size' => '<strong>' . format_size($upload_validators['file_validate_size'][0]) . '</strong>'));
   }
-  if (isset($upload_validators['file_validate_extensions'])) {
-    $descriptions[] = t('Allowed file types: !extensions.', array('!extensions' => '<strong>' . check_plain($upload_validators['file_validate_extensions'][0]) . '</strong>'));
+  if (isset($upload_validators['file_validate_extensions']) && !empty($upload_validators['file_validate_extensions'][0])) {
+    if ($upload_validators['file_validate_extensions'][1] == FILE_ALLOW_EXTENSIONS_NOTLISTED) {
+      $inclusion = t('Disallowed');
+    }
+    else {
+      $inclusion = t('Allowed');
+    }
+    $descriptions[] = t('!inclusion file types: !extensions.', array('!inclusion' => $inclusion, '!extensions' => '<strong>' . check_plain($upload_validators['file_validate_extensions'][0]) . '</strong>'));
   }
   if (isset($upload_validators['file_validate_image_resolution'])) {
     $max = $upload_validators['file_validate_image_resolution'][0];
diff --git a/modules/file/file.js b/modules/file/file.js
index 1071384..fde8fae 100644
--- a/modules/file/file.js
+++ b/modules/file/file.js
@@ -10,6 +10,9 @@
 
 (function ($) {
 
+var fileAllowExtensionsListed = 0;
+var fileAllowExtensionsNotListed = 1;
+
 /**
  * Attach behaviors to managed file element upload fields.
  */
@@ -17,8 +20,9 @@ Drupal.behaviors.fileValidateAutoAttach = {
   attach: function (context, settings) {
     if (settings.file && settings.file.elements) {
       $.each(settings.file.elements, function(selector) {
-        var extensions = settings.file.elements[selector];
-        $(selector, context).bind('change', {extensions: extensions}, Drupal.file.validateExtension);
+        var extensions = settings.file.elements[selector][0];
+        var inclusion = settings.file.elements[selector][1] || fileAllowExtensionsListed;
+        $(selector, context).bind('change', {extensions: extensions, inclusion: inclusion}, Drupal.file.validateExtension);
       });
     }
   },
@@ -65,14 +69,19 @@ Drupal.file = Drupal.file || {
    * Client-side file input validation of file extensions.
    */
   validateExtension: function (event) {
+    // Avoid looping when the value is cleared.
+    if (this.value == '') {
+      return true;
+    }
     // Remove any previous errors.
     $('.file-upload-js-error').remove();
 
     // Add client side validation for the input[type=file].
+    var inclusion = event.data.inclusion;
     var extensionPattern = event.data.extensions.replace(/,\s*/g, '|');
     if (extensionPattern.length > 1 && this.value.length > 0) {
       var acceptableMatch = new RegExp('\\.(' + extensionPattern + ')$', 'gi');
-      if (!acceptableMatch.test(this.value)) {
+      if (inclusion == fileAllowExtensionsListed && !acceptableMatch.test(this.value)) {
         var error = Drupal.t("The selected file %filename cannot be uploaded. Only files with the following extensions are allowed: %extensions.", {
           '%filename': this.value,
           '%extensions': extensionPattern.replace(/\|/g, ', ')
@@ -81,6 +90,15 @@ Drupal.file = Drupal.file || {
         this.value = '';
         return false;
       }
+      else if (inclusion == fileAllowExtensionsNotListed && acceptableMatch.test(this.value)) {
+        var error = Drupal.t("The selected file %filename cannot be uploaded. Files with the following extensions are not allowed: %extensions.", {
+          '%filename': this.value,
+          '%extensions': extensionPattern.replace(/\|/g, ', ')
+        });
+        $(this).parents('div.form-managed-file').prepend('<div class="messages error file-upload-js-error">' + error + '</div>');
+        this.value = '';
+        return false;
+      }
     }
   },
   /**
diff --git a/modules/file/file.module b/modules/file/file.module
index 83de0f6..3cff2d7 100644
--- a/modules/file/file.module
+++ b/modules/file/file.module
@@ -443,12 +443,24 @@ function file_managed_file_process($element, &$form_state, $form) {
   }
 
   // Add the extension list to the page as JavaScript settings.
-  if (isset($element['#upload_validators']['file_validate_extensions'][0])) {
-    $extension_list = implode(',', array_filter(explode(' ', $element['#upload_validators']['file_validate_extensions'][0])));
+  if (isset($element['#upload_validators']['file_validate_extensions'])) {
+    $extension_list = '';
+    if (!empty($element['#upload_validators']['file_validate_extensions'])) {
+      $extension_list = implode(',', array_filter(explode(' ', $element['#upload_validators']['file_validate_extensions'][0])));
+    }
     $element['upload']['#attached']['js'] = array(
       array(
         'type' => 'setting',
-        'data' => array('file' => array('elements' => array('#' . $element['#id'] . '-upload' => $extension_list)))
+        'data' => array(
+          'file' => array(
+            'elements' => array(
+              '#' . $element['#id'] . '-upload' => array(
+                $extension_list,
+                $element['#upload_validators']['file_validate_extensions'][1]
+              )
+            )
+          )
+        )
       )
     );
   }