Manual:$wgFileBlacklist
From MediaWiki.org
| Uploads: $wgFileBlacklist | |
|---|---|
| Files with these extensions will never be allowed as uploads. |
|
| Introduced in version: | 1.2.0 |
| Removed in version: | still in use |
| Allowed values: | |
| Default value: | (see below) |
Other settings: Alphabetical | By Function
Details [edit]
Files with these extensions will never be allowed as uploads if $wgCheckFileExtensions is set to true.
$wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'php5', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
$wgFileBlacklist overrides $wgFileExtensions, so you must remove an extension from the blacklist before you can upload files that have it. For instance, to allow users to upload executables, add this to LocalSettings.php:
$wgFileExtensions[] = 'exe'; $wgFileBlacklist = array_diff( $wgFileBlacklist, array ('exe') );
History [edit]
- 'cgi' was added in 1.3.8
- 'js' and 'jsb' were added in 1.5.0
- 'php5' was added in 1.8.0
See also [edit]
| Language: | English • italiano • 日本語 • русский |
|---|
