Manual:$wgProhibitedFileExtensions/de-formal

From Linux Web Expert

<translate> Files and file uploads</translate>: $wgProhibitedFileExtensions
Files with these extensions will never be allowed as uploads.
<translate> Introduced in version:</translate>1.37.0 (Gerrit change 680806; git #4dae3b1a)
<translate> Removed in version:</translate><translate> still in use</translate>
<translate> Allowed values:</translate>(array)
<translate> Default value:</translate>(see below)
<translate> Other settings:</translate> <translate> Alphabetical</translate> | <translate> By function</translate>

Details

Files with these extensions will never be allowed as uploads.

$wgProhibitedFileExtensions overrides $wgFileExtensions , so you must remove an extension from the blacklist before you can upload files that have it. For instance, to allow users to upload executables, add this to LocalSettings.php : 

$wgFileExtensions[] = 'exe';
$wgProhibitedFileExtensions = array_diff(
    $wgProhibitedFileExtensions,
    [ 'exe' ] 
);
$wgMimeTypeExclusions = array_diff(
    $wgMimeTypeExclusions, 
    [ 'application/x-msdownload' ]
);

This configuration parameter used previously was $wgFileBlacklist .

Default values

<td class="mw-version-versionbox" title="<translate nowrap> The latest stable version is <tvar name=1>1.41</tvar></translate>">
<translate> ≥</translate> 1.41
<translate> MediaWiki version:</translate> 
$wgProhibitedFileExtensions = [
	# HTML may contain cookie-stealing JavaScript and web bugs
	'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht',
	# PHP scripts may execute arbitrary code on the server
	'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'phar',
	# Other types that may be interpreted by some servers
	'shtml', 'jhtml', 'pl', 'py', 'cgi',
	# May contain harmful executables for Windows victims
	'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl',
	# T341565
	'xml',
];
<td class="mw-version-versionbox" title="<translate nowrap> MediaWiki <tvar name=1>1.40</tvar> is legacy version</translate>">
1.37 – 1.40
<translate> MediaWiki versions:</translate> 
$wgProhibitedFileExtensions = [
	# HTML may contain cookie-stealing JavaScript and web bugs
	'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht',
	# PHP scripts may execute arbitrary code on the server
	'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'phar',
	# Other types that may be interpreted by some servers
	'shtml', 'jhtml', 'pl', 'py', 'cgi',
	# May contain harmful executables for Windows victims
	'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl'
];

See also

  • The filename-prefix-blacklist system message defines prohibited prefixes, to avoid non-descriptive (usually camera-generated) filenames.
Retrieved from "https://www.linuxwebexpert.com/wiki/index.php?title=Manual:$wgProhibitedFileExtensions/de-formal&oldid=47145"