Manual:$wgMimeTypeExclusions/ja
From Linux Web Expert
| <translate> MIME types</translate>: $wgMimeTypeExclusions | |
|---|---|
| $wgVerifyMimeType が有効な場合の、許可しない MIME タイプ。 |
|
| <translate> Introduced in version:</translate> | 1.37.0 (Gerrit change 680806; git #4dae3b1a) |
| <translate> Removed in version:</translate> | <translate> still in use</translate> |
| <translate> Allowed values:</translate> | (MIME タイプ (文字列) の配列) |
| <translate> Default value:</translate> | (下記参照) |
| <translate> Other settings:</translate> <translate> Alphabetical</translate> | <translate> By function</translate> | |
詳細
$wgVerifyMimeType が有効な場合、これらの MIME タイプのファイルのアップロードを禁止します。
この変数は以前は $wgMimeTypeBlacklist でした。
既定値
<td class="mw-version-versionbox" title="<translate nowrap> The latest stable version is <tvar name=1>1.41</tvar></translate>"><translate> ≥</translate> 1.41
| <translate> MediaWiki version:</translate> |
- 1.39.5 (gerrit:961942, phab:T341565)
- 1.40.1 (gerrit:961949, phab:T341565)
$wgMimeTypeExclusions = [
# HTML は、Cookie を盗む JavaScript や Web のバグを含む場合がある
'text/html',
# Similarly with JavaScript itself
'application/javascript', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP スクリプトは、サーバー上で任意のコードを実行できてしまう
'application/x-php', 'text/x-php',
# 一部のサーバーで解釈できる場合があるその他のファイル形式
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Internet Explorer 向けのクライアント側の脅威
'text/scriptlet', 'application/x-msdownload',
# Windows メタファイル。一部のシステムでクライアント側の脆弱性になる
'application/x-msmetafile',
# Files that look like java files
'application/java',
# XML files generally - T341565
'application/xml', 'text/xml',
];
1.39 – 1.40
| <translate> MediaWiki versions:</translate> |
$wgMimeTypeExclusions = [
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html',
# Similarly with JavaScript itself
'application/javascript', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Client-side hazards on Internet Explorer
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
# Java applets are no longer supported by browsers and may contain cookie-stealing code, similarly to JavaScript
'application/java'
];
1.37 – 1.38
| <translate> MediaWiki versions:</translate> |
$wgMimeTypeExclusions = [
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html',
# Similarly with JavaScript itself
'application/javascript', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Client-side hazards on Internet Explorer
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
];
例
If you wanted to allow html files to be uploaded:
$wgFileExtensions[] = 'html';
$wgProhibitedFileExtensions = array_diff( $wgProhibitedFileExtensions, array ('html') );
$wgMimeTypeExclusions = array_diff( $wgMimeTypeExclusions, array ('text/html') );
