Manual:$wgFileBlacklist

From MediaWiki.org
Jump to: navigation, search

Other languages:
català • ‎Deutsch • ‎English • ‎español • ‎suomi • ‎français • ‎italiano • ‎日本語 • ‎polski • ‎português • ‎português do Brasil • ‎русский • ‎తెలుగు
Uploads: $wgFileBlacklist
Files with these extensions will never be allowed as uploads.
Introduced in version: 1.2.0
Removed in version: still in use
Allowed values: array
Default value: (see below)

Other settings: Alphabetical | By Function

Details[edit | edit source]

Files with these extensions will never be allowed as uploads if $wgCheckFileExtensions is set to true.

This is the default value:

$wgFileBlacklist = array(
  # HTML may contain cookie-stealing JavaScript and web bugs
  'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht',
  # PHP scripts may execute arbitrary code on the server
  'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
  # Other types that may be interpreted by some servers
  'shtml', 'jhtml', 'pl', 'py', 'cgi',
  # May contain harmful executables for Windows victims
  'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );

$wgFileBlacklist overrides $wgFileExtensions, so you must remove an extension from the blacklist before you can upload files that have it. For instance, to allow users to upload executables, add this to LocalSettings.php:

$wgFileExtensions[] = 'exe';
$wgFileBlacklist = array_diff( $wgFileBlacklist, array ('exe') );

See also[edit | edit source]