Manual:$wgMimeTypeBlacklist

From MediaWiki.org

Jump to: navigation, search
MIME types: $wgMimeTypeBlacklist
Files with these mime types will never be allowed as uploads if $wgVerifyMimeType is enabled.
Introduced in version: 1.5.0
Removed in version: still in use
Allowed values: array of MIME types (strings)
Default value: (see below)

Other settings: Alphabetical | By Function


[edit] Details

Files with these mime types will never be allowed as uploads if $wgVerifyMimeType is enabled.

[edit] Default value

$wgMimeTypeBlacklist= array(
	# HTML may contain cookie-stealing JavaScript and web bugs
	'text/html', 'text/javascript', 'text/x-javascript',  'application/x-shellscript',
	# PHP scripts may execute arbitrary code on the server
	'application/x-php', 'text/x-php',
	# Other types that may be interpreted by some servers
	'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
	# Windows metafile, client-side vulnerability on some systems
	'application/x-msmetafile',
	# A ZIP file may be a valid Java archive containing an applet which exploits the
	# same-origin policy to steal cookies
	'application/zip',
);
  • 'application/x-msmetafile' was added in 1.5.5, 'application/zip' in 1.14
  • All other values were available since the setting was introduced in 1.5.0
Retrieved from "http://www.mediawiki.org/wiki/Manual:$wgMimeTypeBlacklist"