Manual:$wgMimeTypeBlacklist
From MediaWiki.org
| MIME types: $wgMimeTypeBlacklist | |
|---|---|
| Files with these mime types will never be allowed as uploads if $wgVerifyMimeType is enabled. |
|
| Introduced in version: | 1.5.0 |
| Removed in version: | still in use |
| Allowed values: | array of MIME types (strings) |
| Default value: | (see below) |
Other settings: Alphabetical | By Function
[edit] Details
Files with these mime types will never be allowed as uploads if $wgVerifyMimeType is enabled.
[edit] Default value
$wgMimeTypeBlacklist= array( # HTML may contain cookie-stealing JavaScript and web bugs 'text/html', 'text/javascript', 'text/x-javascript', 'application/x-shellscript', # PHP scripts may execute arbitrary code on the server 'application/x-php', 'text/x-php', # Other types that may be interpreted by some servers 'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh', # Windows metafile, client-side vulnerability on some systems 'application/x-msmetafile', # A ZIP file may be a valid Java archive containing an applet which exploits the # same-origin policy to steal cookies 'application/zip', );
- 'application/x-msmetafile' was added in 1.5.5, 'application/zip' in 1.14
- All other values were available since the setting was introduced in 1.5.0