Manual:$wgMimeTypeExclusions/zh
Appearance
MIME类型: $wgMimeTypeExclusions | |
---|---|
MIME types to disallow if $wgVerifyMimeType is enabled. |
|
引进版本: | 1.37.0 (Gerrit change 680806; git #4dae3b1a) |
移除版本: | 仍在使用 |
允许的值: | (MIME类型(字符串)的数组) |
默认值: | (参见下方) |
其他设置: 按首字母排序 | 按功能排序 |
细节
Files with these MIME types will never be allowed as uploads if $wgVerifyMimeType is enabled.
这个变量以前是$wgMimeTypeBlacklist 。
默认值
MediaWiki版本: | ≥ 1.41 |
- 1.39.5 (gerrit:961942, phab:T341565)
- 1.40.1 (gerrit:961949, phab:T341565)
$wgMimeTypeExclusions = [
# HTML 可能含有窃取cookie的Javascript或web漏洞
'text/html',
# JavaScript也一样
'application/javascript', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP 脚本可能在服务器上执行任意代码
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Client-side hazards on Internet Explorer
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
# Files that look like java files
'application/java',
# XML files generally - T341565
'application/xml', 'text/xml',
];
MediaWiki版本: | 1.39 – 1.40 |
$wgMimeTypeExclusions = [
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html',
# Similarly with JavaScript itself
'application/javascript', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Client-side hazards on Internet Explorer
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
# Java applets are no longer supported by browsers and may contain cookie-stealing code, similarly to JavaScript
'application/java'
];
MediaWiki版本: | 1.37 – 1.38 |
$wgMimeTypeExclusions = [
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html',
# Similarly with JavaScript itself
'application/javascript', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Client-side hazards on Internet Explorer
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
];
示例
如果你想允许上传HTML文件:
$wgFileExtensions[] = 'html';
$wgProhibitedFileExtensions = array_diff( $wgProhibitedFileExtensions, [ 'html' ] );
$wgMimeTypeExclusions = array_diff( $wgMimeTypeExclusions, [ 'text/html' ] ) );