Manual:Configuring file uploads/de

MediaWiki unterstützt das Hochladen und das Einbinden von Mediendateien. Diese Seite beschreibt die technischen Aspekte dieses Features. Siehe Manual:Image Administration/de und Help:Images/de für allgemeine Anwendungsinformationen.

Beginnend mit MediaWiki Version 1.1 ist das Hochladen aus Sicherheitsgründen standardmäßig abgeschaltet. Das Hochladen kann mit einer Konfigurationseinstellung angeschaltet werden. Es empfiehlt sich jedoch, zunächst mehrere Voraussetzungen zu überprüfen.

Stelle sicher, dass das Hochladen in PHP angeschaltet ist
Folgendes muss in der  gesetzt sein (die unter ,  ,   oder   (openSUSE 11.2),   oder bei Windows  unter   zu finden ist):

Wenn das nicht gesetzt ist, können PHP-Skripte nicht die Hochladen-Funktion nutzen und das Hochladen wird im MediaWiki nicht funktionieren.

Wenn der -Befehl gesetzt ist, muss er das Zielverzeichnis für das Hochladen in der MediaWiki-Installation  und das  -Verzeichnis (das ist das Standardverzeichnis, wenn nicht anders konfiguriert). Das Hinzufügen der  kann die Meldung   vermeiden (worin in diesem Beispiel   die   ist. Lies mehr über das Hochladen von Dateien mit PHP in den File upload basics (englisch) und spezieller unter move_uploaded_file (englisch).

Prüfungen für Windows- und IIS-Benutzer
Setze für %SystemRoot%\TEMP die Rechte als Internetgastaccount (IUSR_Rechnername, oder IUSR für IIS 7+): Lesen, Schreiben und Ausführen;

Prüfe die Verzeichnissicherheit
Das Hochladeverzeichnis muss so konfiguriert sein, dass es einem Endbenutzer (jemand, der sich das Wiki mit einem Browser ansieht) nicht möglich ist, andere Skripte hochzuladen und auszuführen, weil das sonst einen Exploit-Zugang zu Deinem Webverzeichnis ermöglichen könnte und das Wiki oder die Webseite zerstört werden könnten.

Setze das -Verzeichnis (oder das  -Verzeichnis in früheren Versionen) auf die Berechtigung  :
 * User kann lesen, schreiben und ausführen;
 * Group kann lesen und ausführen;
 * World kann lesen und ausführen.

Wenn Du  verwendest, stelle sicher, dass das Verzeichnis dem Benutzer gehört, der das PHP-Skript laufen lässt (das ist der Apache-Benutzer oder, bei suphp, der Skriptbesitzer).

Wenn Du SELinux verwendest, stelle sicher, dass die ACLs entsprechend eingestellt sind (siehe dort).

Wenn Du suphp verwendest, stelle sicher, dass  in der   auf   (oder weniger) gesetzt ist.

Beschränke die Anzeige von Verzeichnissen im Bilderverzeichnis
Wenn Du nicht allen Benutzern ermöglichen willst, Dein Bilderverzeichnis einzusehen, könntest Du das in Deiner Apachekonfiguration verhindern:

Das Hochladen An- und Ausschalten
In MediaWiki Version 1.5 und später steht das zu setzenden Attribut in der  und   wird so gesetzt:

Das ermöglicht das Hochladen. Um das Hochladen zu unterbinden, muss man das Attribut auf FALSE setzen:

In älteren Versionen der Software steht das zu setzende Attribut auch in der, wird aber andersherum verwendet, mittels. Der Standard sieht so aus:

Den Wert umkehren, um das Hochladen zu ermöglichen:

Hochladerechte
… $wgGroupPermissions['user']['upload'] = false;
 * To create a special group called "uploadaccess", and allow members of that group to upload files: $wgGroupPermissions['uploadaccess']['upload'] = true;
 * To allow "autoconfirmed" (non-newbie) users to upload files: $wgGroupPermissions['autoconfirmed']['upload'] = true;

The right to replace existing files is handled by an extra permission, called reupload:
 * To prevent normal users from overriding existing files: $wgGroupPermissions['user']['reupload'] = false;
 * To allow "autoconfirmed" (non-newbie) users to replace existing files: $wgGroupPermissions['autoconfirmed']['reupload'] = true;</tt>

If a ForeignFileRepo is set, the right to replace those files locally is handled by an special permission, called reupload-shared</tt>:
 * To prevent normal users from overriding filerepo files locally: $wgGroupPermissions['user']['reupload-shared'] = false;</tt>
 * To allow "autoconfirmed" (non-newbie) users to replace filerepo files locally: $wgGroupPermissions['autoconfirmed']['reupload-shared'] = true;</tt>

See Manual:User rights for details on user rights, and Manual:Preventing access for more information about restricting access.

Configuring file types
You can add $wgFileExtensions in LocalSettings.php to allow uploads of other desired file types. For example, you can change the $wgFileExtensions line to look something like or or However, certain file extensions are blacklisted ($wgFileBlacklist) and cannot be uploaded even if added to $wgFileExtensions. To upload files with blacklisted extensions, you must modify the blacklist. For instance, to allow users to upload executables: In addition, $wgMimeTypeBlacklist prevents certain file types based on MIME type; .zip files, for example, are prohibited based on MIME type (as of MediaWiki version 1.14).

You can also set $wgStrictFileExtensions to allow most types of file to be uploaded. However, blacklisted filetypes and MIME types will still not be permitted.

If you are getting the error "The file is corrupt or has an incorrect extension", make sure mime type detection is working properly.

If you decide to allow any kind of file, make sure your mime detection is working and think about enabling virus scans for uploads.

Logon
By default anonymous uploads are not allowed. You must register and logon before the upload file option appears in the toolbox.

Thumbnailing
For information about automatic rendering/thumbnailing of images, see Manual:Image_thumbnailing. For problems with thumbnailing, see Image Thumbnails not working and/or appearing.

If the file is not visual (like an Image or Video) a fileicon is used instead. These are generated by the  function in the File class in the FileRepo group. Icons stored in " " in a " "-format.

Set maximum size for file uploads
By default PHP allows uploaded files to be no more than 2 megabytes large. If you want to upload even larger files, change two parameters in the php.ini config file:
 * post_max_size, 8 megabytes large by default
 * upload_max_filesize, 2 megabytes large by default

This may require root access to the server. (If you are on a shared host, contact your server administrator.)

The location of the php.ini file varies on the distribution you are using. (Try "locate php.ini" or "php -i" to find the location of your config file.)
 * Locating the php.ini file

It is important to change the php.ini file in the apache2 folder. For example, there may be a core default php.ini at /etc/php5/cli/php.ini as well as one at /etc/php5/apache2/php.ini. It is the php.ini file in /etc/php5/apache2 that is important to change.

If you have more than one website hosted on a server and want to change only for Mediawiki, insert into your /etc/apache2/sites-enabled/your_wiki_site.com inside <Virtual Host>:
 * Multiple websites hosted on a server

Both above settings also work in a .htaccess file.


 * web server limits

Your web server may impose further limits on the size of files allowed for upload. For Apache, one of the relevant settings is LimitRequestBody. For Nginx, client_max_body_size is the relevant setting.

You may need to restart Apache or IIS after altering your PHP or web server configuration. (sudo /etc/init.d/apache2 restart in Linux, for example.)


 * uploading too large of files warning

MediaWiki itself issues a warning if you try to upload files larger than what is specified by $wgUploadSizeWarning option. This is independent of the hard limit imposed by PHP. MediaWiki also has a $wgMaxUploadSize option, but that is currently not enforced for normal uploads (when uploading a local file). The only way of restricting the upload size is through the use of modifying the php configuration.

Temporary changes to upload limits (when using multiple wikis on a farm, for example) can be altered by adding the lines:
 * temporary upload limits

to the MediaWiki LocalSettings.php configuration file for each wiki. In this example the PHP limit is set at 50 Mb. Note that these settings will not override the maximum settings set above (since the core php.ini and apache2 php.ini files set the absolute maximum). This method sets maximums that are less than the absolute maximum.


 * IIS7 upload limit

By default, IIS7 on Windows 2008 allows only 30MB to be uploaded via a web application. Larger files will return a 404 error after the upload. If you have this problem, you can solve it by increasing the maximum file size by adding the following code to <system.webServer> in the web.config file:

<requestFiltering> <requestLimits maxAllowedContentLength=”50000000″ /> </requestFiltering>

With the above maxAllowedContentLength, users can upload files that are 50,000,000 bytes (50 MB) in size. This setting will work immediately without restarting IIS services. The web.config file is located in the root directory of your web site.

To allow uploading files up to 2G:

add the following lines to LocalSettings.ini:

Also, modify the following lines in PHP.INI:

In the IIS web.config file, override the value of maxRequestLength. For example, the following entry in web.config allows files that are less than or equal to 2 gigabytes (GB) to be uploaded:

<httpRuntime maxRequestLength="2097151" executionTimeout="18000"/>

With IIS 7, you also need to configure it to allow large uploads. This is found by clicking “Request Filtering > Edit Feature Settings” in the IIS section in the middle of the window. Set the ”Maximum allowed content length (Bytes)” field to 2147482624. If you don’t see "Request Filtering" in the IIS section, it needs enabled via Internet Information Services > World Wide Web Services > Security in the "Turn Windows features on or off" area in Control Panel.

If the above tip does not enable large uploads, then open a command prompt and execute this command as well:

%windir%\system32\inetsrv\appcmd set config -section:requestFiltering -requestLimits.maxAllowedContentLength: 2147482624

Uploading directly from a URL ("Sideloading")
If you want to allow a user to directly upload files from a URL, instead of from a file on their local computer, set $wgAllowCopyUploads = true</tt>. On the upload form, you will then see an additional field for the URL, below the usual filename field. The URL field is greyed out per default, but can be activated by activating the radiobutton (checkbox) to the left of the field.

In order to use this feature, users must have the user right upload_by_url</tt>, which is granted only to sysops per default. To allow this to normal users, set </tt>$wgGroupPermissions['user']['upload_by_url'] = true</tt>. Keep in mind that allowing uploads directly from an arbitrary location on the web makes it easier to upload random, unwanted material, and it might be misunderstood as an invitation to upload anything that people might come across on the web.

Undeleting images
Undeleting images is possible as an option since MediaWiki 1.8, and enabled per default since MediaWiki 1.11.

Prior to MediaWiki 1.11, you can enable undeletion of images by setting $wgSaveDeletedFiles = true. Since version 1.11, the behavior is controlled by $wgFileStore, and deleted files are per default stored in $wgUploadDirectory/deleted. Since version 1.17, $wgFileStore has been deprecated and $wgDeletedDirectory should be used instead.

Mass uploading
A number of tools are available for uploading multiple files in one go rather than each file separately: -->
 * Extension:MultiUpload
 * Extension:SpecialUploadLocal (works up to 1.16). Requires FTP access.
 * Extension:SpecialMultiUploadViaZip
 * Commonist (external link to Wiki Commons). Requires file upload via API.PHP.
 * with python:
 * Uploadmultiple.py
 * imageharvest.py copy multiple images to a wiki from a specified URL.
 * imagetransfer.py copies images to another wiki
 * importImages.php "Place the files on the server in a readable location and execute the maintenance/ importImages.php script from the command line."
 * User:Nichalp/Upload script
 * Commons:File upload service/Script, deprecated.
 * User:File_Upload_Bot_(Kernigh)

Siehe auch

 * Manual:Configuration settings für eine Liste aller Konfigurationsvariablen, die mit dem Hochladen zu tun haben
 * Category:Upload variables - ähnliche Liste als Kategorie (alphabetisch sortiert)
 * Die siehst eine leere Seite wenn Du versuchst, eine Datei hochzuladen