Manual talk:Configuring file uploads

End User

 * Who is the "end user"; someone accessing the wiki using a web browser, or a local user on the machine running the wiki?

In this case, "end user" refers to the user accessing the wiki using a web browser.

File Types

 * Are file uploads only for images, or for any type of file?

You can configure MediaWiki to accept additional file types using the $wgFileExtensions configuration setting.

Chmod

 * Shouldn't the chmod for the upload directory be 744? That gives rwxr--r--.  755 gives r-x, which I thought was what we were trying to avoid...


 * Execute privilege on directories is required to access files inside them. (Yes, this is confusing. Blame AT&T.) --Brion VIBBER 00:47, 19 February 2006 (UTC)

There are pages on this site that say 744,755,777. Could someone explain wich to use when?

The important thing is that the webserver has write access. Thus if the upload directory is owned by the webserver user ( e.g. www-data ) 755 would suffice. If the webserver is not owner, but is in the group owning the directory, 775 would be better. 777 is the extreme case where all users on the system have full access. In most cases this would not be advisable.

Making Uploads Lowercase
Does anyone have any idea how to allow files to be uploaded and named with lowercase letter, for some reason all uploaded file default to a capital letter for the first letter of the file name? 24.3.123.174 21:13, 3 May 2006 (UTC)
 * wuh. just under a year response time. Anywho: A technical limitation of Mediawiki is that all pagenames have to start with an uppercase letter. this is most likely the cause for all files beeing renamed.195.230.62.186 12:24, 2 May 2007 (UTC)

The file is corrupt or has an incorrect extension. Please check the file and upload again.
I did as mentioned.

It's a little frustrating, but it seems like mediawiki does not bother that I changed settings in localsettings.php.

I added zip as an extension, than I turned off the extension check, then I turned of mime check etc.

Still I can only upload images and no zip files.

what to do?

How I fixed it
I had to set $wgVerifyMimeType=false; in my LocalSettings.php which means my mime types are probably screwed up. Its an symptomatic fix to a bigger problem, i suspect.


 * Perhaps have a look at Manual:Mime type detection -- Duesentrieb ⇌ 11:10, 6 March 2007 (UTC)

".[FILE EXTENSION]" is not a recommended image file format.
I have set file extensions to allow wmv and avi, set $wgStrictFileExtensions=false; and $wgVerifyMimeType=false in LocalSettings.php, but get the message " ".avi" is not a recommended image file format. " (same for .wmv) when I try to upload avi (and wmv) files. Files sizes are under the cap in php.ini. I have not problems uploading static image files (eg .jpg, .png).


 * With $wgStrictFileExtensions=false, you will still get that warning, but should be able to override it ("upload anyway" or some such). $wgVerifyMimeType=false has nothing to do with this, it just tells MediaWiki not to check if the file actually is an avi file (failing that test would result in a different error message though). -- Duesentrieb ⇌ 11:45, 21 April 2007 (UTC)


 * Thanks for the speedy response. Unfortunately no override option appeared on the screen.  I just got "Upload warning" header above the "not a recommended image file format" message.  This also happened when I check "Ignore any warnings" on the upload screen.  However, I then rearranged the order of in LocalSetting.php so that $wgStrictFileExtensions=false appeared before $wgEnableUploads=true and $wgFileExtensions = ....  I can now upload video files without any difficulties.


 * Turning of $wgStrictFileExtensions seems a little dangerous. I fixed a similar problem I was having with xls files by adding the following line to mime.types:


 * application/msword xls</tt>


 * Depending upon the mime detection engine on your server, certain types are misidentified. The true solution is to fix the engine, but this is a pretty safe alternative. - dan

MUst be server pixies then. -- Duesentrieb ⇌ 13:21, 21 April 2007 (UTC)

This file is bigger than the server is configured to allow
How do you change the maximum allowed size of a file for uploading?

This is what I have in my php.ini:

upload_max_filesize = 250M
 * Maximum allowed size for uploaded files.

(default was 2 MB)


 * YOu may also have to change post_max_size or max_post_size or some such. Apache itself might also have a limit set. And keep in mind that you have to restart apache for any changes to the php configuration to take effect. -- Duesentrieb ⇌ 11:08, 6 March 2007 (UTC)

Linking to .mov files (Quick Time) won't work
After: allowing uploading of .mov files to my wiki, successfully uploading a certain .mov file and watching it from the page I've been directed to, I found my wiki won't link to it. If I type, for instance, [[Media:Example.mov]] (assuming my .mov file's named Example), I'd get a red link, leading to "Upload file" page. What am I doing wrong? --87.69.58.71 17:53, 4 November 2006 (UTC)

Upload Priviledges
Is there a way to set it so that only SysOp can upload files?
 * Try meta:Uploading_files --Flominator 07:26, 29 January 2007 (UTC)

anonymous uploads
Is there a way to allow users to upload files without logging in?

That'd be a great help for corporate environments where only a limited number of people can access the wiki (server) anyway...

In which file is variable $wgFileExtensions?
Im trying to change my extensions list, but it is not in LocalSettings? Where is it?
 * The default is set in includes/DefaultSettings.php. But you shouldn't change it here. Just copy the line into your LocalSettings.php and alter it the way you like here. The intention for this procedure is just that the DefaultSettings is responsible for everything that is NOT explicity set by yourself. Also if you like to make an update someday you won't destroy your current settings, cause the LocalSettings.php won't be touched through an update.

Check directory security
In the manual page, it says under "Check directory security" that "The upload directory needs to be configured so that it is not possible for an end user to upload and execute other scripts, which could then exploit access to your web directory and damage your wiki or web site."

Unfortunately, the PHP function that makes subdirectories is:

and many places that call this use the fault mode 0777 which is world-writable. For example, everywhere in Image.php it uses one argument calling this method, such as:

The consequence of this is that every directory recursively under images is world-writable. The files themselves seem to be fine (mode 644), however, any user who can login to the system on which the MediaWiki instance is running can copy or destroy files at will.

Can we get wfMkdirParents (and everywhere that 0777 is passed to that method) to use a mode of 0755 instead? --Caswick 21:09, 15 March 2007 (UTC)