Manual:$wgEnableUploads/en

Details
Found in the LocalSettings.php file, when set to true, users will be allowed to upload images and other enabled files. Users will see an 'Upload file' link appearing in the toolbox on the bottom-left (usually), linking to the Special:Upload page. This link appears for users with the 'upload' right (logged-in users by default).
 * field there in Special:Upload page is a case sensitive field and should be used to give descriptive filename instead of using the default one populated from source file name.
 * If a file already exists in the system with name, uploading this file without changing   will create a archive file and store the older version in   folder.

When enabling file uploads, you must also make the images directory writable by the web server, otherwise you will just see an error such as failed to open stream: Operation not permitted. Note that a web server writable directory is not insecure in itself, but can be thought of as the first half of a successful attack to your web server, as such you might like to explore alternatives using img_auth.php

'IMPORTANT: Uploads need to be set up properly in order to be secure!' There are several related configuration settings. It is recommended to read the more complete instructions at Manual:Configuring file uploads

Older versions
Prior to v1.5.0, $wgDisableUploads was used instead.