Podręcznik:$wgMimeTypeBlacklist
Jump to navigation
Jump to search
MIME types: $wgMimeTypeBlacklist | |
---|---|
Pliki z tymi typami MIME nie będą mogły być przesyłane jeżeli włączono ustawienie $wgVerifyMimeType . |
|
Wprowadzono w wersji: | 1.5.0 |
Usunięto w wersji: | nadal w użyciu |
Dozwolone wartości: | (tablica typów MIME (strings)) |
Domyślna wartość: | (zobacz niżej) |
Inne ustawienia: Alfabetycznie | Według funkcji |
Szczegóły
Pliki z tymi typami MIME nie będą mogły być przesyłane jeżeli włączono ustawienie $wgVerifyMimeType .
Domyślna wartość
- 'application/x-opc+zip', 'application/msword', 'application/vnd.ms-powerpoint', 'application/vnd.msexcel' were blacklisted after 1.17.0 (r81376), and removed in r82783
- 'application/x-opc+zip', 'text/scriptlet', 'application/x-msdownload' wprowadzono po 1.5.5
- 'application/x-msmetafile' dodano w wersji 1.5.5
- 'application/zip' was added in 1.14 and then removed in 1.18
- Inne wartości są dostępne od momentu wprowadzenia tego ustawienia w wersji 1.5.0
Wersja MediaWiki: | ≥ 1.18 |
$wgMimeTypeBlacklist = [
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Client-side hazards on Internet Explorer
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
];
Wersja MediaWiki: | 1.17 |
$wgMimeTypeBlacklist = array(
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Client-side hazards on Internet Explorer
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
# A ZIP file may be a valid Java archive containing an applet which exploits the
# same-origin policy to steal cookies
'application/zip',
# MS Office OpenXML and other Open Package Conventions files are zip files
# and thus blacklisted just as other zip files. If you remove these entries
# from the blacklist in your local configuration, a malicious file upload
# will be able to compromise the wiki's user accounts, and the user
# accounts of any other website in the same cookie domain.
'application/x-opc+zip',
'application/msword',
'application/vnd.ms-powerpoint',
'application/vnd.msexcel',
);
Wersje MediaWiki: | 1.14 – 1.16 |
$wgMimeTypeBlacklist= array(
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Client-side hazards on Internet Explorer
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
# A ZIP file may be a valid Java archive containing an applet which exploits the
# same-origin policy to steal cookies
'application/zip',
);
Wersje MediaWiki: | 1.12 – 1.13 |
$wgMimeTypeBlacklist= array(
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Client-side hazards on Internet Explorer
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile'
);
Wersje MediaWiki: | 1.5 – 1.11 |
$wgMimeTypeBlacklist= array(
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile'
);
Example
If you wanted to allow html files to be uploaded:
$wgFileExtensions[] = 'html';
$wgFileBlacklist = array_diff( $wgFileBlacklist, array ('html') );
$wgMimeTypeBlacklist = array_diff( $wgMimeTypeBlacklist, array ('text/html') );