| MIME types: $wgMimeTypeExclusions | |
|---|---|
| MIME types to disallow if $wgVerifyMimeType is enabled. |
|
| Introduced in version: | 1.37.0 (Gerrit change 680806; git #4dae3b1a) |
| Removed in version: | still in use |
| Allowed values: | (array of MIME types (strings)) |
| Default value: | (see below) |
| Other settings: Alphabetical | By function | |
Details
Files with these MIME types will never be allowed as uploads if $wgVerifyMimeType is enabled.
This variable was previously $wgMimeTypeBlacklist.
Default values
| MediaWiki version: | ≥ 1.39 |
$wgMimeTypeExclusions = [
# <translate nowrap><!--T:8--> HTML may contain cookie-stealing JavaScript and web bugs</translate>
'text/html',
# <translate nowrap><!--T:9--> Similarly with JavaScript itself</translate>
'application/javascript', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# <translate nowrap><!--T:10--> PHP scripts may execute arbitrary code on the server</translate>
'application/x-php', 'text/x-php',
# <translate nowrap><!--T:11--> Other types that may be interpreted by some servers</translate>
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# <translate nowrap><!--T:12--> Client-side hazards on Internet Explorer</translate>
'text/scriptlet', 'application/x-msdownload',
# <translate nowrap><!--T:13--> Windows metafile, client-side vulnerability on some systems</translate>
'application/x-msmetafile',
# <translate nowrap><!--T:16--> Java applets are no longer supported by browsers and may contain cookie-stealing code, similarly to JavaScript</translate>
'application/java'
];
| MediaWiki versions: | 1.37 – 1.39 |
$wgMimeTypeExclusions = [
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html',
# Similarly with JavaScript itself
'application/javascript', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Client-side hazards on Internet Explorer
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
];
Example
If you wanted to allow html files to be uploaded:
$wgFileExtensions[] = 'html';
$wgProhibitedFileExtensions = array_diff( $wgProhibitedFileExtensions, array ('html') );
$wgMimeTypeExclusions = array_diff( $wgMimeTypeExclusions, array ('text/html') );
This article is issued from Mediawiki. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.