| Files and file uploads: $wgFileBlacklist | ||
| Files with these extensions will never be allowed as uploads. | ||
| Introduced in version: | 1.2.0 | |
| Removed in version: | still in use | |
| Allowed values: | (array) | |
| Default value: | (see below) | |
| Other settings: Alphabetical | By function | ||
Details
이들 확장자를 가진 파일은 업로드가 허용되지 않습니다.
$wgFileBlacklist가 $wgFileExtensions를 덮어쓰므로, 블랙리스트에서 확장자를 제거해야 그 확장자를 가지는 파일을 업로드할 수 있습니다. 예를 들어, 사용자에게 실행-파일을 업로드하도록 허용하기 위해, LocalSettings.php에 다음을 추가하십시오:
$wgFileExtensions[] = 'exe';
$wgFileBlacklist = array_diff( $wgFileBlacklist, array ('exe') );
$wgMimeTypeBlacklist = array_diff( $wgMimeTypeBlacklist, array ('application/x-msdownload') );
Default values
| MediaWiki version: |
≥ 1.33
|
/**
* Files with these extensions will never be allowed as uploads.
* An array of file extensions to blacklist. You should append to this array
* if you want to blacklist additional files.
*/
$wgFileBlacklist = [
# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht',
# PHP scripts may execute arbitrary code on the server
'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'phar',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ];
| MediaWiki versions: |
1.16 – 1.32
|
$wgFileBlacklist = [
# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht',
# PHP scripts may execute arbitrary code on the server
'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ];
| MediaWiki versions: |
1.11 – 1.15
|
$wgFileBlacklist = array(
# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm', 'js', 'jsb', 'mhtml', 'mht',
# PHP scripts may execute arbitrary code on the server
'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
| MediaWiki versions: |
1.8 – 1.10
|
$wgFileBlacklist = array(
# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm', 'js', 'jsb',
# PHP scripts may execute arbitrary code on the server
'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
| MediaWiki version: |
1.7
|
$wgFileBlacklist = array(
# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm', 'js', 'jsb',
# PHP scripts may execute arbitrary code on the server
'php', 'phtml', 'php3', 'php4', 'phps',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
| MediaWiki version: |
1.6
|
$wgFileBlacklist = array(
# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm', 'js', 'jsb', 'svg',
# PHP scripts may execute arbitrary code on the server
'php', 'phtml', 'php3', 'php4', 'phps',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
| MediaWiki version: |
1.5
|
$wgFileBlacklist = array(
# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm', 'js', 'jsb',
# PHP scripts may execute arbitrary code on the server
'php', 'phtml', 'php3', 'php4', 'phps',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
| MediaWiki version: |
1.4
|
$wgFileBlacklist = array(
# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm',
# PHP scripts may execute arbitrary code on the server
'php', 'phtml', 'php3', 'php4', 'phps',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
| MediaWiki versions: |
1.2 – 1.3
|
$wgFileBlacklist = array(
# HTML may contain cookie-stealing JavaScript and web bugs
"html", "htm",
# PHP scripts may execute arbitrary code on the server
"php", "phtml", "php3", "php4", "phps",
# Other types that may be interpreted by some servers
"shtml", "jhtml", "pl", "py",
# May contain harmful executables for Windows victims
"exe", "scr", "dll", "msi", "vbs", "bat", "com", "pif", "cmd", "vxd", "cpl" );
See also
- Manual:$wgFileExtensions
- Manual:$wgMimeTypeBlacklist
- Manual:MIME type detection
- filename-prefix-blacklist 시스템 메시지는 비설명적인 (보통 카메라-생성된) 파일이름을 피하기 위해 금지된 접두사를 정의합니다.