MediaWiki

Manual:$wgMimeTypeExclusions

Translate this page
Languages:
MIME types: $wgMimeTypeExclusions
MIME types to disallow if $wgVerifyMimeType is enabled.
Introduced in version:1.37.0 (Gerrit change 680806; git #4dae3b1a)
Removed in version:still in use
Allowed values:(array of MIME types (strings))
Default value:(see below)
Other settings: Alphabetical | By function

DetailsEdit

Files with these MIME types will never be allowed as uploads if $wgVerifyMimeType is enabled.

This variable was previously $wgMimeTypeBlacklist .

Default valuesEdit

MediaWiki version:
1.39
 
$wgMimeTypeExclusions = [
	# HTML may contain cookie-stealing JavaScript and web bugs
	'text/html',
	# Similarly with JavaScript itself
	'application/javascript', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
	# PHP scripts may execute arbitrary code on the server
	'application/x-php', 'text/x-php',
	# Other types that may be interpreted by some servers
	'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
	# Client-side hazards on Internet Explorer
	'text/scriptlet', 'application/x-msdownload',
	# Windows metafile, client-side vulnerability on some systems
	'application/x-msmetafile',
	# Java applets are no longer supported by browsers and may contain cookie-stealing code, similarly to JavaScript
	'application/java'
];
MediaWiki versions:
1.37 – 1.39
 
$wgMimeTypeExclusions = [
	# HTML may contain cookie-stealing JavaScript and web bugs
	'text/html',
	# Similarly with JavaScript itself
	'application/javascript', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
	# PHP scripts may execute arbitrary code on the server
	'application/x-php', 'text/x-php',
	# Other types that may be interpreted by some servers
	'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
	# Client-side hazards on Internet Explorer
	'text/scriptlet', 'application/x-msdownload',
	# Windows metafile, client-side vulnerability on some systems
	'application/x-msmetafile',
];


ExampleEdit

If you wanted to allow html files to be uploaded: 

$wgFileExtensions[] = 'html';
$wgProhibitedFileExtensions = array_diff( $wgProhibitedFileExtensions, array ('html') );
$wgMimeTypeExclusions = array_diff( $wgMimeTypeExclusions, array ('text/html') );
Retrieved from "https://www.mediawiki.org/w/index.php?title=Manual:$wgMimeTypeExclusions&oldid=5688341"