手册:$wgProhibitedFileExtensions
文件及文件上传: $wgProhibitedFileExtensions | |
---|---|
不允许上传具有这些扩展名的文件。 |
|
引进版本: | 1.37.0 (Gerrit change 680806; git #4dae3b1a) |
移除版本: | 仍在使用 |
允许的值: | (数组) |
默认值: | (见下文) |
其他设置: 按首字母排序 | 按功能排序 |
详情
具有这些扩展名的文件将不允许被上传。
$wgProhibitedFileExtensions
优先于$wgFileExtensions
,您必须先从黑名单中移除该拓展名,然后才能上传具有该拓展名的文件。
For instance, to allow users to upload executables, add this to LocalSettings.php :
$wgFileExtensions[] = 'exe';
$wgProhibitedFileExtensions = array_diff(
$wgProhibitedFileExtensions,
[ 'exe' ]
);
$wgMimeTypeExclusions = array_diff(
$wgMimeTypeExclusions,
[ 'application/x-msdownload' ]
);
This configuration parameter used previously was wgFileBlacklist .
默认值
MediaWiki版本: | ≥ 1.37 |
/**
* Files with these extensions will never be allowed as uploads.
* An array of file extensions to blacklist. You should append to this array
* if you want to blacklist additional files.
*/
$wgProhibitedFileExtensions = [
# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht',
# PHP scripts may execute arbitrary code on the server
'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'phar',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl'
];
另见
- The filename-prefix-blacklist system message defines prohibited prefixes, to avoid non-descriptive (usually camera-generated) filenames.