Руководство:Настройка загрузки файлов

В php.ini должно быть указано следующее:

file_uploads = On

Если этот параметр не активирован - PHP-скрипты не смогут использовать функции загрузки файлов.

Если задана директива open_basedir, она должна содержать как папку загрузки назначения в вашей установленной MediaWiki («{$IP}/images»), так и папку «upload_tmp_dir» (системная папка по умолчанию, если она не установлена). If this is in effect, also check if your hoster has properly configured 'sys_temp_dir', because sometimes they forget about that as well and you cannot write temporary files at all (upload, session or any other tmp file).

Добавление 'upload_tmp_dir' может избежать сообщений типа Не удалось найти файл "/var/tmp/php31aWnF" (где в этом примере 'upload_tmp_dir' есть '/var/tmp'). Подробнее о загрузке файлов в PHP читайте Основы загрузки файлов и, в частности, move_uploaded_file().

Права доступа на каталог загрузки должны быть настроены так, чтобы обычный пользователь не имел возможности загрузить и выполнить другие скрипты, способные навредить вашему сайту.

See Manual:Security#Upload security for changes to make to your webserver configuration to prevent uploaded files from executing code or having browsers execute malicious files.

        <Directory /var/www/wiki/images>
                Options -Indexes
        </Directory>

The images directory in the MediaWiki installation folder contains an .htaccess file with some configurations on it. The goal of this file is to make the upload folder more secure, and if you place your upload directory somewhere else, it's recommended to also copy the .htaccess file to the new location, or apply that configuration on the server directly. However, some of those configurations may cause conflicts or errors, depending on how the server is configured.

If that's the case, you should comment-out the lines, and apply those directives directly on the server configuration files. The directives that are most likely causing the problems are AddType —which prevents HTML and PHP files from being served as HTML—, and php_admin_flag —which would prevent PHP files from being parsed and executed on the server as such.

В MediaWiki версии 1.5 и более поздних устанавливаемый атрибут находится в LocalSettings.php , где значение параметра $wgEnableUploads нужно установить следующим образом:

$wgEnableUploads = true; # Разрешить загрузку файлов

Чтобы отключить возможность загрузки файлов, установите значение параметра в false:

$wgEnableUploads = false; # Запретить загрузку файлов

По-умолчанию, все зарегистрированные пользователи могут загружать файлы. Чтобы ограничить это - измените значение параметра $wgGroupPermissions :

$wgGroupPermissions['user']['upload'] = false;

$wgGroupPermissions['uploadaccess']['upload'] = true;

$wgGroupPermissions['autoconfirmed']['upload'] = true;

Право заменять существующие файлы даётся разрешением - reupload:

$wgGroupPermissions['user']['reupload'] = false;

$wgGroupPermissions['autoconfirmed']['reupload'] = true;

$wgGroupPermissions['user']['reupload-shared'] = false;

$wgGroupPermissions['autoconfirmed']['reupload-shared'] = true;

Подробнее о правах пользователей смотрите Руководство:Права пользователя , а для получения информации об ограничении доступа — Руководство:Ограничение доступа .

Чтобы разрешить загрузку какого-либо типа файлов, добавьте его расширение $wgFileExtensions в LocalSettings.php . К примеру, параметр $wgFileExtensions может выглядеть так

$wgFileExtensions = [ 'png', 'gif', 'jpg', 'jpeg', 'doc',
	'xls', 'mpp', 'pdf', 'ppt', 'tiff', 'bmp', 'docx', 'xlsx',
	'pptx', 'ps', 'odt', 'ods', 'odp', 'odg'
];

или

$wgFileExtensions = array_merge( $wgFileExtensions, [
	'doc', 'xls', 'mpp', 'pdf', 'ppt', 'xlsx', 'jpg', 
	'tiff', 'odt', 'odg', 'ods', 'odp'
] );

или

# Добавление новых типов файлов к уже существующим в DefaultSettings.php
$wgFileExtensions[] = 'docx';
$wgFileExtensions[] = 'xls';
$wgFileExtensions[] = 'pdf';
$wgFileExtensions[] = 'mpp';
$wgFileExtensions[] = 'odt';
$wgFileExtensions[] = 'ods';

However, certain file extensions are prohibited ($wgProhibitedFileExtensions , formerly $wgFileBlacklist for MediaWiki 1.36 and earlier) and cannot be uploaded even if added to $wgFileExtensions. To upload files with prohibited extensions, you must modify $wgProhibitedFileExtensions . For instance, to allow users to upload Windows executables:

$wgFileExtensions[] = 'exe';
$wgProhibitedFileExtensions = array_diff( $wgProhibitedFileExtensions, [ 'exe' ] );

Вы также можете установить $wgStrictFileExtensions

$wgStrictFileExtensions = false;

Если вы получаете ошибку "The file is corrupt or has an incorrect extension", убедитесь что определение MIME типов работает корректно.

$wgFileExtensions[] = 'zip';
// $wgTrustedMediaFormats[] = 'ARCHIVE';
$wgTrustedMediaFormats[] = 'application/zip';

By default anonymous uploads are not allowed. You must register and log in before the upload file link appears in the toolbox.

Для получения информации об автоматической генерации миниатюр, смотрите Создание миниатюр изображений . For problems with thumbnailing, see Image Thumbnails not working and/or appearing.

If the file is not visual (like an Image or Video) a fileicon is used instead. These are generated by the iconThumb() function in the File class in the FileRepo group. Icons stored in "$wgStyleDirectory/common/images/icons/" in a "fileicon-$extension.png"-format.

По умолчанию настройки php.ini ограничивает размер загружаемых файлов до 2 мегабайт (и максимальный размер операции отправки до 8 мегабайт). Если необходимо загрузить файл большего размера, измените параметр post_max_size в php.ini^[1] и upload_max_filesize^[2].

Для этого могут потребоваться права администратора - если же ваш сайт находится на стороннем сервере, обратитесь к техподдержке хостинга.

Locating the php.ini file

The location of the php.ini file varies on the distribution you are using. See Manual:Php.ini for instructions for locating the correct php.ini used by your web server (as opposed to the php.ini used by the command line binary).

Multiple websites hosted on a server

php_value upload_max_filesize 100M
php_value post_max_size 100M

Both above settings also work in a .htaccess file if your site uses mod_php. If your site uses PHP >= 5.3 and allows it, you can place php.ini directives in .user.ini files instead.

web server limits

Your web server may impose further limits on the size of files allowed for upload. For Apache, one of the relevant settings is LimitRequestBody. ^[3] For Nginx, client_max_body_size is the relevant setting.^[4] For Lighttpd, server.max-request-size is what may need modification.^[5]

Ubuntu 16.04: sudo service apache2 restart

uploading too large of files warning

MediaWiki покажет предупреждение, если вы попытаетесь загрузить файл, размером превышающем установленный лимит в параметре $wgUploadSizeWarning . Это ограничение не зависит от жёсткого лимита PHP.

temporary upload limits

ini_set( 'post_max_size', '50M' );
ini_set( 'upload_max_filesize', '50M' );

to the MediaWiki LocalSettings.php configuration file for each wiki. In this example the PHP limit is set at 50 Mb. Note that these settings will not override the maximum settings set above (since the core php.ini and apache2 php.ini files set the absolute maximum). This method sets maximums that are less than the absolute maximum.

IIS7 лимит загруки

<security>
  <requestFiltering>
    <requestLimits maxAllowedContentLength="50000000" />
  </requestFiltering>
</security>

With the above maxAllowedContentLength, users can upload files that are 50,000,000 bytes (50 MB) in size. This setting will work immediately without restarting IIS services. The web.config file is located in the root directory of your web site.

$wgUploadSizeWarning = 2147483647;
$wgMaxUploadSize = 2147483647;

memory_limit = 2048M (this line may not be necessary)
post_max_size = 2048M
upload_max_filesize = 2048M

In the IIS web.config file, override the value of maxRequestLength. For example, the following entry in web.config allows files that are less than or equal to 2 gigabytes (GB) to be uploaded:

<httpRuntime maxRequestLength="2097151" executionTimeout="18000"/>

With IIS 7, you also need to configure it to allow large uploads. This is found by clicking “Request Filtering > Edit Feature Settings” in the IIS section in the middle of the window. Set the ”Maximum allowed content length (Bytes)” field to 2147482624. If you don’t see "Request Filtering" in the IIS section, it needs enabled via Internet Information Services > World Wide Web Services > Security in the "Turn Windows features on or off" area in Control Panel.

%windir%\system32\inetsrv\appcmd set config -section:requestFiltering -requestLimits.maxAllowedContentLength: 2147482624

By default, MediaWiki will scan all uploads that appear to be ZIP archives and reject any that contain Java .class files. This is a security measure to prevent users uploading a malicious Java applet. For non-public sites only, use the following to disable this check:

$wgAllowJavaUploads = true;

This setting can be used as a work around for allowing MIME types to be accepted indiscriminately. For example, if you attempt to upload a .doc file created by Word 2007, no matter the text list you provide and MIME type checking you invoke or prohibit, you will receive the message:

.doc files saved by Word 2007 (and possibly later versions) contain a small embedded ZIP archive storing metadata that is not representable in the binary .doc format as used by earlier versions of Word. This embedded ZIP data confuses the Java archive scanner, causing the .doc file to be rejected. Files in the newer .docx file format are valid ZIP archives in their entirety, and can be uploaded successfully without setting $wgAllowJavaUploads .

Если вы хотите разрешить пользователям загружать файлы напрямую с других сайтов, вместо копирования файла на локальный компьютер, установите $wgAllowCopyUploads = true.

By default, upload by URL are only possible using the API (or extensions such as UploadWizard ). To make the option usable from Special:Upload, you need to set $wgCopyUploadsFromSpecialUpload to true as well. On the upload form, you will then see an additional field for the URL, below the usual filename field. The URL field is greyed out per default, but can be activated by activating the radiobutton (checkbox) to the left of the field.

In order to use this feature, users must have the user right upload_by_url. This right was granted to sysops by default until MediaWiki 1.20 but it now needs to be granted explicitly. To allow this to normal users, set

 $wgGroupPermissions['user']['upload_by_url'] = true;

/*
 * Proxy to use for CURL requests.
 */
if ( isset( $_ENV['http_proxy'] )) $wgHTTPProxy = $_ENV['http_proxy'];

This page is stored and can be edited like any other page.

These are stored in the thumb directory of the image directory, in a separate directory for each main file.

If $wgHashedUploadDirectory is set to true, uploaded files will be distributed into sub-directories of $wgUploadDirectory based on the first two characters of the md5 hash of the filename. (e.g. $IP/images/a/ab/foo.jpg) Creation of such subdirectories is handled automatically. This is used to avoid having too many files in one folder because some filesystems don't perform well with large numbers of files in one folder.

For that case you can edit MediaWiki:Uploadtext contents and provide your own text. If your wiki site is multilanguage don't forget to edit localized versions like MediaWiki:Uploadtext/de.

On the MediaWiki:Licenses page you can customize a drop-down list of licenses for uploads of your site. See the documentation of this feature.

Take into account that localized versions like MediaWiki:Licenses/de won't work by default. To enable them you must configure the $wgForceUIMsgAsContentMsg variable.

Запуск MediaWiki на сервере Windows имеет некоторые ограничения в разрешенных именах файлов из-за ошибки PHP. PHP не может корректно обрабатывать имена файлов с не-ascii-символами, а MediaWiki будет отказываться загружать файлы, содержащие такие символы, чтобы предотвратить прерывистую загрузку (задача T3780), с сообщением Эта вики не поддерживает имена файлов с символами, отсутствующими в таблице ASCII..

If $wgDBname contains non-alphanumeric characters, uploads may fail with errors like Could not create directory "mwstore://local-backend/local-public/<path>".. This is caused by an internal check for valid container name for file backend, but it's constructed using $wgDBname.

• Категория:Переменные загрузки - similar list as a category (ordered alphabetically)