Manuale:$wgFileBlacklist
From mediawiki.org
This page is a translated version of the page Manual:$wgFileBlacklist and the translation is 53% complete.
Outdated translations are marked like this.
Languages:
This feature was removed from MediaWiki core in version 1.37.0.
Please see $wgProhibitedFileExtensions for an alternative way to use this feature.
| Files and file uploads: $wgFileBlacklist | |
|---|---|
| Files with these extensions will never be allowed as uploads. |
|
| Introdotto nella versione: | 1.2.0 |
| Rimosso nella versione: | 1.37.0 (Gerrit change 680806; git #4dae3b1a) |
| Valori concessi: | (array) |
| Valore predefinito: | (vedi sotto) |
| Impostazioni: Alfabetiche | Per funzione | |
Dettagli
I file con queste estensioni mai saranno consentiti come upload se $CheckFileExtensions e impostato su true.
$wgFileBlacklist overrides $wgFileExtensions , so you must remove an extension from the blacklist before you can upload files that have it.
For instance, to allow users to upload executables, add this to LocalSettings.php :
$wgFileExtensions[] = 'exe'; $wgFileBlacklist = array_diff( $wgFileBlacklist, [ 'exe' ] ); $wgMimeTypeBlacklist = array_diff( $wgMimeTypeBlacklist, [ 'application/x-msdownload' ] );
Default values
1.35.12 (gerrit:961934, phab:T341565):
/** * Files with these extensions will never be allowed as uploads. * An array of file extensions to blacklist. You should append to this array * if you want to blacklist additional files. */ $wgFileBlacklist = [ # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'phar', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl', # T341565 'xml', ];
Versioni di MediaWiki:
1.33 – 1.36
/** * Files with these extensions will never be allowed as uploads. * An array of file extensions to blacklist. You should append to this array * if you want to blacklist additional files. */ $wgFileBlacklist = [ # HTML può contenere il furto di cookie JavaScript e web bug 'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht', # Script PHP può eseguire codice arbitrario sul server 'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'phar', # Altri tipi che possono essere interpretati da alcuni server 'shtml', 'jhtml', 'pl', 'py', 'cgi', # Possono contenere file eseguibili dannosi per Windows 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ];
Versioni di MediaWiki:
1.16 – 1.32
$wgFileBlacklist = [ # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'php5', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ];
Versioni di MediaWiki:
1.11 – 1.15
$wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'php5', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
Versioni di MediaWiki:
1.8 – 1.10
$wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'php5', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
Versione MediaWiki:
1.7
$wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
Versione MediaWiki:
1.6
$wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', 'svg', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
Versione MediaWiki:
1.5
$wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
Versione MediaWiki:
1.4
$wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
Versioni di MediaWiki:
1.2 – 1.3
$wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs "html", "htm", # PHP scripts may execute arbitrary code on the server "php", "phtml", "php3", "php4", "phps", # Other types that may be interpreted by some servers "shtml", "jhtml", "pl", "py", # May contain harmful executables for Windows victims "exe", "scr", "dll", "msi", "vbs", "bat", "com", "pif", "cmd", "vxd", "cpl" );
Vedi anche
- The filename-prefix-blacklist system message defines prohibited prefixes, to avoid non-descriptive (usually camera-generated) filenames.