Last modified: 2014-10-09 02:45:28 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T13984, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 11984 - upload file type black-/whitelist error message
upload file type black-/whitelist error message
Status: RESOLVED WORKSFORME
Product: MediaWiki
Classification: Unclassified
Uploading (Other open bugs)
1.11.x
All All
: Low minor with 2 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-14 18:52 UTC by Lance E Sloan
Modified: 2014-10-09 02:45 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Lance E Sloan 2007-11-14 18:52:26 UTC
I was checking whether MediaWiki would let me upload HTML files (with .html filename extension) into my wiki.  It wouldn't and it gave this error message:

  Upload warning
  ".html" is an unwanted file type
    List of allowed file types: png, gif, jpg, jpeg

Where does that list of allowed types come from?  I have been able to upload other file types like SVG and PDF, so that error message is misleading.  The error message or the list of allowed types needs to be changed.  Better yet, they should be available as configuration parameters.
Comment 1 Raimond Spekking 2007-11-14 19:00:09 UTC
This list contains the default allowed filetypes, defindes in includes/defaultSettings.php. You can configure your own list in LocalSettings.php.

Add the line
$wgFileExtensions      = array( 'png', 'gif', 'jpg', 'jpeg', 'ppt', 'pdf', 'doc', 'mp3', 'xls', 'zip', 'pdf', 'svg', 'odt', 'ogg' );

(or what else you want to allow)

Please check which files you have uploaded. I get an error when I try to upload a PDF on a fresh installed MediaWiki.
Comment 2 JeLuF 2007-11-16 18:28:52 UTC
The corresponding code is:

$this->uploadError( wfMsgExt( 'filetype-badtype', array ( 'parseinline' ), htmlspecialchars( $finalExt ), implode ( ', ', $wgFileExtensions ) ) );

It lists all allowed extensions. The current code works fine for me.

Are you using a recent version of MediaWiki?
Comment 3 Brion Vibber 2007-12-05 21:25:53 UTC
Sounds like your wiki is configured to disable the strict extension whitelist. This will still restrict files with extensions on the blacklist:

/**
 * If this is turned off, users may override the warning for files not covered
 * by $wgFileExtensions.
 */
$wgStrictFileExtensions = true;

Can you confirm?
Comment 4 Dan Jacobson 2008-03-09 03:39:22 UTC
Related problem: first impressions of a new user:
Today I thought: I shall put a shell script on a wiki to show my friends.

I find a link "Upload files" in the Special pages.

It tells me that sorry, I have to give an extension for my shell
script.

OK, I will call it blortz.txt I suppose.

Now it says "List of allowed file types: png, gif, jpg, jpeg".

OH, I SEE. This is for uploading IMAGES or Whatever ONLY. Not shell
scripts. Well. Why don't you be more upfront about that before the
user clicks so far? Say upon the first click: right there on the
upload form. And no I'm not talking about Wikipedia, but Mediawiki in
general.

OK, I shall wrap my shell script in <pre> and put it on a regular wiki article.
Comment 5 Dan Jacobson 2008-03-09 03:45:41 UTC
Anyway, as apparently it is no security breach to tell the user
$wgFileExtensions, why not mention them in the upload form, instead of
waiting for the user to guess wrong and then using it to scold them with.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links