Last modified: 2014-10-09 02:45:28 UTC
I was checking whether MediaWiki would let me upload HTML files (with .html filename extension) into my wiki. It wouldn't and it gave this error message: Upload warning ".html" is an unwanted file type List of allowed file types: png, gif, jpg, jpeg Where does that list of allowed types come from? I have been able to upload other file types like SVG and PDF, so that error message is misleading. The error message or the list of allowed types needs to be changed. Better yet, they should be available as configuration parameters.
This list contains the default allowed filetypes, defindes in includes/defaultSettings.php. You can configure your own list in LocalSettings.php. Add the line $wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'ppt', 'pdf', 'doc', 'mp3', 'xls', 'zip', 'pdf', 'svg', 'odt', 'ogg' ); (or what else you want to allow) Please check which files you have uploaded. I get an error when I try to upload a PDF on a fresh installed MediaWiki.
The corresponding code is: $this->uploadError( wfMsgExt( 'filetype-badtype', array ( 'parseinline' ), htmlspecialchars( $finalExt ), implode ( ', ', $wgFileExtensions ) ) ); It lists all allowed extensions. The current code works fine for me. Are you using a recent version of MediaWiki?
Sounds like your wiki is configured to disable the strict extension whitelist. This will still restrict files with extensions on the blacklist: /** * If this is turned off, users may override the warning for files not covered * by $wgFileExtensions. */ $wgStrictFileExtensions = true; Can you confirm?
Related problem: first impressions of a new user: Today I thought: I shall put a shell script on a wiki to show my friends. I find a link "Upload files" in the Special pages. It tells me that sorry, I have to give an extension for my shell script. OK, I will call it blortz.txt I suppose. Now it says "List of allowed file types: png, gif, jpg, jpeg". OH, I SEE. This is for uploading IMAGES or Whatever ONLY. Not shell scripts. Well. Why don't you be more upfront about that before the user clicks so far? Say upon the first click: right there on the upload form. And no I'm not talking about Wikipedia, but Mediawiki in general. OK, I shall wrap my shell script in <pre> and put it on a regular wiki article.
Anyway, as apparently it is no security breach to tell the user $wgFileExtensions, why not mention them in the upload form, instead of waiting for the user to guess wrong and then using it to scold them with.
The mediawiki software now does show the list of permitted extensions. https://www.mediawiki.org/wiki/Special:Upload http://git.wikimedia.org/blob/mediawiki%2Fcore.git/1a9fc607bf80d72ca5b17d6e23100402fc0cadea/includes%2Fspecials%2FSpecialUpload.php#L936