Last modified: 2014-10-09 02:45:28 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 11984 - upload file type black-/whitelist error message
upload file type black-/whitelist error message
Status: RESOLVED WORKSFORME
Product: MediaWiki
Classification: Unclassified
Uploading (Other open bugs)
1.11.x
All All
: Low minor with 2 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-14 18:52 UTC by Lance E Sloan
Modified: 2014-10-09 02:45 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Lance E Sloan 2007-11-14 18:52:26 UTC
I was checking whether MediaWiki would let me upload HTML files (with .html filename extension) into my wiki.  It wouldn't and it gave this error message:

  Upload warning
  ".html" is an unwanted file type
    List of allowed file types: png, gif, jpg, jpeg

Where does that list of allowed types come from?  I have been able to upload other file types like SVG and PDF, so that error message is misleading.  The error message or the list of allowed types needs to be changed.  Better yet, they should be available as configuration parameters.
Comment 1 Raimond Spekking 2007-11-14 19:00:09 UTC
This list contains the default allowed filetypes, defindes in includes/defaultSettings.php. You can configure your own list in LocalSettings.php.

Add the line
$wgFileExtensions      = array( 'png', 'gif', 'jpg', 'jpeg', 'ppt', 'pdf', 'doc', 'mp3', 'xls', 'zip', 'pdf', 'svg', 'odt', 'ogg' );

(or what else you want to allow)

Please check which files you have uploaded. I get an error when I try to upload a PDF on a fresh installed MediaWiki.
Comment 2 JeLuF 2007-11-16 18:28:52 UTC
The corresponding code is:

$this->uploadError( wfMsgExt( 'filetype-badtype', array ( 'parseinline' ), htmlspecialchars( $finalExt ), implode ( ', ', $wgFileExtensions ) ) );

It lists all allowed extensions. The current code works fine for me.

Are you using a recent version of MediaWiki?
Comment 3 Brion Vibber 2007-12-05 21:25:53 UTC
Sounds like your wiki is configured to disable the strict extension whitelist. This will still restrict files with extensions on the blacklist:

/**
 * If this is turned off, users may override the warning for files not covered
 * by $wgFileExtensions.
 */
$wgStrictFileExtensions = true;

Can you confirm?
Comment 4 Dan Jacobson 2008-03-09 03:39:22 UTC
Related problem: first impressions of a new user:
Today I thought: I shall put a shell script on a wiki to show my friends.

I find a link "Upload files" in the Special pages.

It tells me that sorry, I have to give an extension for my shell
script.

OK, I will call it blortz.txt I suppose.

Now it says "List of allowed file types: png, gif, jpg, jpeg".

OH, I SEE. This is for uploading IMAGES or Whatever ONLY. Not shell
scripts. Well. Why don't you be more upfront about that before the
user clicks so far? Say upon the first click: right there on the
upload form. And no I'm not talking about Wikipedia, but Mediawiki in
general.

OK, I shall wrap my shell script in <pre> and put it on a regular wiki article.
Comment 5 Dan Jacobson 2008-03-09 03:45:41 UTC
Anyway, as apparently it is no security breach to tell the user
$wgFileExtensions, why not mention them in the upload form, instead of
waiting for the user to guess wrong and then using it to scold them with.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links