Last modified: 2014-10-09 02:45:28 UTC
I was checking whether MediaWiki would let me upload HTML files (with .html filename extension) into my wiki. It wouldn't and it gave this error message:
".html" is an unwanted file type
List of allowed file types: png, gif, jpg, jpeg
Where does that list of allowed types come from? I have been able to upload other file types like SVG and PDF, so that error message is misleading. The error message or the list of allowed types needs to be changed. Better yet, they should be available as configuration parameters.
This list contains the default allowed filetypes, defindes in includes/defaultSettings.php. You can configure your own list in LocalSettings.php.
Add the line
$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'ppt', 'pdf', 'doc', 'mp3', 'xls', 'zip', 'pdf', 'svg', 'odt', 'ogg' );
(or what else you want to allow)
Please check which files you have uploaded. I get an error when I try to upload a PDF on a fresh installed MediaWiki.
The corresponding code is:
$this->uploadError( wfMsgExt( 'filetype-badtype', array ( 'parseinline' ), htmlspecialchars( $finalExt ), implode ( ', ', $wgFileExtensions ) ) );
It lists all allowed extensions. The current code works fine for me.
Are you using a recent version of MediaWiki?
Sounds like your wiki is configured to disable the strict extension whitelist. This will still restrict files with extensions on the blacklist:
* If this is turned off, users may override the warning for files not covered
* by $wgFileExtensions.
$wgStrictFileExtensions = true;
Can you confirm?
Related problem: first impressions of a new user:
Today I thought: I shall put a shell script on a wiki to show my friends.
I find a link "Upload files" in the Special pages.
It tells me that sorry, I have to give an extension for my shell
OK, I will call it blortz.txt I suppose.
Now it says "List of allowed file types: png, gif, jpg, jpeg".
OH, I SEE. This is for uploading IMAGES or Whatever ONLY. Not shell
scripts. Well. Why don't you be more upfront about that before the
user clicks so far? Say upon the first click: right there on the
upload form. And no I'm not talking about Wikipedia, but Mediawiki in
OK, I shall wrap my shell script in <pre> and put it on a regular wiki article.
Anyway, as apparently it is no security breach to tell the user
$wgFileExtensions, why not mention them in the upload form, instead of
waiting for the user to guess wrong and then using it to scold them with.
The mediawiki software now does show the list of permitted extensions.