upload file type black-/whitelist error message
Closed, DeclinedPublic
Actions

Assigned To

None

Authored By

	• bzimport
	Nov 14 2007, 6:52 PM

Description

Author: lsloan-bugzilla.wikimedia.org

Description:
I was checking whether MediaWiki would let me upload HTML files (with .html filename extension) into my wiki. It wouldn't and it gave this error message:

Upload warning
".html" is an unwanted file type
  List of allowed file types: png, gif, jpg, jpeg

Where does that list of allowed types come from? I have been able to upload other file types like SVG and PDF, so that error message is misleading. The error message or the list of allowed types needs to be changed. Better yet, they should be available as configuration parameters.

Version: 1.11.x
Severity: minor

Details

Reference: bz11984

Event Timeline

• bzimport raised the priority of this task from to Low.Nov 21 2014, 10:00 PM

• bzimport added a project: MediaWiki-Uploading.

• bzimport set Reference to bz11984.

• bzimport added a subscriber: Unknown Object (MLST).

• bzimport created this task.Nov 14 2007, 6:52 PM

This list contains the default allowed filetypes, defindes in includes/defaultSettings.php. You can configure your own list in LocalSettings.php.

Add the line
$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'ppt', 'pdf', 'doc', 'mp3', 'xls', 'zip', 'pdf', 'svg', 'odt', 'ogg' );

(or what else you want to allow)

Please check which files you have uploaded. I get an error when I try to upload a PDF on a fresh installed MediaWiki.

jeluf wrote:

The corresponding code is:

$this->uploadError( wfMsgExt( 'filetype-badtype', array ( 'parseinline' ), htmlspecialchars( $finalExt ), implode ( ', ', $wgFileExtensions ) ) );

It lists all allowed extensions. The current code works fine for me.

Are you using a recent version of MediaWiki?

Sounds like your wiki is configured to disable the strict extension whitelist. This will still restrict files with extensions on the blacklist:

/**

If this is turned off, users may override the warning for files not covered
by $wgFileExtensions. */

$wgStrictFileExtensions = true;

Can you confirm?

Related problem: first impressions of a new user:
Today I thought: I shall put a shell script on a wiki to show my friends.

I find a link "Upload files" in the Special pages.

It tells me that sorry, I have to give an extension for my shell
script.

OK, I will call it blortz.txt I suppose.

Now it says "List of allowed file types: png, gif, jpg, jpeg".

OH, I SEE. This is for uploading IMAGES or Whatever ONLY. Not shell
scripts. Well. Why don't you be more upfront about that before the
user clicks so far? Say upon the first click: right there on the
upload form. And no I'm not talking about Wikipedia, but Mediawiki in
general.

OK, I shall wrap my shell script in <pre> and put it on a regular wiki article.

Anyway, as apparently it is no security breach to tell the user
$wgFileExtensions, why not mention them in the upload form, instead of
waiting for the user to guess wrong and then using it to scold them with.

The mediawiki software now does show the list of permitted extensions.

https://www.mediawiki.org/wiki/Special:Upload

http://git.wikimedia.org/blob/mediawiki%2Fcore.git/1a9fc607bf80d72ca5b17d6e23100402fc0cadea/includes%2Fspecials%2FSpecialUpload.php#L936

• Gilles added a project: Multimedia.Dec 4 2014, 9:22 AM

• Gilles raised the priority of this task from Low to Unbreak Now!.Dec 4 2014, 10:12 AM

• Gilles moved this task from Untriaged to Done on the Multimedia board.

• Gilles lowered the priority of this task from Unbreak Now! to Low.Dec 4 2014, 11:22 AM

upload file type black-/whitelist error messageClosed, DeclinedPublicActions

Description

Details

Event Timeline

upload file type black-/whitelist error message
Closed, DeclinedPublic
Actions