On Dec 15, 2007 7:51 AM, David Gerard <dgerard(a)gmail.com> wrote:
I've been editing [[Commons:File types]] (the
xiph.org press release
on Ogg and HTML5 directs to it) and see it lists allowable file
formats as of late 2006.
* What's the current list?
* Is there a handy place to look it up?
- d.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
By default, 'png', 'gif', 'jpg', 'jpeg' are preferred, and
any other type
will cause a warning, and these types are not ever allowed:
# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm', 'js', 'jsb', 'mhtml',
'mht',
# PHP scripts may execute arbitrary code on the server
'php', 'phtml', 'php3', 'php4', 'php5',
'phps',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
'exe', 'scr', 'dll', 'msi', 'vbs',
'bat', 'com', 'pif', 'cmd', 'vxd',
'cpl'
Also, these MIME types will fail
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html', 'text/javascript', 'text/x-javascript',
'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash',
'text/x-sh',
'text/x-csh',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile'
You can see this in DefaultSettings.php, a little above line 1600.