am 24.09.2009 17:55 schrieb Alex:
Peter Velan wrote:
am 24.09.2009 12:33 schrieb Haim (Howard) Roman:
There are some file types that the Wiki developers considered too dangerous to allow to upload. So they're not allowed even if you think you've configured it to "allow everything". I don't know enough to defend or criticize this decision, but I assume the developers know what they're doing.
Ah, thanks for this insight. So I have to assume that "$wgCheckFileExtensions = false;" mean sometimes "false" and the error message is quite missleading:
"„.zip“ is not allowed. Allowed extensions: 7z, zip, rar," ^^^
This includes Open Office files. I'll bet it includes anything with XML.
I have *no* problems to upload ".odt", ".ods", ".odg" etc.
I designated a place covered by an apache server to place such files, then defined a template to take the file name & convert it to the appropriate link. That way, if I move the location, I can just update the template.
I'm using the same approch by placing some (mostly the big ones) files to an MW-external place and linking it inside of MW
You'll probably need to override MIME type checking as well.
For testing purpose I switched "$wgVerifyMimeType = false;"
See http://www.mediawiki.org/wiki/Manual:Mime_type_detection#Forbidden_files
Thanks! Your are right, the array "$wgFileblacklist" in "DefaultSettings.php" does explicitly forbids Windows executables, as per ...
| # May contain harmful executables for Windows victims | 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', | 'com', 'pif', 'cmd', 'vxd', 'cpl'
But, it seems a litle bit paranoid to consider files withe names like "xyz.exe.pdf" as a potential hazard.
Note that the MIME blacklist exists for security reasons. If untrusted users are allowed to upload files, this can open up significant security holes.
I would never allow uploads of executables in a public accessible wiki. The wiki where I want to allow uploads of "dangerous" files is a closed intranet type with predefined users.
Nevertheless, thanks for the reminder and the really appreciated hints.
Peter