On Dec 15, 2007 7:51 AM, David Gerard dgerard@gmail.com wrote:
I've been editing [[Commons:File types]] (the xiph.org press release on Ogg and HTML5 directs to it) and see it lists allowable file formats as of late 2006.
- What's the current list?
- Is there a handy place to look it up?
- d.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/wikitech-l
By default, 'png', 'gif', 'jpg', 'jpeg' are preferred, and any other type will cause a warning, and these types are not ever allowed: # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'php5', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' Also, these MIME types will fail # HTML may contain cookie-stealing JavaScript and web bugs 'text/html', 'text/javascript', 'text/x-javascript', 'application/x-shellscript', # PHP scripts may execute arbitrary code on the server 'application/x-php', 'text/x-php', # Other types that may be interpreted by some servers 'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh', # Windows metafile, client-side vulnerability on some systems 'application/x-msmetafile' You can see this in DefaultSettings.php, a little above line 1600.