am 24.09.2009 17:55 schrieb Alex:
Peter Velan wrote:
am 24.09.2009 12:33 schrieb Haim (Howard) Roman:
There are some file types that the Wiki
developers considered too
dangerous to allow to upload. So they're not allowed even if you
think you've configured it to "allow everything". I don't know enough
to defend or criticize this decision, but I assume the developers know
what they're doing.
Ah, thanks for this insight. So I have to assume that
"$wgCheckFileExtensions = false;" mean sometimes "false" and the
error
message is quite missleading:
"„.zip“ is not allowed. Allowed extensions: 7z, zip, rar,"
^^^
This includes Open Office files. I'll bet it
includes anything with XML.
I have *no* problems to upload ".odt", ".ods", ".odg" etc.
I designated a place covered by an apache server
to place such files,
then defined a template to take the file name & convert it to the
appropriate link. That way, if I move the location, I can just update
the template.
I'm using the same approch by placing some (mostly the big ones) files
to an MW-external place and linking it inside of MW
You'll probably need to override MIME type checking as well.
For testing purpose I switched "$wgVerifyMimeType = false;"
See
<http://www.mediawiki.org/wiki/Manual:Mime_type_detection#Forbidden_files>
Thanks! Your are right, the array "$wgFileblacklist" in
"DefaultSettings.php" does explicitly forbids Windows executables, as
per ...
| # May contain harmful executables for Windows victims
| 'exe', 'scr', 'dll', 'msi', 'vbs',
'bat',
| 'com', 'pif', 'cmd', 'vxd', 'cpl'
But, it seems a litle bit paranoid to consider files withe names like
"xyz.exe.pdf" as a potential hazard.
Note that the MIME blacklist exists for security
reasons. If untrusted
users are allowed to upload files, this can open up significant security
holes.
I would never allow uploads of executables in a public accessible
wiki. The wiki where I want to allow uploads of "dangerous" files is a
closed intranet type with predefined users.
Nevertheless, thanks for the reminder and the really appreciated hints.
Peter