纳闷了jpg无法上传:
[[File:sqlplus.html.test.01.jpg]]
原来在 DefaultSettings.php 中禁止上传html的文件,文件名中带*.html.jpg被当做了html文件,被认为是非法文件,所以不允许上传
$ file sqlplus.html.test.01.jpg
sqlplus.html.test.01.jpg: JPEG image data, JFIF standard 1.01
DefaultSettings.php:
$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg' );
/** Files with these extensions will never be allowed as uploads. */
$wgFileBlacklist = array(
# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm', 'js', 'jsb', 'mhtml', 'mht',
# PHP scripts may execute arbitrary code on the server
'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
/** Files with these mime types will never be allowed as uploads
* if $wgVerifyMimeType is enabled.
*/
$wgMimeTypeBlacklist= array(
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Client-side hazards on Internet Explorer
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
# A ZIP file may be a valid Java archive containing an applet which exploits the
# same-origin policy to steal cookies
'application/zip',
);
将文件名中的.html去掉,上传成功
阅读(1364) | 评论(0) | 转发(0) |
