Chinaunix首页 | 论坛 | 博客
  • 博客访问: 3342885
  • 博文数量: 815
  • 博客积分: 12898
  • 博客等级: 上将
  • 技术积分: 7883
  • 用 户 组: 普通用户
  • 注册时间: 2006-12-25 09:57
文章分类

全部博文(815)

文章存档

2014年(1)

2011年(46)

2010年(192)

2009年(121)

2008年(70)

2007年(385)

分类: LINUX

2010-03-31 00:47:12

纳闷了jpg无法上传:
[[File:sqlplus.html.test.01.jpg]]

原来在 DefaultSettings.php 中禁止上传html的文件,文件名中带*.html.jpg被当做了html文件,被认为是非法文件,所以不允许上传

$ file sqlplus.html.test.01.jpg
sqlplus.html.test.01.jpg: JPEG image data, JFIF standard 1.01

DefaultSettings.php:

$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg' );

/** Files with these extensions will never be allowed as uploads. */
$wgFileBlacklist = array(
        # HTML may contain cookie-stealing JavaScript and web bugs
        'html', 'htm', 'js', 'jsb', 'mhtml', 'mht',
        # PHP scripts may execute arbitrary code on the server
        'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
        # Other types that may be interpreted by some servers
        'shtml', 'jhtml', 'pl', 'py', 'cgi',
        # May contain harmful executables for Windows victims
        'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );

/** Files with these mime types will never be allowed as uploads
 * if $wgVerifyMimeType is enabled.
 */
$wgMimeTypeBlacklist= array(
        # HTML may contain cookie-stealing JavaScript and web bugs
        'text/html', 'text/javascript', 'text/x-javascript',  'application/x-shellscript',
        # PHP scripts may execute arbitrary code on the server
        'application/x-php', 'text/x-php',
        # Other types that may be interpreted by some servers
        'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
        # Client-side hazards on Internet Explorer
        'text/scriptlet', 'application/x-msdownload',
        # Windows metafile, client-side vulnerability on some systems
        'application/x-msmetafile',
        # A ZIP file may be a valid Java archive containing an applet which exploits the
        # same-origin policy to steal cookies
        'application/zip',
);


将文件名中的.html去掉,上传成功
阅读(1424) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~