Changes

Jump to navigation Jump to search
3,905 bytes added ,  14:53, 4 October 2008
New page: == PHP == In general, whenever you want to have a website allow users to upload files, you first want to check and set the web server to ensure that it's allowing file uploads, and that th...
== PHP ==
In general, whenever you want to have a website allow users to upload files, you first want to check and set the web server to ensure that it's allowing file uploads, and that the constraints in the server match your application settings.

For PHP, you can check on the value of the '''<code>[http://us2.php.net/manual/en/ini.core.php post_max_size]</code>''' setting to be sure that the allowed size of an HTTP POST is congruent with your goals. In fact, the [http://phpsec.org/projects/phpsecinfo/tests/post_max_size.html PHP Security Consortium recommends] that you set a limit for post_max_size so that attackers are not permitted to "post bomb" your webserver.

<source lang="bash">
# find all the php.ini files on your system and look at what they say
locate php.ini |xargs grep -i post_max
# find the php.ini files that are used in the default location for (K)ubuntu/Debian
grep -ri post_max /etc/php5/
</source>




== Mediawiki ==
=== Uploading Files ===
To upload a file, you simply click on the navigation link in the 'toolbox' to "upload file". This link brings you to the upload form (which is a special page in the wiki). Instructions are provided in the form, and it's as straightforward as selecting a file from your local system that you wish to upload.

=== Configuration ===
In the mediawiki software, uploads are controlled by several settings in the 'LocalSettings.php' file. [http://meta.wikimedia.org/wiki/Help:Images_and_other_uploaded_files The documentation] refers to 'images' however all types of files may be uploaded depending on how you configure your installation.

<source lang="php">
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
$wgEnableUploads = true;
/* Adding unlimited upload support */
$wgStrictFileExtensions = false;
$wgMimeDetectorCommand= "file -bi";
$wgVerifyMimeType = false;
</source>

=== Allowed File Types ===
This wiki does not allow users to upload any Microsoft file formats. In general, only open, standards-based file formats like those generated by [[OpenOffice]] are allowed.

The system administrator can define what file types are allowed to be uploaded. In an internal environment, you can be pretty lax about what is allowed. However, in a publicly accessible system, there are a number of issues with uploading certain content since it is then going to be either re-displayed, executed in some fashion by the system, or made available to other users.

Here is a representative list that includes all the file types for OpenOffice (including templates), ogg and mp3 plus normal image file types, a few text and XML types.
<source lang="php">
$wgFileExtensions = array();
$wgFileExtensions[] = gif;
$wgFileExtensions[] = ico;
$wgFileExtensions[] = jpeg;
$wgFileExtensions[] = jpg;
$wgFileExtensions[] = mp3;
$wgFileExtensions[] = odb;
$wgFileExtensions[] = odf;
$wgFileExtensions[] = odg;
$wgFileExtensions[] = odm;
$wgFileExtensions[] = odp;
$wgFileExtensions[] = ods;
$wgFileExtensions[] = odt;
$wgFileExtensions[] = ogg;
$wgFileExtensions[] = otg;
$wgFileExtensions[] = oth;
$wgFileExtensions[] = ots;
$wgFileExtensions[] = ott;
$wgFileExtensions[] = pdf;
$wgFileExtensions[] = png;
$wgFileExtensions[] = stc;
$wgFileExtensions[] = std;
$wgFileExtensions[] = sti;
$wgFileExtensions[] = stw;
$wgFileExtensions[] = swx;
$wgFileExtensions[] = sxc;
$wgFileExtensions[] = sxg;
$wgFileExtensions[] = sxi;
$wgFileExtensions[] = sxm;
$wgFileExtensions[] = txt;
$wgFileExtensions[] = xml;
$wgFileExtensions[] = xsd;
$wgFileExtensions[] = xsl;
$wgFileExtensions[] = xslt;
</source>

== Technical Resources ==
[http://us2.php.net/manual/en/features.file-upload.php Handling file uploads is covered in the PHP manual]. Note the 'PUT' support. The Amaya web authoring tool from the W3C uses PUT for uploading. HTTP PUT is distinct from regular POST file upload processing.
4,558

edits

Navigation menu