File Upload: Difference between revisions

(3 intermediate revisions by one other user not shown)

Line 4:

For PHP, you can check on the value of the '''<code>[http://us2.php.net/manual/en/ini.core.php post_max_size]</code>''' setting to be sure that the allowed size of an HTTP POST is congruent with your goals. In fact, the [http://phpsec.org/projects/phpsecinfo/tests/post_max_size.html PHP Security Consortium recommends] that you set a limit for post_max_size so that attackers are not permitted to "post bomb" your webserver.

<~~source~~ lang="bash">

# find all the php.ini files on your system and look at what they say

locate php.ini |xargs grep -i post_max

# find the php.ini files that are used in the default location for (K)ubuntu/Debian

grep -ri post_max /etc/php5/

</~~source~~>

</syntaxhighlight>

Line 16:

== Mediawiki ==

=== Uploading Files ===

To upload a file, you simply click on the navigation link in the 'toolbox' to "upload file". This link brings you to the upload form (which is a special page in the wiki). Instructions are provided in the form, and it's as straightforward as selecting a file from your local system that you wish to upload.

To upload a file, you simply click on the navigation link in the 'toolbox' to "upload file". This link brings you to the upload form (which is a special page in the wiki). Instructions are provided in the form, and it's as straightforward as selecting a file from your local system that you wish to upload. More help is available at the meta site [[MetaWikiPedia:Help:Images_and_other_uploaded_files|Help:Images and other uploaded files]]

=== Configuration ===

In the mediawiki software, uploads are controlled by several settings in the 'LocalSettings.php' file. [http://meta.wikimedia.org/wiki/Help:Images_and_other_uploaded_files The documentation] refers to 'images' however all types of files may be uploaded depending on how you configure your installation.

In the mediawiki software, uploads are controlled by several [http://www.mediawiki.org/wiki/Manual:Configuration_settings settings]  in the 'LocalSettings.php' file. [http://meta.wikimedia.org/wiki/Help:Images_and_other_uploaded_files The documentation] refers to 'images' however all types of files may be uploaded depending on how you configure your installation.

<~~source~~ lang="php">

## To enable image uploads, make sure the 'images' directory

## is writable, then set this to true:

Line 29:

$wgMimeDetectorCommand= "file -bi";

$wgVerifyMimeType = false;

</~~source~~>

</syntaxhighlight>

=== Allowed File Types ===

This wiki does not allow users to upload any Microsoft file formats. In general, only open, standards-based file formats like those generated by [[OpenOffice]] are allowed.

{{ambox

| type = notice

| text = This wiki does not allow users to upload any Microsoft file formats. In general, only open, standards-based file formats like those generated by [[OpenOffice]] are allowed.}}

The system administrator can define what file types are allowed to be uploaded. In an internal environment, you can be pretty lax about what is allowed. However, in a publicly accessible system, there are a number of issues with uploading certain content since it is then going to be either re-displayed, executed in some fashion by the system, or made available to other users.

Here is a representative list that includes all the file types for OpenOffice (including templates), ogg and mp3 plus normal image file types, a few text and XML types.

<~~source~~ lang="php">

$wgFileExtensions = array();

$wgFileExtensions[] = gif;

Line 72:

Line 74:

$wgFileExtensions[] = xsl;

$wgFileExtensions[] = xslt;

</~~source~~>

</syntaxhighlight>

== Technical Resources ==

[http://us2.php.net/manual/en/features.file-upload.php Handling file uploads is covered in the PHP manual]. Note the 'PUT' support. The Amaya web authoring tool from the W3C uses PUT for uploading. HTTP PUT is distinct from regular POST file upload processing.

@@ Line 4: / Line 4: @@
 For PHP, you can check on the value of the '''<code>[http://us2.php.net/manual/en/ini.core.php post_max_size]</code>''' setting to be sure that the allowed size of an HTTP POST is congruent with your goals.  In fact, the [http://phpsec.org/projects/phpsecinfo/tests/post_max_size.html PHP Security Consortium recommends] that you set a limit for post_max_size so that attackers are not permitted to "post bomb" your webserver.
-<source lang="bash">
+<syntaxhighlight lang="bash">
 # find all the php.ini files on your system and look at what they say
 locate php.ini |xargs grep -i post_max
 # find the php.ini files that are used in the default location for (K)ubuntu/Debian
 grep -ri post_max /etc/php5/
-</source>
+</syntaxhighlight>
@@ Line 16: / Line 16: @@
 == Mediawiki ==
 === Uploading Files ===
-To upload a file, you simply click on the navigation link in the 'toolbox' to "upload file".  This link brings you to the upload form (which is a special page in the wiki).  Instructions are provided in the form, and it's as straightforward as selecting a file from your local system that you wish to upload.
+To upload a file, you simply click on the navigation link in the 'toolbox' to "upload file".  This link brings you to the upload form (which is a special page in the wiki).  Instructions are provided in the form, and it's as straightforward as selecting a file from your local system that you wish to upload.  More help is available at the meta site [[MetaWikiPedia:Help:Images_and_other_uploaded_files|Help:Images and other uploaded files]]
 === Configuration ===
-In the mediawiki software, uploads are controlled by several settings in the 'LocalSettings.php' file. [http://meta.wikimedia.org/wiki/Help:Images_and_other_uploaded_files The documentation] refers to 'images' however all types of files may be uploaded depending on how you configure your installation.
+In the mediawiki software, uploads are controlled by several [http://www.mediawiki.org/wiki/Manual:Configuration_settings settings] <!-- [[manual:Configuration_settings settings]] --> in the 'LocalSettings.php' file. [http://meta.wikimedia.org/wiki/Help:Images_and_other_uploaded_files The documentation] refers to 'images' however all types of files may be uploaded depending on how you configure your installation.
-<source lang="php">
+<syntaxhighlight lang="php">
 ## To enable image uploads, make sure the 'images' directory
 ## is writable, then set this to true:
@@ Line 29: / Line 29: @@
 $wgMimeDetectorCommand= "file -bi";
 $wgVerifyMimeType = false;
-</source>
+</syntaxhighlight>
 === Allowed File Types ===
-This wiki does not allow users to upload any Microsoft file formats.  In general, only open, standards-based file formats like those generated by [[OpenOffice]] are allowed.
+{{ambox
+| type = notice
+| text = This wiki does not allow users to upload any Microsoft file formats.  In general, only open, standards-based file formats like those generated by [[OpenOffice]] are allowed.}}
 The system administrator can define what file types are allowed to be uploaded.  In an internal environment, you can be pretty lax about what is allowed.  However, in a publicly accessible system, there are a number of issues with uploading certain content since it is then going to be either re-displayed, executed in some fashion by the system, or made available to other users.
 Here is a representative list that includes all the file types for OpenOffice (including templates), ogg and mp3 plus normal image file types, a few text and XML types.
-<source lang="php">
+<syntaxhighlight lang="php">
 $wgFileExtensions = array();
 $wgFileExtensions[] = gif;
@@ Line 72: / Line 74: @@
 $wgFileExtensions[] = xsl;
 $wgFileExtensions[] = xslt;
-</source>
+</syntaxhighlight>
 == Technical Resources ==
 [http://us2.php.net/manual/en/features.file-upload.php Handling file uploads is covered in the PHP manual].  Note the 'PUT' support.  The Amaya web authoring tool from the W3C uses PUT for uploading.  HTTP PUT is distinct from regular POST file upload processing.