File Upload: Difference between revisions

For PHP, you can check on the value of the '''<code>[http://us2.php.net/manual/en/ini.core.php post_max_size]</code>''' setting to be sure that the allowed size of an HTTP POST is congruent with your goals.  In fact, the [http://phpsec.org/projects/phpsecinfo/tests/post_max_size.html PHP Security Consortium recommends] that you set a limit for post_max_size so that attackers are not permitted to "post bomb" your webserver.

# find all the php.ini files on your system and look at what they say

locate php.ini |xargs grep -i post_max

# find the php.ini files that are used in the default location for (K)ubuntu/Debian

grep -ri post_max /etc/php5/

In the mediawiki software, uploads are controlled by several [http://www.mediawiki.org/wiki/Manual:Configuration_settings settings] <!-- [[manual:Configuration_settings settings]] --> in the 'LocalSettings.php' file. [http://meta.wikimedia.org/wiki/Help:Images_and_other_uploaded_files The documentation] refers to 'images' however all types of files may be uploaded depending on how you configure your installation.

## To enable image uploads, make sure the 'images' directory

## is writable, then set this to true:

$wgMimeDetectorCommand= "file -bi";  

$wgVerifyMimeType = false;

=== Allowed File Types ===

Here is a representative list that includes all the file types for OpenOffice (including templates), ogg and mp3 plus normal image file types, a few text and XML types.

$wgFileExtensions = array();

$wgFileExtensions[] = gif;

$wgFileExtensions[] = xsl;

$wgFileExtensions[] = xslt;

== Technical Resources ==

[http://us2.php.net/manual/en/features.file-upload.php Handling file uploads is covered in the PHP manual].  Note the 'PUT' support.  The Amaya web authoring tool from the W3C uses PUT for uploading.  HTTP PUT is distinct from regular POST file upload processing.