Manual:Configuring file uploads

From XOOPS Web Application System

MediaWiki supports uploading and integration of media files. This page describes the technical aspects of this feature, see Manual:Image Administration and Help:Images for general usage information.

Starting from MediaWiki version 1.1, uploads are initially disabled by default, due to security considerations. Uploads can be enabled via a configuration setting, although it is recommended that you check certain prerequisites first:

Prerequisites

Make sure uploads are enabled in PHP

The following needs to be set in php.ini (which may be located somewhere like /etc/php/php.ini, /etc/php4/php.ini, /usr/local/lib/php.ini or on Win32 C:\Windows\php.ini):

file_uploads = on

If this is not set, no PHP scripts can use the upload functions, and MediaWiki's uploads will not be enabled.

Check Apache aliases

Some Apache configurations have the following alias set in httpd.conf:

Alias /images/ /usr/share/images/

If this is the case, either

• remove this alias

or

• change the upload directory to something else

How to test this? if you do not have access to the httpd.conf file of the web server?

Either ask your webserver admin or just try it, a commercial webhoster will have the above line disabled in most cases.

Check directory security

The upload directory needs to be configured so that it is not possible for an end user to upload and execute other scripts, which could then exploit access to your web directory and damage your wiki or web site.

Which unix security setting should this be? chmod 755? And on which ones on Windows?

The grandparent paragraph refers to the apache permissions: files uploaded should not be passed through the php interpreter (obvious reasons). The proper unix perms depend on who owns the upload dir, you have to make it writable to the apache process.

Setting uploads on/off

1.5 upwards

In MediaWiki version 1.5 and later, the attribute to be set resides in LocalSettings.php and is as follows:

<source lang="php"> $wgEnableUploads = true; # Enable uploads </source>

This enables uploads, as one might expect. To disable them, set the attribute to false:

<source lang="php"> $wgEnableUploads = false; # Disable uploads </source>

Pre-1.5

In older versions of the software, the attribute to be set resides in LocalSettings.php, but is backwards, i.e. $wgDisableUploads. The default is as shown:

<source lang="php"> $wgDisableUploads = true; # Disable uploads </source>

Invert the value to enable uploads:

<source lang="php"> $wgDisableUploads = false; # Enable uploads </source>

Upload permissions

Per default, all registered users can upload files. To restrict this, you have to change Manual:$wgGroupPermissions:

• To prevent normal users from uploading files:
  $wgGroupPermissions['user']['upload'] = false;
• To create a special group called "uploadaccess", and allow members of that group to upload files:
  $wgGroupPermissions['uploadaccess']['upload'] = true;
• To allow "autoconfirmed" (non-newbie) users to upload files:
  $wgGroupPermissions['autoconfirmed']['upload'] = true;

The right to replace existing files is handled by an extra permission, called reupload:

• To prevent normal users from overriding existing files:
  $wgGroupPermissions['user']['reupload'] = false;
• To allow "autoconfirmed" (non-newbie) users to replace existing files:
  $wgGroupPermissions['autoconfirmed']['reupload'] = true;

See Help:User rights for details on user rights, and Manual:Preventing access for more information about restricting access.

Configuring file types

You can add to $wgFileExtensions to allow uploads of any type of file you like. If not included then the $wgFileExtensions line would look something like <source lang="php"> $wgFileExtensions = array('png', 'gif', 'jpg', 'jpeg', 'doc', 'xls', 'mpp', 'pdf');</source> or <source lang="php">

# Add new types to the existing list from DefaultSettings.php
$wgFileExtensions[] = 'doc';
$wgFileExtensions[] = 'xls';
$wgFileExtensions[] = 'pdf';
$wgFileExtensions[] = 'mpp';

</source> You can also set <source lang="php"> $wgStrictFileExtensions = false; </source> to allow most types of file to be uploaded. There are restrictions on some blacklisted filetypes. For more details see Meta:Uploading non image files.

If you are getting the error "The file is corrupt or has an incorrect extension", make sure mime type detection is working properly.

If you decide to allow any kind of file, make sure your mime detection is working and think about enabling virus scans for uploads.

Thumbnailing

For information about automatic rendering/thumbnailing of images, see Manual:Image_thumbnailing

Set maximum size for file uploads

Per default, PHP allows uploaded files to be no more than 2 megabytes large. If you want to upload even larger files, change in the config file php.ini the post_max_size<ref name = "post">post-max-size, PHP Core Manual.</ref> and upload_max_filesize<ref name = "upload">upload-max-filesize, PHP Core Manual.</ref> parameters. This may require root access to the server - if you are on a shared host, contact your server administrator. The location of the php.ini file varies on the distribution you are using. Try "find */*/*/php.ini" to find the location of your config file.

MediaWiki issues a warning if you try to upload files larger than what is specified by $wgUploadSizeWarning option. This is independent of the hard limit imposed by PHP.

• Note: You may need to restart Apache after altering your php.ini

Uploading directly from a URL

If you want to allow user to directly upload files from a URL, instead from a file on their local computer, set $wgAllowCopyUploads = true. On the upload form, you will then see an additional field for the URL, below the usual filename field. The URL field is greyed out per default, but can be activated by activating the radiobutton (checkbox) to the left of the field.

In order to use this feature, users must have the user right upload_by_url, which is granted only to sysops per default. To allow this to normal users, set </tt>$wgGroupPermissions['user']['upload_by_url'] = true</tt>. Keep in mind that allowing uploads directly from an arbitrary location on the web makes it easier to uploads random, unwanted material, and it might be misunderstood as an invitation to upload anything that people might come across on the web.

Undeleting images

Undeleting images is possible as an option since MediaWiki 1.8, and enabled per default since MediaWiki 1.11.

Prior to MediaWiki 1.11, you can enable undeletion of images by setting $wgSaveDeletedFiles = true. Since version 1.11, the behavior is controlled by $wgFileStore, and delted files are per default stored in $wgUploadDirectory/deleted.

See also

• User:Flominator/Upload problems

References

<references />

Template:Languages