Recent Changes - Search:

Cookbook

PmWiki

pmwiki.org

Cookbook /

UploadTypes

Summary: Add extensions to or remove them from the list of allowed upload types
Version:
Prerequisites:
Status:
Maintainer:
Categories: Uploads

Questions answered by this recipe

How can I add/remove extensions to/from the list of allowed upload types?

Answer

Adding new file types to permitted uploads

To add a new extension to the list of allowed upload types, add a line like the following to a local customization file:

$UploadExts['ext'] = 'content-type';

where ext is the extension to be added, and content-type is the "MIME type", or content-type (which you may find here or on the lower part of this page) to be used for files with that extension. For example, to add the 'dxf' extension with a Content-Type of 'image/x-dxf', place the line

$UploadExts['dxf'] = 'image/x-dxf';

Each entry in $UploadExts needs to be the extension and the mime-type associated with that extension, thus: 

$UploadExts = array(
  'gif' => 'image/gif',
  'jpeg' => 'image/jpeg',
  'jpg' => 'image/jpeg',
  'png' => 'image/png',
  'xxx' => 'yyyy/zzz'
);

For the types that PmWiki already knows about it's not necessary to repeat them here (the upload.php script adds PmWiki's defaults to whatever the administrator supplies).

Restricting uploaded files type and size

The upload script performs a number of verifications on an uploaded file before storing it in the upload directory. The basic verifications are described below.

filenames
the name for the uploaded file can contain only letters, digits, underscores, hyphens, spaces, and periods, and the name must begin and end with a letter or digit.
file extension
only files with approved extensions such as ".gif", ".jpeg", ".doc", etc. are allowed to be uploaded to the web server. This is vitally important for server security, since the web server might attempt to execute or specially process files with extensions like ".php", ".cgi", etc.
file size
By default all uploads are limited to 50K bytes, as specified by the $UploadMaxSize variable. Thus, to limit all uploads to 100K, simply specify a new value for $UploadMaxSize in config.php:
$UploadMaxSize = 102400;

However, maximum file sizes can also be specified for each type of file uploaded. Thus, an administrator can restrict ".gif" and ".jpeg" files to 20K, ".doc" files to 200K, and all others to the size given by $UploadMaxSize. The $UploadExtSize array is used to determine which file extensions are valid and the maximum upload size (in bytes) for each file type. For example:

$UploadExtSize['gif'] = 20000; # limit .gif files to 20K

Setting an entry to zero disables file uploads of that type altogether:

$UploadExtSize['zip'] = 0; # disallow .zip files

You can limit which types of files are uploadable by disabling all defaults and specifying only desired types Setting the variable $UploadMax to zero will disable all default file types. Individual file types may then be enabled by setting their maximum size with the variable $UploadExtSize. 

# turns off all upload extensions
$UploadMaxSize = 0;

# enable only these file types for uploading
$aSize=102400; // 100 K file size limitation
$UploadExtSize['jpg' ] = $aSize;
$UploadExtSize['gif' ] = $aSize;
$UploadExtSize['png' ] = $aSize;

Examples

These examples are provided to save you the effort have having to repeat the mime type research 

$UploadExts['dot'] = 'application/msword';     # Document template
$UploadExts['iso'] = 'application/octetstream; # CD Disc image

content - MIME types for Office 2007 files 

$UploadExts['.docm'] = 'application/vnd.ms-word.document.macroEnabled.12';               # 
$UploadExts['.docx'] = 'application/vnd.openxmlformats-officedocument.wordprocessingml.document'; # 
$UploadExts['.dotm'] = 'application/vnd.ms-word.template.macroEnabled.12';               # 
$UploadExts['.dotx'] = 'application/vnd.openxmlformats-officedocument.wordprocessingml.template'; # 
$UploadExts['.potm'] = 'application/vnd.ms-powerpoint.template.macroEnabled.12';         # 
$UploadExts['.potx'] = 'application/vnd.openxmlformats-officedocument.presentationml.template'; # 
$UploadExts['.ppam'] = 'application/vnd.ms-powerpoint.addin.macroEnabled.12';            # 
$UploadExts['.ppsm'] = 'application/vnd.ms-powerpoint.slideshow.macroEnabled.12';        # 
$UploadExts['.ppsx'] = 'application/vnd.openxmlformats-officedocument.presentationml.slideshow'; # 
$UploadExts['.pptm'] = 'application/vnd.ms-powerpoint.presentation.macroEnabled.12';     # 
$UploadExts['.pptx'] = 'application/vnd.openxmlformats-officedocument.presentationml.presentation'; # 
$UploadExts['.xlam'] = 'application/vnd.ms-excel.addin.macroEnabled.12';                 # 
$UploadExts['.xlsb'] = 'application/vnd.ms-excel.sheet.binary.macroEnabled.12';          # 
$UploadExts['.xlsm'] = 'application/vnd.ms-excel.sheet.macroEnabled.12';                 # 
$UploadExts['.xlsx'] = 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'; # 
$UploadExts['.xltm'] = 'application/vnd.ms-excel.template.macroEnabled.12':          #
$UploadExts['.xltx'] = 'application/vnd.openxmlformats-officedocument.spreadsheetml.template'; #

To permit the uploading of OpenOffice.org files, you should add the following lines to your local customization file: 

$UploadExts['odp'] = 'application/vnd.oasis.opendocument.presentation';
$UploadExts['odb'] = 'application/vnd.oasis.opendocument.database';
$UploadExts['ods'] = 'application/vnd.oasis.opendocument.spreadsheet';
$UploadExts['ots'] = 'application/vnd.oasis.opendocument.spreadsheet-template';
$UploadExts['odc'] = 'application/vnd.oasis.opendocument.chart';
$UploadExts['sdc'] = 'application/vnd.stardivision.calc';
$UploadExts['sds'] = 'application/vnd.stardivision.chart';
$UploadExts['odg'] = 'application/vnd.oasis.opendocument.graphics';
$UploadExts['otg'] = 'application/vnd.oasis.opendocument.graphics-template';
$UploadExts['sda'] = 'application/vnd.stardivision.draw';
$UploadExts['odp'] = 'application/vnd.oasis.opendocument.presentation';
$UploadExts['otp'] = 'application/vnd.oasis.opendocument.presentation-template';
$UploadExts['sdd'] = 'application/vnd.stardivision.impress';
$UploadExts['odf'] = 'application/vnd.oasis.opendocument.formula';
$UploadExts['sdf'] = 'application/vnd.stardivision.math';
$UploadExts['odt'] = 'application/vnd.oasis.opendocument.text';
$UploadExts['ott'] = 'application/vnd.oasis.opendocument.text-template';
$UploadExts['oth'] = 'application/vnd.oasis.opendocument.text-web';
$UploadExts['odm'] = 'application/vnd.oasis.opendocument.text-master';
$UploadExts['sgl'] = 'application/vnd.stardivision.writer-global';
$UploadExts['sdw'] = 'application/vnd.stardivision.writer';

See links for more instructions specific to windows IIS and Apache

Discussion

  • How do you determine the content type?
On a Linux/Unix system, you can use the 'file' command with the --mime option:
file --mime filename
Kathryn Andersen July 22, 2006, at 07:50 PM

See also

Contributors

  • Pm, 15-Oct-2004
Edit - History - Print - Recent Changes - Search
Page last modified on May 04, 2008, at 11:54 PM