Summary: Add extensions to or remove them from the list of allowed upload types
Version: n/a
Status: Documentation
Categories: Uploads
Discussion: UploadTypes-Talk?

Questions answered by this recipe

How can I add/remove extensions to/from the list of allowed upload types?


Adding new file types to permitted uploads

To add a new extension to the list of allowed upload types, add a line like the following to a local customization file:

$UploadExts['ext'] = 'content-type';

where ext is the extension to be added, and content-type is the "MIME type", or content-type (which you may find at IANA, Free Formatter, Apache mime types, or the internet media types) to be used for files with that extension. For example, to add the 'dxf' extension with a Content-Type of 'image/x-dxf', place the line

$UploadExts['dxf'] = 'image/x-dxf';

Each entry in $UploadExts needs to be the extension and the mime-type associated with that extension, thus:

$UploadExts = array(
  'gif' => 'image/gif',
  'jpeg' => 'image/jpeg',
  'jpg' => 'image/jpeg',
  'png' => 'image/png',
  'xxx' => 'yyyy/zzz'

For the types that PmWiki already knows about it's not necessary to repeat them here (the upload.php script adds PmWiki's defaults to whatever the administrator supplies).

Restricting uploaded files type and size

The upload script performs a number of verifications on an uploaded file before storing it in the upload directory. The basic verifications are described below.

the name for the uploaded file can contain only letters, digits, underscores, hyphens, spaces, and periods, and the name must begin and end with a letter or digit.
file extension
only files with approved extensions such as ".gif", ".jpeg", ".doc", etc. are allowed to be uploaded to the web server. This is vitally important for server security, since the web server might attempt to execute or specially process files with extensions like ".php", ".cgi", etc.
file size
By default all uploads are limited to 50K bytes, as specified by the $UploadMaxSize variable. Thus, to limit all uploads to 100KB, simply specify a new value for $UploadMaxSize in config.php:
$UploadMaxSize = 100000;

However, the default maximum file size can also be specified for each type of file uploaded. Thus, an administrator can restrict ".gif" and ".jpeg" files to 20K, ".doc" files to 200K, and all others to the size given by $UploadMaxSize. The $UploadExtSize array is used to determine which file extensions are valid and the maximum upload size (in bytes) for each file type. For example:

$UploadExtSize['gif'] = 20000; # limit .gif files to 20KB


These examples are provided to save you the effort have having to repeat the MIME type research

$UploadExts['iso'] = 'application/octetstream';       # CD Disc image
$UploadExts['svg'] = 'image/svg+xml';                 # Scalable Vector Graphic (in default list) 
$UploadExts['kml'] = 'application/vnd.google-earth.kml+xml'; #Keyhole Markup language (Google Earth) [1]
$UploadExts['kmz'] = 'application/vnd.google-earth.kmz'; # Zipped KML [2]

content - MIME types for Office 2007 files [3]

$UploadExts['docm'] = 'application/vnd.ms-word.document.macroEnabled.12';                         # 
$UploadExts['docx'] = 'application/vnd.openxmlformats-officedocument.wordprocessingml.document';  # Word document
$UploadExts['dotm'] = 'application/vnd.ms-word.template.macroEnabled.12';                         # 
$UploadExts['dotx'] = 'application/vnd.openxmlformats-officedocument.wordprocessingml.template';  # Word document template
$UploadExts['potm'] = 'application/vnd.ms-powerpoint.template.macroEnabled.12';                   # 
$UploadExts['potx'] = 'application/vnd.openxmlformats-officedocument.presentationml.template';    # Presentation template
$UploadExts['ppam'] = 'application/vnd.ms-powerpoint.addin.macroEnabled.12';                      # 
$UploadExts['ppsm'] = 'application/vnd.ms-powerpoint.slideshow.macroEnabled.12';                  # 
$UploadExts['ppsx'] = 'application/vnd.openxmlformats-officedocument.presentationml.slideshow';   # Presentation sideshow
$UploadExts['pptm'] = 'application/vnd.ms-powerpoint.presentation.macroEnabled.12';               # 
$UploadExts['pptx'] = 'application/vnd.openxmlformats-officedocument.presentationml.presentation'; # Presentation
$UploadExts['sldx'] = 'application/vnd.openxmlformats-officedocument.presentationml.slide';        # Office PowerPoint 2007 slide
$UploadExts['xlam'] = 'application/vnd.ms-excel.addin.macroEnabled.12';                           # 
$UploadExts['xlsb'] = 'application/vnd.ms-excel.sheet.binary.macroEnabled.12';                    # 
$UploadExts['xlsm'] = 'application/vnd.ms-excel.sheet.macroEnabled.12';                           # 
$UploadExts['xlsx'] = 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet';        # Spreadsheet
$UploadExts['xltm'] = 'application/vnd.ms-excel.template.macroEnabled.12';                        #
$UploadExts['xltx'] = 'application/vnd.openxmlformats-officedocument.spreadsheetml.template';     # Spreadsheet template

To permit the uploading of Open Document format files, as used by Libre Office and ApacheOpen Office, you should add the following lines to your local customization file:

$UploadExts['odb'] = 'application/vnd.oasis.opendocument.database';
$UploadExts['odc'] = 'application/vnd.oasis.opendocument.chart';
$UploadExts['odf'] = 'application/vnd.oasis.opendocument.formula';
$UploadExts['odg'] = 'application/vnd.oasis.opendocument.graphics';
$UploadExts['odm'] = 'application/vnd.oasis.opendocument.text-master';
$UploadExts['odp'] = 'application/vnd.oasis.opendocument.presentation';
$UploadExts['odp'] = 'application/vnd.oasis.opendocument.presentation';
$UploadExts['ods'] = 'application/vnd.oasis.opendocument.spreadsheet';
$UploadExts['odt'] = 'application/vnd.oasis.opendocument.text';
$UploadExts['otg'] = 'application/vnd.oasis.opendocument.graphics-template';
$UploadExts['oth'] = 'application/vnd.oasis.opendocument.text-web';
$UploadExts['otp'] = 'application/vnd.oasis.opendocument.presentation-template';
$UploadExts['ots'] = 'application/vnd.oasis.opendocument.spreadsheet-template';
$UploadExts['ott'] = 'application/vnd.oasis.opendocument.text-template';
$UploadExts['sda'] = 'application/vnd.stardivision.draw';
$UploadExts['sdc'] = 'application/vnd.stardivision.calc';
$UploadExts['sdd'] = 'application/vnd.stardivision.impress';
$UploadExts['sdf'] = 'application/vnd.stardivision.math';
$UploadExts['sds'] = 'application/vnd.stardivision.chart';
$UploadExts['sdw'] = 'application/vnd.stardivision.writer';
$UploadExts['sgl'] = 'application/vnd.stardivision.writer-global';

Some additional file extensions you can add

## PmWiki: add additional file types that can be uploaded
  $UploadExts['pdf'] = 'application/pdf'; # PDF document
## Office
  $UploadExts['vsd'] = 'application/vnd.visio'; # Visio document
  $UploadExts['vst'] = 'application/vnd.visio'; # Visio document template
  $UploadExts['csv'] = 'text/plain'; # Comma separated value file
  $UploadExts['dot'] = 'application/msword';  # Word document template
  $UploadExts['sql'] = 'text/plain'; # Sql script
  $UploadExts['mpp'] = 'application/msproject'; # Project document
  $UploadExts['msg'] = 'application/msoutlook'; # Outlook email message
  $UploadExts['pps'] = 'application/mspowerpoint'; # 
## PmWiki: set upload sizes
  $UploadExtSize[''] = 0; # disallow no extension files ## StarterPack

See links for more instructions specific to windows IIS and Apache

Default extensions

At 2022-01 the default extensions defined in upload.php are

'' (empty string is text/plain), 3gp, 7z, ai, apng, au, avi, bmp, css, doc, docx, dvi, eps, epub, exe, fla, flac, gif, gz, hqx, htm, html, ico, jpeg, jpg, kml, kmz, m4v, mdb, mkv, mov, mp3, mp4, mpeg, mpg, odg, odp, ods, odt, ogg, ogv, opus, pdf, png, ppt, pptx, ps, psd, qt, rpm, rtf, sit, svg, svgz, swf, tex, tgz, txt, vtt, wav, wbmp, webm, webp, wmf, xcf, xls, xlsx, zip


  • How do you determine the content type?

Check out internet media types or, on a Linux/Unix system, use the 'file' command with the --mime option:

file --mime filename
  • How do you disable files with no extension?
$UploadExtSize[''] = 0; # disallow no extension files
  • How do I make PMWiki verify the mime type of a file when uploading it, so that html files, for example, can't be uploaded with a jpg file extension, and still be recognized by internet explorer because of it's typesniffing?
To my knowledge there is no built in functionality, or recipe that does this. But see Cookbook:Attachtable. simon March 17, 2010, at 02:57 PM

See also


  • Pm, 15-Oct-2004

User notes +2: If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.