I did RTFM and I did what it said, and still my Mediawiki complained when I tried to upload executable files and things with funny file extensions or mime types. if $wgFileExtensions is empty but $wgEnableUploads = true and $wgStrictFileExtensions = false it should just let me upload anything. I can’t think what other behaviour one would expect there, but set like that I can’t upload my dodgy files.
So I’ve removed the code it uses to check.
Here’s a pair of diffs if you’d also like to do this. These are on version 1.17.0 but I suspect it’s not changed very much.
This just comments out the two blocks of code in UploadBase.php which check whether files are considered safe and warn if they’re not – it prevents the checking and the warning:
wiki:/home/wiki/public_html# diff includes/upload/UploadBase.php includes/upload/UploadBase.php.bak
447,455c447,454
< // ## Avi Commented this out so that we can upload whatever we like to our server. That was nice of him
< // // Check whether the file extension is on the unwanted list
< // global $wgCheckFileExtensions, $wgFileExtensions;
< // if ( $wgCheckFileExtensions ) {
< // if ( !$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) {
< // $warnings['filetype-unwanted-type'] = $this->mFinalExtension;
< // }
< // }
< //
---
> // Check whether the file extension is on the unwanted list
> global $wgCheckFileExtensions, $wgFileExtensions;
> if ( $wgCheckFileExtensions ) {
> if ( !$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) {
> $warnings['filetype-unwanted-type'] = $this->mFinalExtension;
> }
> }
>
557,570c556,569
< // ## Avi Commented this out so that we can upload whatever we like to our server. That was nice of him
< // /* Don't allow users to override the blacklist (check file extension) */
< // global $wgCheckFileExtensions, $wgStrictFileExtensions;
< // global $wgFileExtensions, $wgFileBlacklist;
< // if ( $this->mFinalExtension == '' ) {
< // $this->mTitleError = self::FILETYPE_MISSING;
< // return $this->mTitle = null;
< // } elseif ( $this->checkFileExtensionList( $ext, $wgFileBlacklist ) ||
< // ( $wgCheckFileExtensions && $wgStrictFileExtensions &&
< // !$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) ) {
< // $this->mTitleError = self::FILETYPE_BADTYPE;
< // return $this->mTitle = null;
< // }
< //
---
>
> /* Don't allow users to override the blacklist (check file extension) */
> global $wgCheckFileExtensions, $wgStrictFileExtensions;
> global $wgFileExtensions, $wgFileBlacklist;
> if ( $this->mFinalExtension == '' ) {
> $this->mTitleError = self::FILETYPE_MISSING;
> return $this->mTitle = null;
> } elseif ( $this->checkFileExtensionList( $ext, $wgFileBlacklist ) ||
> ( $wgCheckFileExtensions && $wgStrictFileExtensions &&
> !$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) ) {
> $this->mTitleError = self::FILETYPE_BADTYPE;
> return $this->mTitle = null;
> }
>
And this just stops Setup.php making-safe the $wgFileExtensions array by removing whatever’s in $wgFileBlacklist from it, which I think wouldn’t complain had I not already done Bad Things to those two variables, but it’s late and it can’t hurt to turn this off, too:
wiki:/home/wiki/public_html# diff includes/Setup.php includes/Setup.php.bak
296,298c296,297
< // ## Avi Commented this out so we can upload whatever we like to our server. That was nice of him
< //# Blacklisted file extensions shouldn't appear on the "allowed" list
< //$wgFileExtensions = array_diff ( $wgFileExtensions, $wgFileBlacklist );
---
> # Blacklisted file extensions shouldn't appear on the "allowed" list
> $wgFileExtensions = array_diff ( $wgFileExtensions, $wgFileBlacklist );