Product SiteDocumentation Site

5.19. File Upload

MantisBT allows users to upload file attachments and associate them with bugs as well as projects. Bug attachments / project documents can be uploaded to the webserver or database. When bugs are uploaded to the webserver they are uploaded to the path that is configured in the project properties. In case of problems getting the file upload feature to work, check the following resources: PHP Manual .
Whether to allow/disallow uploading of attachments. Default value is ON.
Specify the location for uploading attachments. In case of DISK methods you need to provide the webserver with write access rights to the configured upload path (configured in the project) and temporary upload path (used by PHP).
Whether to enable/disable drag and drop zone for uploading of attachments. Default value is ON.
Maximum number of files that can be uploaded simultaneously. Default value is 10.
Maximum file size that can be uploaded. Default value is about 5 MiB. The maximum size is also affected by the PHP options post_max_size (default 8 MiB), upload_max_filesize (default 2 MiB) and memory_limit (default 128 MiB) specified in php.ini.
Authorized file types (whitelist).
If $g_allowed_files is filled in, NO other file types will be allowed. If empty, any extensions not specifically excluded by $g_disallowed_files list will be authorized ($g_disallowed_files takes precedence over $g_allowed_files). Separate items by commas, e.g. 'bmp,gif,jpg,png,txt,zip'.
Forbidden file types (blacklist).
All file extensions in this list will be unauthorized. Separate items by commas, e.g. 'php,html,java,exe,pl,svg'.


SVG files are disabled by default, for security reasons. It is recommended to also disable all extensions that can be executed by your server.
This limit applies to previewing of image / text attachments. If the attachment size is smaller than the specified value, the attachment is previewed with the issue details. The previewing can be disabled by setting this configuration to 0. The default value is 256 * 1024 (256KB).
An array of file extensions (not including dots) for text files that can be previewed inline.
An array of file extensions (not including dots) for image files that can be previewed inline.
Specify the filename of the magic database file. This is used by PHP to guess what the MIME type of a file is. Usually it is safe to leave this setting as the default (blank) as PHP is usually able to find this file by itself.
Enable support for sending files to users via a more efficient X-Sendfile method. HTTP server software supporting this technique includes Lighttpd, Cherokee, Apache with mod_xsendfile and nginx. You may need to set the proceeding file_download_xsendfile_header_name option to suit the server you are using.
The name of the X-Sendfile header to use. Each server tends to implement this functionality in a slightly different way and thus the naming conventions for the header differ between each server. Lighttpd from v1.5, Apache with mod_xsendfile and Cherokee web servers use X-Sendfile. nginx uses X-Accel-Redirect and Lighttpd v1.4 uses X-LIGHTTPD-send-file.