[Pkg-mediawiki-devel] Bug#716957: Bug#716957: [mediawiki] Upload of pdf files via IE still possible under default settings
Thorsten Glaser
t.glaser at tarent.de
Tue Jul 16 11:14:43 UTC 2013
On Tue, 16 Jul 2013, Philippe Teuwen wrote:
> There are inconsistencies that can lead to an overlooked security issue
> in some setups, call it as you want.
Right.
> Now the good news is that the behavior is not showing up with the
> default settings.
\o/
> For me, answers ti those questions are still quite fuzzy:
> * $wgCheckFileExtensions = false and $wgStrictFileExtensions = true then
> pdf upload is working from IE but not from Chrome or Firefox, that's
That’s inconsistent, but also an inconsistent setup.
Maybe something like this:
if ($wgStrictFileExtensions)
$wgCheckFileExtensions = true;
> * why pdf is by default not in $wgFileExtensions but present in
> $wgTrustedMediaFormats?
Let’s delegate these two to upstream ☺
> * Is is wise to let by default "application/pdf" in the
> $wgTrustedMediaFormats list?
Yes.
bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Sebastian Mancke
More information about the Pkg-mediawiki-devel
mailing list