r72892 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r72891‎ \| r72892 \| r72893 >
Date:	06:29, 13 September 2010
Author:	tstarling
Status:	ok
Tags:
Comment:	MS Office creates vulnerabilities also, per comment on r72890.
Modified paths:	/trunk/phase3/includes/DefaultSettings.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/DefaultSettings.php
—	—	@@ -503,9 +503,9 @@
504	504	* This is the list of preferred extensions for uploading files. Uploading files
505	505	* with extensions not in this list will trigger a warning.
506	506	*
507		~~- * WARNING: If you add any OpenDocument file formats here, such as odt, ods or~~
508		~~- * odp, and untrusted users are allowed to upload files, then your wiki will be~~
509		~~- * vulnerable to cross-site request forgery (CSRF).~~
	507	+ * WARNING: If you add any OpenOffice or Microsoft Office file formats here,
	508	+ * such as odt or doc, and untrusted users are allowed to upload files, then
	509	+ * your wiki will be vulnerable to cross-site request forgery (CSRF).
510	510	*/
511	511	$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg' );
512	512

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r72890	Added some warnings for some upload security issues, such as allowing OpenDoc...	tstarling	04:05, 13 September 2010

Status & tagging log

11:31, 9 October 2010 Hashar (talk | contribs) changed the status of r72892 [removed: new added: ok]