Kasimir Gabert wrote:
Hello Charles,
For (1) I would not allow uploads of HTML through MediaWiki -- this is
much too big of a security hole. I would build a custom script that
uploads files but scans through for any illegal HTML tags (do it by
whitelist, not by blacklist) -- the script can also integrate the
uploaded files into MediaWiki *after* it has passed the security
inspection.
Okay, thanks, but this is under pretty tight control. Let's say I
*really* *really* wanted to do this, even with security concerns in
mind. Let's say, further, that I've already taken HTML types out of
$wgFileBlacklist, text/html and similar types out of
$wgMimeTypeBlacklist, and set $wgCheckFileExtensions,
$wgStrictFileExtensions, and $wgVeryfyMimeType all to false ...
and I still get an error and it refuses to upload my html files.
What am I missing?
For (2) It seems to me that you do not have "diff3" installed on your
machine. Type in "which diff3" and see whether or not you have it
installed. You might need to change it to a different diff engine, or
install the proper one.
I appear to have a proper diff3, but what I'm getting as a result is a
file called "index.php" with these contents (inserted as a quote to make
it stand out):
Does this give anyone any clues?
Thanks,
Charlie
--
Charles R. Martin | Sr Staff Engineer | Sun Microsystems
charles.martin(a)sun.com