Tim Starling wrote:
In the meantime, site administrators can apply the
following patch to
their 1.5 or 1.6 installations:
http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-January/013086.html
Users of 1.4 should either upgrade to 1.5 or disable uploads.
Since the default upload filetype whitelist includes only some image types which
are verified at upload time with getimagesize() type checking, the default
configuration plus uploads enabled should not allow for such uploads.
If you have added other extensions to the whitelist which aren't recognized
internally (eg, OGG), then you should be careful as above.
-- brion vibber (brion @
pobox.com)