Hi,
in release notes of mw 1.16.4 the following was suggested:
It is necessary to upgrade MediaWiki to avoid an XSS vulnerability for Internet Explorer clients, version 6 and earlier. Also, if you used the Apache configuration I suggested in the previous release announcement, you should update it to:
RewriteEngine On RewriteCond %{QUERY_STRING} .[a-z0-9]{1,4}(#|?|$) [nocase] RewriteRule . - [forbidden]
Is this still suggested in the latest version? I have several problems with file upload, when the option is enabled...
Best regards, Johannes Weberhofer