Hi,
in release notes of mw 1.16.4 the following was suggested:
It is necessary to upgrade MediaWiki to avoid an XSS vulnerability for
Internet Explorer clients, version 6 and earlier. Also, if you used
the Apache configuration I suggested in the previous release
announcement, you should update it to:
RewriteEngine On
RewriteCond %{QUERY_STRING} \.[a-z0-9]{1,4}(#|\?|$) [nocase]
RewriteRule . - [forbidden]
Is this still suggested in the latest version? I have several problems with file upload,
when the option is enabled...
Best regards,
Johannes Weberhofer
--
Johannes Weberhofer
Weberhofer GmbH, Austria, Vienna