Brion Vibber wrote:
# Files with these extensions will never be allowed as uploads. $wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs "html", "htm", # PHP scripts may execute arbitrary code on the server "php", "phtml", "php3", "php4", "phps", # Other types that may be interpreted by some servers "shtml", "jhtml", "pl", "py", # May contain harmful executables for Windows victims "exe", "scr", "dll", "msi", "vbs", "bat", "com", "pif" );
You might want to add "cmd", "vxd", and "cpl" to the latter list.
Timwi