Hi.
I'm working on getting wikipedia wiki fully installed for
http://www.consumerium.org/wiki/
and I just got the uploading setting to work so that uploading works,
but...
As I checked where it put the test file I noticed the the png I had
uploaded had permissions set to -rwxr-xr-x
which is not a good thing.
Imagine:
1. Upload whack_the_database.php
2. Point your browser to uploadpath/whack_the_database.php assuming it
has access to LocalSettigs.php
I heard from taw at #wikipedia that the upload code should make the
files _not executable_ which is not what it did.
He tracked it down to the bug being in move_uploaded_file(
$wpUploadTempName, $wgSavedFile ) or near it.
Could someone take a look at this?
My CVS-dump is dated 22.2.2003
regards, Juho Heikkurinen