Hi.
I'm working on getting wikipedia wiki fully installed for http://www.consumerium.org/wiki/ and I just got the uploading setting to work so that uploading works, but...
As I checked where it put the test file I noticed the the png I had uploaded had permissions set to -rwxr-xr-x which is not a good thing.
Imagine: 1. Upload whack_the_database.php 2. Point your browser to uploadpath/whack_the_database.php assuming it has access to LocalSettigs.php
I heard from taw at #wikipedia that the upload code should make the files _not executable_ which is not what it did.
He tracked it down to the bug being in move_uploaded_file( $wpUploadTempName, $wgSavedFile ) or near it.
Could someone take a look at this?
My CVS-dump is dated 22.2.2003
regards, Juho Heikkurinen