Brion Vibber wrote:
Smarter "evil JAR detection" that pokes through the ZIP file index looking for Java classes and blocks the specific file would be a nice addition, particularly if we were to do something foolish like enable OpenDocument uploads on general-access sites. :)
There is a Zip extension for PHP which might be handy for this purpose, though of course it's not enabled by default and may not be present on any given setup. :(
Just make sure it'll fail gracefully if someone tries to upload 42.zip.