[Mediawiki-l] A couple of cookbook questions
Charles.Martin at Sun.COM
Tue Jan 16 18:04:58 UTC 2007
Kasimir Gabert wrote:
> Hello Charles,
> For (1) I would not allow uploads of HTML through MediaWiki -- this is
> much too big of a security hole. I would build a custom script that
> uploads files but scans through for any illegal HTML tags (do it by
> whitelist, not by blacklist) -- the script can also integrate the
> uploaded files into MediaWiki *after* it has passed the security
Okay, thanks, but this is under pretty tight control. Let's say I
*really* *really* wanted to do this, even with security concerns in
mind. Let's say, further, that I've already taken HTML types out of
$wgFileBlacklist, text/html and similar types out of
$wgMimeTypeBlacklist, and set $wgCheckFileExtensions,
$wgStrictFileExtensions, and $wgVeryfyMimeType all to false ...
and I still get an error and it refuses to upload my html files.
What am I missing?
> For (2) It seems to me that you do not have "diff3" installed on your
> machine. Type in "which diff3" and see whether or not you have it
> installed. You might need to change it to a different diff engine, or
> install the proper one.
I appear to have a proper diff3, but what I'm getting as a result is a
file called "index.php" with these contents (inserted as a quote to make
it stand out):
> Type=Diff text
> Special namespace=Special
> [File 2]
Does this give anyone any clues?
Charles R. Martin | Sr Staff Engineer | Sun Microsystems
charles.martin at sun.com
More information about the MediaWiki-l