[Mediawiki-l] File upload help

Rob Church robchur at gmail.com
Fri May 11 16:27:05 UTC 2007


On 11/05/07, Oliver Schalch <schalch at gmail.com> wrote:
> Aint $wgFileBlacklist has highest priority, so you have no way to upload
> files with extension in the blacklist, even if you add to $wgFileExtensions
> array.
>
> I guess, he has to remove the 'cmd' from DefaultSettings.php...

The file blacklist is for your safety and your users' safety. Removing
the extension from the blacklist would mean that a malicious user
would be able to upload a Windows command line script (equivalent to a
shell script) which could lead to execution rights on the client if
downloaded, especially since Windows has an annoying habit of
executing things left, right and centre.

You therefore remove this from the blacklist at your own risk.


Rob Church



More information about the MediaWiki-l mailing list