On 11/05/07, Oliver Schalch <schalch(a)gmail.com> wrote:
Aint $wgFileBlacklist has highest priority, so you
have no way to upload
files with extension in the blacklist, even if you add to $wgFileExtensions
array.
I guess, he has to remove the 'cmd' from DefaultSettings.php...
The file blacklist is for your safety and your users' safety. Removing
the extension from the blacklist would mean that a malicious user
would be able to upload a Windows command line script (equivalent to a
shell script) which could lead to execution rights on the client if
downloaded, especially since Windows has an annoying habit of
executing things left, right and centre.
You therefore remove this from the blacklist at your own risk.
Rob Church