Yifan (Eric) Jiang wrote:
Hi all,
We have a mediawiki site for our staff members to document their technical works, therefore we'd like to upload some source codes or patch files other than images or .doc and .pdf format. For example, .diff, .patch, .tar.gz, .xml, .conf, .sh, .pl, .py, .c.
However we are not quite sure if there is any security concern about this issue. Does anyone experience this before?
Thanks
Eric
The server the files MUST NOT try to run the .sh/.pl/.py files as cgi. Your users shouldn't choose the Open action on downloading if it would run the file.