Yifan (Eric) Jiang wrote:
Hi all,
We have a mediawiki site for our staff members to document their
technical works, therefore we'd like to upload some source codes or
patch files other than images or .doc and .pdf format. For example,
.diff, .patch, .tar.gz, .xml, .conf, .sh, .pl, .py, .c.
However we are not quite sure if there is any security concern about
this issue. Does anyone experience this before?
Thanks
Eric
The server the files MUST NOT try to run the .sh/.pl/.py files as cgi.
Your users shouldn't choose the Open action on downloading if it would
run the file.