[pmwiki-users] Is allowing uploading of html files a security problem?

info at theburroughsproject.com info at theburroughsproject.com
Thu Aug 3 17:36:25 CDT 2006

I've set my uploads so that htm and html files are not allowed. I
figured that I didn't want someone uploading webpages with javascripts
embedded into them. I thought that was supposed to be a security issue.

But then I noticed that if I remove the .html extension, I can upload
the file, which will still open in a browser as an html file. 

Then I noticed that pmwiki allows uploading of htm files. Am I missing
something? Is this not a security issue? 

More information about the pmwiki-users mailing list