[pmwiki-users] PmWiki 2.2.49 released

Oliver Betz list_ob at gmx.net
Mon Apr 1 03:10:03 CDT 2013

Petko Yotov wrote:


>Some Apache installations try to execute a file which has ".php", ".pl" or  
>".cgi" anywhere in the filename, for example, "test.php.txt" may be  
>executed. To disallow such files to be uploaded via the PmWiki interface,  
>add to config.php such a line:
>  $UploadBlacklist = array('.php', '.pl', '.cgi');

another possibility is to disallow file names with more than one dot.
Even more restrictive but it would repair the whitelist approach.

Oliver Betz, Munich http://oliverbetz.de/

More information about the pmwiki-users mailing list