[pmwiki-users] PmWiki 2.2.49 released
list_ob at gmx.net
Mon Apr 1 03:10:03 CDT 2013
Petko Yotov wrote:
>Some Apache installations try to execute a file which has ".php", ".pl" or
>".cgi" anywhere in the filename, for example, "test.php.txt" may be
>executed. To disallow such files to be uploaded via the PmWiki interface,
>add to config.php such a line:
> $UploadBlacklist = array('.php', '.pl', '.cgi');
another possibility is to disallow file names with more than one dot.
Even more restrictive but it would repair the whitelist approach.
Oliver Betz, Munich http://oliverbetz.de/
More information about the pmwiki-users