http://www.mediawiki.org/wiki/Special:Code/MediaWiki/72892
Revision: 72892
Author: tstarling
Date: 2010-09-13 06:29:15 +0000 (Mon, 13 Sep 2010)
Log Message:
-----------
MS Office creates vulnerabilities also, per comment on r72890.
Modified Paths:
--------------
trunk/phase3/includes/DefaultSettings.php
Modified: trunk/phase3/includes/DefaultSettings.php
===================================================================
--- trunk/phase3/includes/DefaultSettings.php 2010-09-13 05:40:29 UTC (rev
72891)
+++ trunk/phase3/includes/DefaultSettings.php 2010-09-13 06:29:15 UTC (rev
72892)
@@ -503,9 +503,9 @@
* This is the list of preferred extensions for uploading files. Uploading
files
* with extensions not in this list will trigger a warning.
*
- * WARNING: If you add any OpenDocument file formats here, such as odt, ods or
- * odp, and untrusted users are allowed to upload files, then your wiki will
be
- * vulnerable to cross-site request forgery (CSRF).
+ * WARNING: If you add any OpenOffice or Microsoft Office file formats here,
+ * such as odt or doc, and untrusted users are allowed to upload files, then
+ * your wiki will be vulnerable to cross-site request forgery (CSRF).
*/
$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg' );
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
