Petko Yotov wrote:
[...]
>Some Apache installations try to execute a file which has ".php", ".pl" or
>".cgi" anywhere in the filename, for example, "test.php.txt" may be
>executed. To disallow such files to be uploaded via the PmWiki interface,
>add to config.php such a line:
>
> $UploadBlacklist = array('.php', '.pl', '.cgi');
another possibility is to disallow file names with more than one dot.
Even more restrictive but it would repair the whitelist approach.
Oliver
--
Oliver Betz, Munich http://oliverbetz.de/
_______________________________________________
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
