Hi, WMU (wikia mini upload, the "new! upload images" link in edit form on Monaco) extension has a bug: Once the image has been uploaded, it lets you to specify the destination filename, and you can erase the extension of the image and then upload an image without extension. This must not be allowed: <http://www.wikia.com/wiki/Image:Ejemplo>
When fixing this issue, please have in mind to check that the extension remains unchanged and not only check if substring(filename.length-4, 1) = ".". I was able to upload a CSS file uploaded as a test.ods and then changed to test.css: <http://www.wikia.com/wiki/Image:Test.css> Seeing that, i guess this extension could have other several security issues. Also, it doesn't allow to select a license (other than the CC-BY-SA), nor input a description of the file, adding extra work to sysops to maintain those files uploaded. Reards, -Jesús -Ciencia Al Poder _______________________________________________ Wikia Community Mailing List. For information and subscriptions see http://lists.wikia.com/mailman/listinfo/wikia-l Need staff help? Try http://www.wikia.com/wiki/Special:Contact
