https://bugzilla.wikimedia.org/show_bug.cgi?id=26059
Richard Guk <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #22 from Richard Guk <[email protected]> 2012-02-25 21:52:04 UTC --- But what if there were no <heading> tags, or none in the first 1KB? To add to my confusion, there's already an optional exemption in UploadBase.php to allow SVG files containing "<title" (which is an IE sniff tag) - http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/upload/UploadBase.php?revision=111103&view=markup On the other hand, UploadBase.php does not test for other sniff tags (such as "<plaintext" for IE7, which presumably applies also to IE6) are not tested for - http://webblaze.cs.berkeley.edu/2009/content-sniffing/ Does this mean that the Berkeley list is too broad, or that there is a potential vulnerability in MediaWiki? -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
