https://bugzilla.wikimedia.org/show_bug.cgi?id=54181
Andre Klapper <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |WONTFIX --- Comment #5 from Andre Klapper <[email protected]> --- I intentionally set it to Off. This is unfortunately not logged in the audit log. Reverting the revert and WONTFIXing. See bug 51839 comment 10 for background. As allow_attachment_display says, "This is a security restriction for installations where untrusted users may upload attachments that could be potentially damaging if viewed directly in the browser." Which is the case for Wikimedia Bugzilla. RedHat Bugzilla also uses Off, and to my surprise Mozilla Bugzilla uses On. The fact that Bugzilla also blocks displaying PNG attachments etc (no filtering on MIME types possible, as far as I know) might be worth an upstream ticket. If the world agreed that PNGs are safe. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
