--- Comment #11 from Chris Steipp <> ---
(In reply to comment #8)
> In my role as sysadmin at, I just upgraded it to 1.19.10 -
> or
> thought I had - and Chris Davis' 'sploit link still runs the demo 'sploit for
> me:
> Looking at includes/XmlTypeCheck.php and includes/upload/UploadBase.php in
> the
> RW installation, the patches in attachment 13916 [details] appear to be
> present.
> Should the demo 'sploit still work?

Yes, the patch prevents the upload, but existing files will still be there. 

Grepping for "<?xml-stylesheet" in your images would identify any that have
previously come in.

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to