https://bugzilla.wikimedia.org/show_bug.cgi?id=25131

Rob Halsell <rhals...@wikimedia.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #2 from Rob Halsell <rhals...@wikimedia.org> 2010-09-13 13:01:40 
UTC ---
In reviewing this with some of the tech staff, it seems that indeed, open
office file formats are not allowed on public projects.  Upload of a
maliciously crafted OpenOffice document leads to CSRF. Any public wiki with
OpenOffice uploads enabled is vulnerable.

That pretty much means we do not enable them on public wikis.  Right now your
wiki is both public, open registration, and anyone can edit.  So we cannot
enable these file types on the project.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to