https://bugzilla.wikimedia.org/show_bug.cgi?id=28235
Alphos <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #10 from Alphos <[email protected]> 2011-04-13 04:39:30 UTC --- If we consider .exe to be "dangerous" seing as IE 6 will ask if you want to run the application, we might as well block .7z, .m4a, and .mp3 : http://en.m.wikipedia.org/wiki?search=Data.7z http://en.m.wikipedia.org/wiki?search=Data.m4a http://en.m.wikipedia.org/wiki?search=Data.mp3 Digits may appear anywhere in a file extension, so the [a-z] class is fundamentally flawed. I'd recommend switching to \.[a-z0-9]{1,4}$, while keeping the case insensitivity, in img_auth.php, WebRequest.php, and the .htaccess -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
