User "Platonides" posted a comment on MediaWiki.r29939. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/29939#c26008 Commit summary:
Restore the complete prohibition on action=raw with arbitrary script entry points. While only MSIE is known to let the URL's "extension" override the allowed mime types, other browsers will still happily download a file with the name from the URL. That seems unwise as the content may be arbitrary (and perhaps executable). Comment: It had been allowed in r12922 _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
