Test uploaded files for HTML tags FS#1077
Following the problem with IE's mimetype handling described at http://www.splitbrain.org/blog/2007-02/12-internet_explorer_facilitates_cross_site_scripting this patch adds a new option (on by default) to check the first 256 bytes of uploaded files against a list of a few HTML tags and denies the upload of such a file. In rare occasions this may block harmless and valid files, but that's price we have to pay for Microsoft's stupidity. Users who need HTML uploads should disable this check. (Don't do that on open Wikis!) darcs-hash:20070224124458-7ad00-0ced616d06f563515b36a0a6871b5ba50229c946.gz
Showing
- conf/dokuwiki.php 1 addition, 0 deletionsconf/dokuwiki.php
- inc/lang/en/lang.php 2 additions, 1 deletioninc/lang/en/lang.php
- inc/media.php 16 additions, 3 deletionsinc/media.php
- lib/plugins/config/lang/en/lang.php 1 addition, 0 deletionslib/plugins/config/lang/en/lang.php
- lib/plugins/config/settings/config.metadata.php 1 addition, 0 deletionslib/plugins/config/settings/config.metadata.php
Loading
Please register or sign in to comment