Skip to content
Snippets Groups Projects
Select Git revision
  • refctorHTTPCLient
  • fix-zero
  • issue2721
  • master default protected
  • psr2
  • fixNoticesCLI
  • issue2665
  • issue2517
  • rmdir
  • old-stable
  • stable
  • extcli
  • HTTPClientAgent
  • issue2366
  • betterDeprecationComment
  • issue1569
  • fixGetVersion
  • testfixes
  • psr2-plugin
  • renameParam
  • release_stable_2017-02-19f
  • release_stable_2018-04-22b
  • release_stable_2018-04-22a
  • release_stable_2018-04-22
  • release_stable_2016-06-26e
  • release_stable_2017-02-19e
  • release_stable_2016-06-26d
  • release_stable_2017-02-19d
  • release_stable_2016-06-26c
  • release_stable_2017-02-19c
  • release_stable_2016-06-26b
  • release_stable_2017-02-19b
  • release_stable_2017-02-19a
  • release_stable_2017-02-19
  • release_stable_2016-06-26a
  • release_stable_2016-06-26
  • release_stable_2015-08-10a
  • release_stable_2015-08-10
  • release_stable_2014_05_05e
  • release_stable_2014_09_29d
40 results
Compare
user avatar
Test uploaded files for HTML tags FS#1077
Andreas Gohr authored 
Following the problem with IE's mimetype handling described at
http://www.splitbrain.org/blog/2007-02/12-internet_explorer_facilitates_cross_site_scripting
this patch adds a new option (on by default) to check the first 256
bytes of uploaded files against a list of a few HTML tags and denies
the upload of such a file. In rare occasions this may block harmless
and valid files, but that's price we have to pay for Microsoft's
stupidity.

Users who need HTML uploads should disable this check. (Don't do that on
open Wikis!)

darcs-hash:20070224124458-7ad00-0ced616d06f563515b36a0a6871b5ba50229c946.gz
26ceae18
History
user avatar 26ceae18
History
Name Last commit Last update