[Pmwiki-users] Re: more thoughts on .htaccess

Patrick R. Michaud pmichaud
Tue Dec 7 07:35:45 CST 2004


On Tue, Dec 07, 2004 at 07:59:56AM -0500, Neil Herber wrote:
> 
> This might be excessively restrictive as long as the only upload method is 
> via PmWiki. It provides some protection by limiting the allowable 
> extensions on an upload as well as limiting the size of the upload. I was 
> initially concerned to see that ".exe" was an allowable extension in the 
> defaults, but that does not seem to pose any danger to the server. It 
> certainly could pose a danger to a client who downloads the ".exe".

In early versions of the upload.php script the ".exe" extension was
disallowed, but something caused me to change my mind and go ahead and
allow ".exe" as an available upload type.  It might pose a danger to IIS
servers, but I dunno.  I can always remove the .exe default and leave
it as a local customization if we want to do that.

Pm



More information about the pmwiki-users mailing list