[pmwiki-users] Is allowing uploading of html files a security problem?
info at theburroughsproject.com
info at theburroughsproject.com
Thu Aug 3 17:36:25 CDT 2006
I've set my uploads so that htm and html files are not allowed. I
figured that I didn't want someone uploading webpages with javascripts
embedded into them. I thought that was supposed to be a security issue.
But then I noticed that if I remove the .html extension, I can upload
the file, which will still open in a browser as an html file.
Then I noticed that pmwiki allows uploading of htm files. Am I missing
something? Is this not a security issue?
More information about the pmwiki-users
mailing list