Page MenuHomePhabricator
Create Task
Maniphest T2874

cgi extension should be added to wgFileBlacklist
Closed, ResolvedPublic
Actions

Description

Author: rsiklos

Description:
The $wgFileBlacklist variable in DefaultSettings.php should include 'cgi', since
those kinds of files may run arbitrary code (just like php or pl)

Version: 1.3.x
Severity: normal

Details

Reference
bz874

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 7:04 PM
bzimport added a project: MediaWiki-Uploading.
bzimport set Reference to bz874.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Nov 13 2004, 5:14 AM
bzimport added a comment.Nov 13 2004, 3:05 PM

jeluf wrote:

Fixed in CVS HEAD and REL1_3.

Gilles added a project: Multimedia.Dec 4 2014, 10:46 AM
Gilles moved this task from Untriaged to Done on the Multimedia board.Dec 4 2014, 10:48 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits