Re: [Phpwiki-talk] phpwiki-1.3.13 released

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Sure.
But I forgot to mentioned it in the ReleaseNotes

We have new in UpLoad:

; Upload into seperate userdirs. If enabled (default since 1.3.13) the
generated Upload: link
; will include the username plus "/". This will make all uploaded
links longer, but we
; avoid nameclashes and you see who uploaded what file.
;UPLOAD_USERDIR = false

; By setting DISABLE_UPLOAD_ONLY_ALLOWED_EXTENSIONS to true, you get
; back the old behaviour to check only *bad* extensions of uploaded
; files. However a server may treat other files with certain handlers,
; like executable scripts, so we disable now everything and enable
; only some extension.  See lib/plugin/UpLoad.php.
; Default: false
;DISABLE_UPLOAD_ONLY_ALLOWED_EXTENSIONS = false

; Override the default uploads dir. We have to define the local file path,
; and the webpath (DATA_PATH). Ensure an ending slash on both.
;UPLOAD_FILE_PATH = /var/www/htdocs/uploads/
;UPLOAD_DATA_PATH = /uploads/

; The maximum file upload size, in bytes.
; The default, 16777216, is 16MB.
MAX_UPLOAD_SIZE = 16777216

2007/6/8, Harold Hallikainen <ha...@ha...>:
> Does the new release deal with the upload problem I found (or a hacker
> found on my system? That is, they were able to upload and execute a php3.
> It'd be nice if we had a list of allowed file types instead of a list of
> disallowed types.
-- 
Reini Urban
http://phpwiki.org/              http://murbreak.at/
http://spacemovie.mur.at/   http://helsinki.at/