#1 security problem

[Lilliput]

Your project is very good. I would like to let
everyuser create documentation on my website. After
playing around all functionality which are pretty fine,
I have tried to create a php code in one of them
creating an php extension. the php code was create and
was runnable.

(a simple way to correct this security hole is to force
the extension=> .xml, .svg, ... )