[Phpwiki-talk] Uploading files into Phpwiki

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

Few days ago, I recieved a claim from a customer in our company about =
not being able to upload a ".pl" file into phpwiki. As you know ".pl" =
files and others are not allowed to be uploaded for security reasons.
This raised several questions in my team:

- What is the risk?
- Is the risk due to the usage of attachments by phpWiki?
- Could the risk be related to apache and upload directory =
configurations ?
- If we configure apache to not execute files in the upload directory, =
will be then a risk to run those files into the server?=20

Is there any illustration/evidence related to the subject that was =
identified or discussed before.

What do you advise ?

Thanks,
Sabri LABBENE.