Menu
▾
▴
Re: [Phpwiki-talk] Uploading files into Phpwiki
|
From: Reini U. <ru...@x-...> - 2007-03-08 17:50:26
|
2007/3/8, Sabri LABBENE <sab...@st...>: > Few days ago, I recieved a claim from a customer in our company about not being able to upload a ".pl" file into phpwiki. As you know ".pl" files and others are not allowed to be uploaded for security reasons. > This raised several questions in my team: > > - What is the risk? > - Is the risk due to the usage of attachments by phpWiki? > - Could the risk be related to apache and upload directory configurations ? > - If we configure apache to not execute files in the upload directory, will be then a risk to run those files into the server? > > Is there any illustration/evidence related to the subject that was identified or discussed before. > > What do you advise ? The risc is only due to apache or webserver or browser configurations so that people might execute unwanted programs. In a secure or trusted environments I would turn off this extensions check. Be aware of INLINE_IMAGES. This list of extensions will be inlined and executed per page view. |
