00687: able to upload files with blocked extension

Summary: able to upload files with blocked extension
Created: 2006-03-05 10:06
Status: Closed - not a bug
Category: Bug
From: iofreak?
Assigned:
Priority: 5
Version: 2.1.beta15-34
OS: FreeBSD/Apache/4.3.11

Description: Without having altered the default 'accepted' file extension list for uploads, PmWiki allowed me to upload a .exe file.


This is technically not a bug -- it's by design. When uploads were introduced there were a large number of people who felt that it was important to have '.exe' uploads enabled by default. (I disagreed, but bowed to the desires of the majority.)

.exe uploads can be disabled by setting $UploadExtSize['exe']=0;.

Pm