From 40ced5f985e99a27b07e5a7ceb3322e466a9b330 Mon Sep 17 00:00:00 2001 From: Tim Starling Date: Mon, 13 Sep 2010 06:29:15 +0000 Subject: [PATCH] MS Office creates vulnerabilities also, per comment on r72890. --- includes/DefaultSettings.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 328f8491b1..af68a550fe 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -503,9 +503,9 @@ $wgRepositoryBaseUrl = "http://commons.wikimedia.org/wiki/File:"; * This is the list of preferred extensions for uploading files. Uploading files * with extensions not in this list will trigger a warning. * - * WARNING: If you add any OpenDocument file formats here, such as odt, ods or - * odp, and untrusted users are allowed to upload files, then your wiki will be - * vulnerable to cross-site request forgery (CSRF). + * WARNING: If you add any OpenOffice or Microsoft Office file formats here, + * such as odt or doc, and untrusted users are allowed to upload files, then + * your wiki will be vulnerable to cross-site request forgery (CSRF). */ $wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg' ); -- 2.20.1