From: Brian Wolff <bawolff+wn@gmail.com>
Date: Fri, 22 Feb 2019 04:31:56 +0000 (+0000)
Subject: Add .phar to $wgFileBlacklist as a paranoia measure
X-Git-Tag: 1.34.0-rc.0~2741^2
X-Git-Url: http://git.cyclocoop.org/fichier?a=commitdiff_plain;h=2be26155ecdff6351ad7d664b416f108191942f9;p=lhc%2Fweb%2Fwiklou.git

Add .phar to $wgFileBlacklist as a paranoia measure

Seems like it can't hurt.

Change-Id: I833dd95742d7de772833c738ca7f5403e57bc2f4
---

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 92865915e8..5ede1184c5 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -940,7 +940,7 @@ $wgFileBlacklist = [
 	# HTML may contain cookie-stealing JavaScript and web bugs
 	'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht',
 	# PHP scripts may execute arbitrary code on the server
-	'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
+	'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'phar',
 	# Other types that may be interpreted by some servers
 	'shtml', 'jhtml', 'pl', 'py', 'cgi',
 	# May contain harmful executables for Windows victims