From 9ef6d287202c7bee93c541cd240d30a2f832c4c8 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Sun, 19 Jul 2009 19:41:56 +0000
Subject: [PATCH] * (bug 19355) Added .xhtml, .xht to upload file extension
 blacklist

---
 RELEASE-NOTES                | 1 +
 includes/DefaultSettings.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 9d2a265e9f..ddccf5ee90 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -293,6 +293,7 @@ this. Was used when mwEmbed was going to be an extension.
 * (bug 19761) Removed autogenerated <meta keywords> tag with link data.
   Keyword set was not useful, and is ignored by modern search engines anway.
 * (bug 19827) Special:SpecialPages title is "Upload file
+* (bug 19355) Added .xhtml, .xht to upload file extension blacklist
 
 == API changes in 1.16 ==
 
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 4ad8bbd93d..99ef085faf 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -2014,7 +2014,7 @@ $wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg' );
 /** Files with these extensions will never be allowed as uploads. */
 $wgFileBlacklist = array(
 	# HTML may contain cookie-stealing JavaScript and web bugs
-	'html', 'htm', 'js', 'jsb', 'mhtml', 'mht',
+	'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht',
 	# PHP scripts may execute arbitrary code on the server
 	'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
 	# Other types that may be interpreted by some servers
-- 
2.20.1