9.135
Bearbeitungen
Änderungen
keine Bearbeitungszusammenfassung
==mime type check abstellen (für zip etc.)==
<s>$wgVerifyMimeType = false;</s>
http://www.mediawiki.org/wiki/Manual:$wgVerifyMimeType
Auszug Konfiguration Bundeswiki
<pre>
#$wgVerifyMimeType = false;
$wgMimeTypeBlacklist= array(
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
# A ZIP file may be a valid Java archive containing an applet which exploits the
# same-origin policy to steal cookies
# Wir brauchen aber .zip
#'application/zip',
);
</pre>