diff MoinMoin/web/static/htdocs/applets/FCKeditor/editor/filemanager/connectors/php/config.php @ 6113:a0ec7f89be84

upgrade FCKEditor to 2.6.11
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 20 Sep 2016 05:46:18 +0200
parents 9c27b8589342
children
line wrap: on
line diff
--- a/MoinMoin/web/static/htdocs/applets/FCKeditor/editor/filemanager/connectors/php/config.php	Wed Sep 07 04:31:59 2016 +0200
+++ b/MoinMoin/web/static/htdocs/applets/FCKeditor/editor/filemanager/connectors/php/config.php	Tue Sep 20 05:46:18 2016 +0200
@@ -119,6 +119,9 @@
 
 */
 
+// WARNING: It is recommended to remove swf extension from the list of allowed extensions.
+// SWF files can be used to perform XSS attack.
+
 $Config['AllowedExtensions']['File']	= array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
 $Config['DeniedExtensions']['File']		= array() ;
 $Config['FileTypesPath']['File']		= $Config['UserFilesPath'] . 'file/' ;