diff MoinMoin/web/static/htdocs/applets/FCKeditor/editor/filemanager/connectors/py/config.py @ 6113:a0ec7f89be84

upgrade FCKEditor to 2.6.11
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 20 Sep 2016 05:46:18 +0200
parents 9c27b8589342
children
line wrap: on
line diff
--- a/MoinMoin/web/static/htdocs/applets/FCKeditor/editor/filemanager/connectors/py/config.py	Wed Sep 07 04:31:59 2016 +0200
+++ b/MoinMoin/web/static/htdocs/applets/FCKeditor/editor/filemanager/connectors/py/config.py	Tue Sep 20 05:46:18 2016 +0200
@@ -117,6 +117,9 @@
 #		Attention: The above 'QuickUploadPath' must point to the same directory.
 #		Attention: It must end with a slash: '/'
 
+# WARNING: It is recommended to remove swf extension from the list of allowed extensions.
+# SWF files can be used to perform XSS attack.
+
 AllowedExtensions['File'] 		= ['7z','aiff','asf','avi','bmp','csv','doc','fla','flv','gif','gz','gzip','jpeg','jpg','mid','mov','mp3','mp4','mpc','mpeg','mpg','ods','odt','pdf','png','ppt','pxd','qt','ram','rar','rm','rmi','rmvb','rtf','sdc','sitd','swf','sxc','sxw','tar','tgz','tif','tiff','txt','vsd','wav','wma','wmv','xls','xml','zip']
 DeniedExtensions['File'] 		= []
 FileTypesPath['File'] 			= UserFilesPath + 'file/'