Brion Vibber wrote:
# Files with these extensions will never be allowed as
uploads.
$wgFileBlacklist = array(
# HTML may contain cookie-stealing JavaScript and web bugs
"html", "htm",
# PHP scripts may execute arbitrary code on the server
"php", "phtml", "php3", "php4",
"phps",
# Other types that may be interpreted by some servers
"shtml", "jhtml", "pl", "py",
# May contain harmful executables for Windows victims
"exe", "scr", "dll", "msi",
"vbs", "bat", "com", "pif" );
You might want to add "cmd", "vxd", and "cpl" to the latter
list.
Timwi