From b30dd803e3c33cfc9508b0516744b0bb95be4d09 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Tue, 2 Dec 2014 16:18:26 +0100 Subject: disable flash uploading by default Thanks to Kacper Szurek for reporting this --- conf/mime.conf | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'conf') diff --git a/conf/mime.conf b/conf/mime.conf index 2a50fab10..c2e03b775 100644 --- a/conf/mime.conf +++ b/conf/mime.conf @@ -9,7 +9,6 @@ gif image/gif png image/png ico image/vnd.microsoft.icon -swf application/x-shockwave-flash mp3 audio/mpeg ogg audio/ogg wav audio/wav @@ -66,3 +65,7 @@ odt !application/vnd.oasis.opendocument.text #xml text/xml #csv text/csv +# Also flash may be able to execute arbitrary scripts in the website's +# context +#swf application/x-shockwave-flash + -- cgit v1.2.3 From 2cabdb626a8a94795a6579cdbb0f6eef0cd8dc67 Mon Sep 17 00:00:00 2001 From: Rainbow Spike Date: Wed, 10 Dec 2014 11:42:56 +1000 Subject: Update mysql.conf.php.example Fix some typos --- conf/mysql.conf.php.example | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'conf') diff --git a/conf/mysql.conf.php.example b/conf/mysql.conf.php.example index c67e77c45..8337f51b4 100644 --- a/conf/mysql.conf.php.example +++ b/conf/mysql.conf.php.example @@ -56,7 +56,7 @@ $conf['plugin']['authmysql']['TablesToLock']= array("users", "users AS u","group * of the user. If the result table is empty or contains more than one * row, access will be denied. * - * The plugin accesses the password as 'pass' so a alias might be necessary. + * The plugin accesses the password as 'pass' so an alias might be necessary. * * Following patters will be replaced: * %{user} user name @@ -107,10 +107,10 @@ $conf['plugin']['authmysql']['getGroups'] = "SELECT name as `group` /* This statement should return a table containing all user login names * that meet certain filter criteria. The filter expressions will be added * case dependend by the plugin. At the end a sort expression will be added. - * Important is that this list contains no double entries fo a user. Each + * Important is that this list contains no double entries for a user. Each * user name is only allowed once in the table. * - * The login name will be accessed as 'user' to a alias might be neseccary. + * The login name will be accessed as 'user' to an alias might be neseccary. * No patterns will be replaced in this statement but following patters * will be replaced in the filter expressions: * %{user} in FilterLogin user's login name @@ -174,7 +174,7 @@ $conf['plugin']['authmysql']['delGroup'] = "DELETE FROM groups WHERE gid='%{gid}'"; /* This statement should return the database index of a given user name. - * The plugin will access the index with the name 'id' so a alias might be + * The plugin will access the index with the name 'id' so an alias might be * necessary. * following patters will be replaced: * %{user} user name @@ -240,7 +240,7 @@ $conf['plugin']['authmysql']['delUserGroup']= "DELETE FROM usergroup AND gid='%{gid}'"; /* This statement should return the database index of a given group name. - * The plugin will access the index with the name 'id' so a alias might + * The plugin will access the index with the name 'id' so an alias might * be necessary. * * Following patters will be replaced: -- cgit v1.2.3