From b30dd803e3c33cfc9508b0516744b0bb95be4d09 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <gohr@cosmocode.de>
Date: Tue, 2 Dec 2014 16:18:26 +0100
Subject: disable flash uploading by default

Thanks to Kacper Szurek for reporting this
---
 conf/mime.conf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'conf')

diff --git a/conf/mime.conf b/conf/mime.conf
index 2a50fab10..c2e03b775 100644
--- a/conf/mime.conf
+++ b/conf/mime.conf
@@ -9,7 +9,6 @@ gif     image/gif
 png     image/png
 ico     image/vnd.microsoft.icon
 
-swf     application/x-shockwave-flash
 mp3     audio/mpeg
 ogg     audio/ogg
 wav     audio/wav
@@ -66,3 +65,7 @@ odt     !application/vnd.oasis.opendocument.text
 #xml     text/xml
 #csv     text/csv
 
+# Also flash may be able to execute arbitrary scripts in the website's
+# context
+#swf     application/x-shockwave-flash
+
-- 
cgit v1.2.3