Add .phar to $wgFileBlacklist as a paranoia measure

author Brian Wolff <bawolff+wn@gmail.com>

Fri, 22 Feb 2019 04:31:56 +0000 (04:31 +0000)

committer Brian Wolff <bawolff+wn@gmail.com>

Fri, 22 Feb 2019 04:31:56 +0000 (04:31 +0000)
author Brian Wolff <bawolff+wn@gmail.com>
Fri, 22 Feb 2019 04:31:56 +0000 (04:31 +0000)
committer Brian Wolff <bawolff+wn@gmail.com>
Fri, 22 Feb 2019 04:31:56 +0000 (04:31 +0000)
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php

index 9286591..5ede118 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -940,7 +940,7 @@ $wgFileBlacklist = [
         # HTML may contain cookie-stealing JavaScript and web bugs
         'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht',
         # PHP scripts may execute arbitrary code on the server
-       'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
+       'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'phar',
         # Other types that may be interpreted by some servers
         'shtml', 'jhtml', 'pl', 'py', 'cgi',
         # May contain harmful executables for Windows victims
author	Brian Wolff <bawolff+wn@gmail.com>
	Fri, 22 Feb 2019 04:31:56 +0000 (04:31 +0000)
committer	Brian Wolff <bawolff+wn@gmail.com>
	Fri, 22 Feb 2019 04:31:56 +0000 (04:31 +0000)