aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon McVittie <smcv@debian.org>2016-05-06 07:46:58 +0100
committerSimon McVittie <smcv@debian.org>2016-05-06 07:49:50 +0100
commit1ae01a592f50c938d9e1b1e6b7753f16970e3731 (patch)
tree106967f0f8b52cbd670492d029ce8194d24e5405
parentdea96e51136ee44971f3e3dafad67f8a5e111c50 (diff)
downloadikiwiki-1ae01a592f50c938d9e1b1e6b7753f16970e3731.tar
ikiwiki-1ae01a592f50c938d9e1b1e6b7753f16970e3731.tar.gz
Do not recommend mimetype(image/*)
Not all image file types are safe for general use: in particular, image/svg+xml is known to be vulnerable to CVE-2016-3714 under some ImageMagick configurations.
-rw-r--r--doc/ikiwiki/pagespec/attachment.mdwn2
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/ikiwiki/pagespec/attachment.mdwn b/doc/ikiwiki/pagespec/attachment.mdwn
index fa2bc5867..868fb2310 100644
--- a/doc/ikiwiki/pagespec/attachment.mdwn
+++ b/doc/ikiwiki/pagespec/attachment.mdwn
@@ -12,7 +12,7 @@ while allowing larger mp3 files to be uploaded by joey into a specific
directory, and check all attachments for viruses, something like this could be
used:
- virusfree() and ((user(joey) and podcast/*.mp3 and mimetype(audio/mpeg) and maxsize(15mb)) or (mimetype(image/*) and maxsize(50kb)))
+ virusfree() and ((user(joey) and podcast/*.mp3 and mimetype(audio/mpeg) and maxsize(15mb)) or ((mimetype(image/jpeg) or mimetype(image/png)) and maxsize(50kb)))
The regular [[ikiwiki/PageSpec]] syntax is expanded with the following
additional tests: