From 1ae01a592f50c938d9e1b1e6b7753f16970e3731 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 6 May 2016 07:46:58 +0100 Subject: Do not recommend mimetype(image/*) Not all image file types are safe for general use: in particular, image/svg+xml is known to be vulnerable to CVE-2016-3714 under some ImageMagick configurations. --- doc/ikiwiki/pagespec/attachment.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/ikiwiki') diff --git a/doc/ikiwiki/pagespec/attachment.mdwn b/doc/ikiwiki/pagespec/attachment.mdwn index fa2bc5867..868fb2310 100644 --- a/doc/ikiwiki/pagespec/attachment.mdwn +++ b/doc/ikiwiki/pagespec/attachment.mdwn @@ -12,7 +12,7 @@ while allowing larger mp3 files to be uploaded by joey into a specific directory, and check all attachments for viruses, something like this could be used: - virusfree() and ((user(joey) and podcast/*.mp3 and mimetype(audio/mpeg) and maxsize(15mb)) or (mimetype(image/*) and maxsize(50kb))) + virusfree() and ((user(joey) and podcast/*.mp3 and mimetype(audio/mpeg) and maxsize(15mb)) or ((mimetype(image/jpeg) or mimetype(image/png)) and maxsize(50kb))) The regular [[ikiwiki/PageSpec]] syntax is expanded with the following additional tests: -- cgit v1.2.3