[LGM] Program epub
ale rimoldi
a.l.e at ideale.ch
Fri Mar 28 09:38:00 PDT 2014
hi manuel,
> > no idea why wordpress is so restrictive...
> >
>
> out of curiosity, i searched the WP Trac, and found that it's for
> security reasons:
> https://core.trac.wordpress.org/ticket/27063
>
> "Unfortunately XML files need to be carefully sanitized in order to
> not be vulnerable to some serious vulnerabilities, namely an XML bomb
> (exponential entity expansion) and XXE (XML external entity)
> injection. We have no plans to attempt this in core, as these are just
> incredibly dangerous."
thanks for looking and at and for the explanation!
at first i didn't understand why it would matter, but it's probably
related to the fact that wordpress is creating a preview for the
uploaded files...
now i know :-)
see you soon
a.l.e
More information about the Libre-graphics-meeting
mailing list