> Hi, Hello and thank you for reporting the bug. > > first of all SORRY for my mistakes in the last mail. No problem ;)
> And, I am not 100% sure that the diff from the wordpress > trac system, I wrote, is the patch for the bug! > It seems so but I just had have only a quick look at it. Unfortunately it's not the right fix, and unfortunately there's not a right fix fort this issue. In version 2.3.1 (or something like that) the development team introduced a new functionality in wordpress: administrators have the right to upload anything they want whatever the file's mime type was. This could be a great future if you're running a single blog with wordpress but if you use wordpress to run multiple blogs on the same machine (each one with his administrator) things are going to be not so good. I recently discussed the issue with security team and we decided it should be better to remove the unrestricted upload functionality mentioning this change in the NEWS file. I've been a little busy this days but I think I'll provide the new package within the weekend. Thank you again. Regards. Andrea De Iacovo
signature.asc
Description: Questa è una parte del messaggio firmata digitalmente
