Thread:Project:Support desk/Is there a way to upload MS Excel .xls files and PDF files in Mediawiki?/reply (3)

Hi guys,

what about the security of uploading Microsoft Office documents?

https://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/RELEASE-NOTES?&pathrev=82783&r1=82782&r2=82783 suggests that it is save to upload certain ZIP types, such as MS Office or OpenOffice. However, at the same time, DefaultSettings.php still contains a warning:

If you add any OpenOffice or Microsoft Office file formats here, such as odt or doc, and untrusted users are allowed to upload files, then your wiki will be vulnerable to cross-site request forgery (CSRF).

So what now? Is upload of Microsoft Office documents (e.g. of .doc and .docx) save or is it not?