User:Leucosticte/Insecure settings

The following are insecure settings.

Enabling upload and execution of arbitrary PHP scriptsEdit

$wgStrictFileExtensions = false;
$wgFileBlacklist = array();
$wgVerifyMimeType = false;