09c836a10f
following problems: - An attacker who can upload attachments to the wiki can use this to achieve remote code execution. - An attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki.