--- mediawiki-svn/includes/DefaultSettings.php.orig	2010-03-21 09:55:45.645057598 +0100
+++ mediawiki-svn/includes/DefaultSettings.php	2010-03-21 09:57:49.872556370 +0100
@@ -2204,6 +2204,13 @@ $wgCheckFileExtensions = true;
  */
 $wgStrictFileExtensions = true;
 
+/**
+ * Setting this to true will disable the upload system's checks for HTML/JavaScript.
+ * THIS IS VERY DANGEROUS on a publicly editable site, so USE wgGroupPermissions
+ * TO RESTRICT UPLOADING to only those that you trust
+ */
+$wgDisableUploadScriptChecks = false;
+
 /** Warn if uploaded files are larger than this (in bytes), or false to disable*/
 $wgUploadSizeWarning = false;
 
@@ -2635,7 +2642,7 @@ $wgFilterCallback = false;
 $wgGoToEdit = false;
 
 /** Allow raw, unchecked HTML in <html>...</html> sections.
- * THIS IS VERY DANGEROUS on a publically editable site, so USE wgGroupPermissions
+ * THIS IS VERY DANGEROUS on a publicly editable site, so USE wgGroupPermissions
  * TO RESTRICT EDITING to only those that you trust
  */
 $wgRawHtml = false;
--- mediawiki-svn/includes/upload/UploadBase.php.orig	2010-03-21 09:50:56.435055738 +0100
+++ mediawiki-svn/includes/upload/UploadBase.php	2010-03-21 10:02:57.155057229 +0100
@@ -237,7 +237,7 @@ abstract class UploadBase {
 		$mime = $magic->guessMimeType( $this->mTempPath, false );
 
 		# check mime type, if desired
-		global $wgVerifyMimeType;
+		global $wgVerifyMimeType, $wgDisableUploadScriptChecks;
 		if ( $wgVerifyMimeType ) {
 			wfDebug ( "\n\nmime: <$mime> extension: <{$this->mFinalExtension}>\n\n");
 			if ( !$this->verifyExtension( $mime, $this->mFinalExtension ) ) {
@@ -262,14 +262,16 @@ abstract class UploadBase {
 			}
 		}
 
-		# check for htmlish code and javascript
-		if( self::detectScript( $this->mTempPath, $mime, $this->mFinalExtension ) ) {
-			return 'uploadscripted';
-		}
-		if( $this->mFinalExtension == 'svg' || $mime == 'image/svg+xml' ) {
-			if( self::detectScriptInSvg( $this->mTempPath ) ) {
+		if( !$wgDisableUploadScriptChecks ) {
+			# check for htmlish code and javascript
+			if( self::detectScript( $this->mTempPath, $mime, $this->mFinalExtension ) ) {
 				return 'uploadscripted';
 			}
+			if( $this->mFinalExtension == 'svg' || $mime == 'image/svg+xml' ) {
+				if( self::detectScriptInSvg( $this->mTempPath ) ) {
+					return 'uploadscripted';
+				}
+			}
 		}
 
 		/**