Last modified: 2011-04-14 15:11:13 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T12847, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 10847 - Detect RAR concatenation in jpeg images
Detect RAR concatenation in jpeg images
Status: NEW
Product: MediaWiki
Classification: Unclassified
File management (Other open bugs)
unspecified
All All
: Low enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
http://en.wikipedia.org/w/index.php?t...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-08 21:21 UTC by Nobody
Modified: 2011-04-14 15:11 UTC (History)
5 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Nobody 2007-08-08 21:21:39 UTC
HOW TO: Download the linked file (req. admin access on enwiki), rename to .rar, extract.
PROBLEM: Users using Wikipedia as RapidShare replacement by appending compressed files to legitimate graphics uploaded to our servers.
POSSIBLE SOLUTION: Add code to detect RAR compression appended to valid graphics files and fail the upload.
Comment 1 Brion Vibber 2007-08-08 21:27:46 UTC
Why look for RAR and not five million other archive formats? What about trivially obfuscated files? Encrypted files? etc.
Comment 2 Jon 2007-08-08 22:34:29 UTC
(In reply to comment #1)
> Why look for RAR and not five million other archive formats? What about
> trivially obfuscated files? Encrypted files? etc.
> 

its simple really... your average jpg viewer stops reading the file after the end tag. rar ignores anything prior to the rar header. so you've got the perfect combination with jpg and rar. But a few other archive formats/image formats could potentially work. There are tutorials all over the internet including the EN WP article on RAR showing how to do the jpg/rar combination though.
Comment 3 Brion Vibber 2007-08-08 22:38:10 UTC
Convenient. :)

Greg's putting together a list of files with known issues, we'll have a good test set of this and other formats.
Comment 5 Platonides 2009-03-05 14:41:10 UTC
Note that commons uploads are being checked (third-party) for embedded rars.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links