Last modified: 2011-04-14 15:11:13 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 10847 - Detect RAR concatenation in jpeg images
Detect RAR concatenation in jpeg images
Status: NEW
Product: MediaWiki
Classification: Unclassified
File management (Other open bugs)
unspecified
All All
: Low enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
http://en.wikipedia.org/w/index.php?t...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-08 21:21 UTC by Nobody
Modified: 2011-04-14 15:11 UTC (History)
5 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Nobody 2007-08-08 21:21:39 UTC
HOW TO: Download the linked file (req. admin access on enwiki), rename to .rar, extract.
PROBLEM: Users using Wikipedia as RapidShare replacement by appending compressed files to legitimate graphics uploaded to our servers.
POSSIBLE SOLUTION: Add code to detect RAR compression appended to valid graphics files and fail the upload.
Comment 1 Brion Vibber 2007-08-08 21:27:46 UTC
Why look for RAR and not five million other archive formats? What about trivially obfuscated files? Encrypted files? etc.
Comment 2 Jon 2007-08-08 22:34:29 UTC
(In reply to comment #1)
> Why look for RAR and not five million other archive formats? What about
> trivially obfuscated files? Encrypted files? etc.
> 

its simple really... your average jpg viewer stops reading the file after the end tag. rar ignores anything prior to the rar header. so you've got the perfect combination with jpg and rar. But a few other archive formats/image formats could potentially work. There are tutorials all over the internet including the EN WP article on RAR showing how to do the jpg/rar combination though.
Comment 3 Brion Vibber 2007-08-08 22:38:10 UTC
Convenient. :)

Greg's putting together a list of files with known issues, we'll have a good test set of this and other formats.
Comment 5 Platonides 2009-03-05 14:41:10 UTC
Note that commons uploads are being checked (third-party) for embedded rars.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links