Last modified: 2009-09-25 17:26:21 UTC
Overview: With Mediawiki 1.14.0, trying to upload a word 2007 file (docx extension) resulted in an error message that it as application/zip and the file could be harmful, hence cannot be uploaded. The LocalSettings.php had already been updated with 'docx' extension included in the array variable $wgFileExtensions. Also, the IIS server (5.0) has 'docx' extension type configured for allowable file transfer. Temporary Work-around implemented at the local server: In file "includes\Specials\SpecialUpload.php", in "function verify($tmpfile, $extension )", I bypass the checks "if ( $this->checkFileExtension( $mime, $wgMimeTypeBlacklist )", if the file extension is 'docx'. Comments: Not sure if it is a known issue in MediaWiki 1.14.0. If it is a bug, I would be looking forward to a permanent solution to the above.
Created attachment 6090 [details] see patch in 'function verify( $tmpfile, $extension )'
Downgrading status from blocker.
(In reply to comment #1) > Created an attachment (id=6090) [details] > see patch in 'function verify( $tmpfile, $extension )' > Please submit a real patch in unified diff format.
Created attachment 6291 [details] Patch of above file to trunk Here's a diff of patching the above file into trunk. That being said, I won't commit it. It's a nasty hack with a very easily exploitable vector: rename any file to one of the MSFT files, and you skip all of Tim's content-detection work.
Created attachment 6403 [details] Patch for mime.types to allow MS Office 2007 doc types This problem could also be fixed by patching the includes/mime.types file to identify the MS 2007 Office docs (see attached patch). If someone will assign to me, I would be glad to fix and submit.
Looks ok.(In reply to comment #5) > Created an attachment (id=6403) [details] > Patch for mime.types to allow MS Office 2007 doc types > > This problem could also be fixed by patching the includes/mime.types file to > identify the MS 2007 Office docs (see attached patch). If someone will assign > to me, I would be glad to fix and submit. > Looks ok.
Committed to revision 56923