Last modified: 2014-03-15 12:38:17 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T24934, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 22934 - files of mimetype with unknown file extension are automatically allowed
files of mimetype with unknown file extension are automatically allowed
Status: NEW
Product: MediaWiki
Classification: Unclassified
File management (Other open bugs)
unspecified
All All
: Low normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-03-23 21:38 UTC by Derk-Jan Hartman
Modified: 2014-03-15 12:38 UTC (History)
7 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Derk-Jan Hartman 2010-03-23 21:38:04 UTC
UploadBase::verifyExtension: no file extension known for mime type image/x-ms-bmp, passing file

This seems like a strange default. Would properly be better to generate a warning in that case or simply error out.

(To reproduce: upload a x-ms-bmp file. this mimetype is currently not in the includes/mime.types. now upload it over another type of file. make sure "ignore warnings" is not checked.)
Comment 1 Bryan Tong Minh 2010-04-11 21:20:33 UTC
Cc Robla, he has done some research on the extension verification if I recall correctly.
Comment 2 Derk-Jan Hartman 2010-04-21 23:07:40 UTC
The problem here is with verifyExtension() in includes/upload/UploadBase.php
Basically it allows you to upload unknown file types in certain situations.

When the mime type of the new file is unknown, and when the existing file is not on the list of "recognizable filteypes". ("passing file with unknown detected mime type; unrecognized extension '$extension', can't verify\n")

The second case is when we don't know the extension of a mimetype that we do know. ( " no file extension known for mime type $mime, passing file\n")

I don't see a good reason for these exceptions. Why do we have them ? Especially the latter is clearly problematic as the x-ms-bmp issue has shown. It creates trouble if our list of mime information or fileextensions isn't complete.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links