Last modified: 2011-03-13 18:06:07 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T27131, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 25131 - Enable upload of OpenOffice-files on nowikimedia
Enable upload of OpenOffice-files on nowikimedia
Status: RESOLVED WONTFIX
Product: Wikimedia
Classification: Unclassified
Site requests (Other open bugs)
unspecified
All All
: Lowest enhancement (vote)
: ---
Assigned To: Rob Halsell
: shell
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-09-10 17:03 UTC by Lars Åge Kamfjord
Modified: 2011-03-13 18:06 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Lars Åge Kamfjord 2010-09-10 17:03:28 UTC 
We need to share some files on our public chapter-wiki. Can you enable upload of ODF/ODP/ODT/ODS on no.wikimedia?
Comment 1 Rob Halsell 2010-09-10 17:08:48 UTC 
It appears that this is only enabled on private wikis.  No public wikis on the project have this ability.

It seems to be broken down only by if it is public or private.  I imagine its due to exploits possible by uploading those file types.

I will email our tech list and ensure that is why it is this way.
Comment 2 Rob Halsell 2010-09-13 13:01:40 UTC 
In reviewing this with some of the tech staff, it seems that indeed, open office file formats are not allowed on public projects.  Upload of a maliciously crafted OpenOffice document leads to CSRF. Any public wiki with OpenOffice uploads enabled is vulnerable.

That pretty much means we do not enable them on public wikis.  Right now your wiki is both public, open registration, and anyone can edit.  So we cannot enable these file types on the project.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links