Last modified: 2012-04-12 13:56:08 UTC
If I upload a file with the name 'TextmeEncryption.php.zip' I get the following error message.
".zip" is not a permitted file type. Permitted file types are png, gif, jpg, jpeg, zip.
I have also added the following to my list LocalSettings.php
$wgFileExtensions = 'zip';
$wgVerifyMimeType = false; //disable mime type verification
If I rename the file to 'TextmeEncryption_php.zip', it works fine!
But this shouldn't be the expected behavior. The first file name used is absolutely appropriate too (Both in terms of naming and mime-type).
As Platonides pointed out in irc, this is intentional behaviour due to Apache taking secondary extenions sometimes into account.
However, the error message should be better. For a file like the reporter's above (foo.php.zip), we detect that the .php is blacklisted, so output the bad filetype message, but when outputting that message, we use the final extension in it (.zip), which is confusing to the user.
Fixed in r80766.