Last modified: 2011-11-21 08:46:48 UTC
This is a folloup to bug #3641: brion fixed my fix by requiring a matching mime
type only for types that are known to be recognized. How to determine which
types that are was left open. This patch adresses that caveat:
* The types recognized by PHPs GD library are always considered to be recognizable
* if an external command is used to determine the mime type via
$wgMimeDetectorCommand, the system's standard magic.mime file is parsed for
additional types. where that file can be found is determined by the
MM_MAGIC_MIME_FILE. The default value should work on most linux systems, but
would need to be overwritten by windows users.
* if the mime_magic or fileinfo extensions are present in PHP, the file
indicated by ini_get("mime_magic.magicfile") will be parsed for additional types.
I have tested this with and without $wgMimeDetectorCommand, but not with the
mime_magic or fileinfo extensions.
patch to folow in a minute.
Created attachment 968 [details]
patch for MimeMagic.php
Created attachment 969 [details]
trivial php script for testing the above patch conveniently
put this into the installation root to get a list of all mimetypes and
file-extensions that are deemed recognizable.
Patch wouldn't apply cleanly
What's the state of play with this request now Daniel?
This patch is more than 6 years old :) Also, it was always kind of hackish. It was supposed to address the following issue:
* when a file is uploaded and mediawiki fails to detect its mime type, it is accepted withoput further checks.
* if we knew that the mime type of files with the given file extension *should* be detected, we could reject that file (but afaik we currently don't).
I'm a bit out of the loop, and don't have time to test right now, but I believe the problem still exist: garbage files that are detected as "unknown/unknown" can be uploaded with any file extension.
I think the simples solution would be to reject files that are recognized as "unknown/unknown" unless that extensions is whitelisted in a new config variable.
On a related note: the interaction of $wgCheckFileExtensions vs. $wgVerifyMimeType vs. $wgStrictFileExtensions is very unclear. The mime detection / file verification code needs a rewrite. Sorry for the mess, that stuff from 2005 is actually the first patch I contributed to mediawiki :)