Last modified: 2011-11-21 08:46:48 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 3675 - Detect which mime types can be recognized reliably
Detect which mime types can be recognized reliably
Status: NEW
Product: MediaWiki
Classification: Unclassified
Uploading (Other open bugs)
unspecified
All All
: Low enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-10 22:17 UTC by Daniel Kinzler
Modified: 2011-11-21 08:46 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
patch for MimeMagic.php (6.42 KB, patch)
2005-10-10 22:17 UTC, Daniel Kinzler
Details
trivial php script for testing the above patch conveniently (613 bytes, text/plain)
2005-10-10 22:19 UTC, Daniel Kinzler
Details

Description Daniel Kinzler 2005-10-10 22:17:24 UTC
This is a folloup to bug #3641: brion fixed my fix by requiring a matching mime
type only for types that are known to be recognized. How to determine which
types that are was left open. This patch adresses that caveat:

* The types recognized by PHPs GD library are always considered to be recognizable
* if an external command is used to determine the mime type via
$wgMimeDetectorCommand, the system's standard magic.mime file is parsed for
additional types. where that file can be found is determined by the
MM_MAGIC_MIME_FILE. The default value should work on most linux systems, but
would need to be overwritten by windows users.
* if the mime_magic or fileinfo extensions are present in PHP, the file
indicated by ini_get("mime_magic.magicfile") will be parsed for additional types.

I have tested this with and without $wgMimeDetectorCommand, but not with the
mime_magic or fileinfo extensions. 

patch to folow in a minute.
Comment 1 Daniel Kinzler 2005-10-10 22:17:54 UTC
Created attachment 968 [details]
patch for MimeMagic.php
Comment 2 Daniel Kinzler 2005-10-10 22:19:21 UTC
Created attachment 969 [details]
trivial php script for testing the above patch conveniently

put this into the installation root to get a list of all mimetypes and
file-extensions that are deemed recognizable.
Comment 3 Sam Reed (reedy) 2011-11-20 18:58:10 UTC
Patch wouldn't apply cleanly

What's the state of play with this request now Daniel?
Comment 4 Daniel Kinzler 2011-11-21 08:46:48 UTC
This patch is more than 6 years old :) Also, it was always kind of hackish. It was supposed to address the following issue:

* when a file is uploaded and mediawiki fails to detect its mime type, it is accepted withoput further checks.

* if we knew that the mime type of files with the given file extension *should* be detected, we could reject that file (but afaik we currently don't).

I'm a bit out of the loop, and don't have time to test right now, but I believe the problem still exist: garbage files that are detected as "unknown/unknown" can be uploaded with any file extension.

I think the simples solution would be to reject files that are recognized as "unknown/unknown" unless that extensions is whitelisted in a new config variable.

On a related note: the interaction of $wgCheckFileExtensions vs. $wgVerifyMimeType vs. $wgStrictFileExtensions is very unclear. The mime detection / file verification code needs a rewrite. Sorry for the mess, that stuff from 2005 is actually the first patch I contributed to mediawiki :)

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links