Last modified: 2014-05-16 19:06:21 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T41012, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 39012 - Upload verification check broken. mp4 uploaded as .ogg


Summary:	Upload verification check broken. mp4 uploaded as .ogg

Status:	RESOLVED FIXED

Product:	MediaWiki
Classification:	Unclassified
Component:	File management (Other open bugs)
Version:	1.20.x
Hardware:	All All

Importance:	Normal normal (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:	https://en.wikipedia.org/wiki/File:02...
Whiteboard:
Keywords:	need-unittest

Duplicates:	33549 47709 52990 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2012-08-03 15:00 UTC by Derk-Jan Hartman
Modified:	2014-05-16 19:06 UTC (History)
CC List:	11 users (show)

See Also:	48306 22934
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Derk-Jan Hartman 2012-08-03 15:00:05 UTC

It seems that again our filetype verification checks are broken. The link is a recently uploaded mp4 file under a .ogg name.

This should not be possible with the WMF configuration.

Comment 1 Bawolff (Brian Wolff) 2012-08-03 15:58:56 UTC

There's also a couple of "gif" files on commons that aren't really gif's which should be investigated.


Given how this sort of thing keeps popping up, it screams unittests ;)

Comment 2 Andre Klapper 2013-01-04 15:49:32 UTC

https://en.wikipedia.org/wiki/File:02_Calma_Pueblo.ogg only mentions November 2012 in its version history but this report is from August so that testcase is probably moot now.

Comment 3 Emufarmers 2013-04-23 23:22:12 UTC

User:Dispenser has compiled a list of affected files: https://commons.wikimedia.org/wiki/User:Dispenser/Wrong_Extension

Comment 4 Matthew Flaschen 2013-04-26 21:39:54 UTC

*** Bug 47709 has been marked as a duplicate of this bug. ***

Comment 5 Matthew Flaschen 2013-04-26 21:45:24 UTC

This is definitely still present.  https://commons.wikimedia.org/wiki/File:2dschrodinger.ogg is from less than a month ago (April 7, 2013).

Bumping up to normal (could argue even higher).

Comment 6 Marco 2013-05-21 16:22:51 UTC

this was likely caused and (now) fixed by bug 48306 ?

Comment 7 Bawolff (Brian Wolff) 2013-05-21 16:52:31 UTC

(In reply to comment #6)
> this was likely caused and (now) fixed by bug 48306 ?

Not entirely. We still let through things that have a mime type not on the blacklist and have no known (to mediawiki) canonical extension associated with that mime type. (I think we should change that. Note I do not believe that represents a security issue currently, but probably not the best idea in terms of appropriate level of paranoia)

Comment 8 Derk-Jan Hartman 2013-05-21 19:26:17 UTC

I vaguely remember I once had a discussion with Tim S about this problem and he didn't consider it terribly important if I remember well (and specifically he said that it definitely wasn't a regression).

But I still don't like it, and there have also been quite a few complaints 'on wiki' about this.

Comment 9 Bawolff (Brian Wolff) 2013-05-21 20:56:44 UTC

I think it would be appropriate to check if the target extension has a known mime type, and only allow the mimes with no known ext if the target ext has no associated mime.

Comment 10 Bawolff (Brian Wolff) 2013-08-19 20:29:04 UTC

*** Bug 52990 has been marked as a duplicate of this bug. ***

Comment 11 Bawolff (Brian Wolff) 2013-08-19 20:29:53 UTC

For mp4 specificly, see https://gerrit.wikimedia.org/r/79809

The issue in general still needs to be addressed.

Comment 12 Gerrit Notification Bot 2013-08-19 23:48:26 UTC

Change 79954 had a related patch set uploaded by Brian Wolff:
Be stricter for file types where we don't know canonical extension

https://gerrit.wikimedia.org/r/79954

Comment 13 Gerrit Notification Bot 2013-08-21 18:17:48 UTC

Change 79954 merged by jenkins-bot:
Be stricter for file types where we don't know canonical extension

https://gerrit.wikimedia.org/r/79954

Comment 14 Bawolff (Brian Wolff) 2014-03-09 08:14:22 UTC

*** Bug 33549 has been marked as a duplicate of this bug. ***

Comment 15 Marco 2014-05-16 17:49:29 UTC

How come that someone uploaded _JPE_ files in May?

https://commons.wikimedia.org/wiki/File:Bombinhas_SC.jpe
https://commons.wikimedia.org/wiki/File:%D0%91%D1%83%D1%86%D1%8C%D0%BA%D0%B8%D0%B9_%D0%BA%D0%B0%D0%BD%D1%8C%D0%B9%D0%BE%D0%BD,_c._%D0%91%D1%83%D0%BA%D0%B8.jpe

Comment 16 Bawolff (Brian Wolff) 2014-05-16 19:06:21 UTC

(In reply to Marco from comment #15)
> How come that someone uploaded _JPE_ files in May?
> 
> https://commons.wikimedia.org/wiki/File:Bombinhas_SC.jpe
> https://commons.wikimedia.org/wiki/File:
> %D0%91%D1%83%D1%86%D1%8C%D0%BA%D0%B8%D0%B9_%D0%BA%D0%B0%D0%BD%D1%8C%D0%B9%D0%
> BE%D0%BD,_c._%D0%91%D1%83%D0%BA%D0%B8.jpe

Looks like issue with file move code (both moved to new name by Ahonc)

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links