Last modified: 2014-05-10 10:46:11 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T64451, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 62451 - Possible to upload files with not allowed extension, if it has a multiple extensions, one of which is good
Possible to upload files with not allowed extension, if it has a multiple ext...
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
File management (Other open bugs)
1.23.0
All All
: Normal normal (vote)
: 1.23.0 release
Assigned To: Bawolff (Brian Wolff)
:
: 63076 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-09 07:55 UTC by MZMcBride
Modified: 2014-05-10 10:46 UTC (History)
11 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description MZMcBride 2014-03-09 07:55:47 UTC 
Splitting this out from bug 33549 comment 8 and bug 33549 comment 9:

[[commons:File:Deamado ko.png.bmp]] is MIME type: image/x-bmp.

Looking at MediaWiki core's DefaultSettings.php and Wikimedia's CommonSettings.php, I can't figure out how this file type is allowed. Don't we strictly validate file extensions at least? Referring to [[mw:Manual:$wgStrictFileExtensions]], I suppose.

I was able to reproduce an upload of this file type on Commons via [[commons:Special:Upload]] a few minutes ago by simply disabling JavaScript in my browser (the file selection input has some associated JavaScript validation logic).

(In reply, Bawolff (Brian Wolff) from bug 33549 comment 10)
> Umm yeah, that shouldnt be allowed.
Comment 1 Gerrit Notification Bot 2014-03-09 08:09:43 UTC 
Change 117668 had a related patch set uploaded by Brian Wolff:
When checking whitelist of extensions, only count last extension.

https://gerrit.wikimedia.org/r/117668
Comment 2 Gerrit Notification Bot 2014-03-11 21:43:38 UTC 
Change 117668 merged by jenkins-bot:
When checking whitelist of extensions, only count last extension.

https://gerrit.wikimedia.org/r/117668
Comment 3 Bawolff (Brian Wolff) 2014-03-25 17:38:31 UTC 
*** Bug 63076 has been marked as a duplicate of this bug. ***
Comment 4 Jesús Martínez Novo (Ciencia Al Poder) 2014-05-10 10:46:11 UTC 
Change merged, so marking as resolved
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links