Last modified: 2014-05-16 19:06:21 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T41012, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 39012 - Upload verification check broken. mp4 uploaded as .ogg
Upload verification check broken. mp4 uploaded as .ogg
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
File management (Other open bugs)
1.20.x
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
https://en.wikipedia.org/wiki/File:02...
: need-unittest
: 33549 47709 52990 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-03 15:00 UTC by Derk-Jan Hartman
Modified: 2014-05-16 19:06 UTC (History)
11 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Derk-Jan Hartman 2012-08-03 15:00:05 UTC
It seems that again our filetype verification checks are broken. The link is a recently uploaded mp4 file under a .ogg name.

This should not be possible with the WMF configuration.
Comment 1 Bawolff (Brian Wolff) 2012-08-03 15:58:56 UTC
There's also a couple of "gif" files on commons that aren't really gif's which should be investigated.


Given how this sort of thing keeps popping up, it screams unittests ;)
Comment 2 Andre Klapper 2013-01-04 15:49:32 UTC
https://en.wikipedia.org/wiki/File:02_Calma_Pueblo.ogg only mentions November 2012 in its version history but this report is from August so that testcase is probably moot now.
Comment 3 Emufarmers 2013-04-23 23:22:12 UTC
User:Dispenser has compiled a list of affected files: https://commons.wikimedia.org/wiki/User:Dispenser/Wrong_Extension
Comment 4 Matthew Flaschen 2013-04-26 21:39:54 UTC
*** Bug 47709 has been marked as a duplicate of this bug. ***
Comment 5 Matthew Flaschen 2013-04-26 21:45:24 UTC
This is definitely still present.  https://commons.wikimedia.org/wiki/File:2dschrodinger.ogg is from less than a month ago (April 7, 2013).

Bumping up to normal (could argue even higher).
Comment 6 Marco 2013-05-21 16:22:51 UTC
this was likely caused and (now) fixed by bug 48306 ?
Comment 7 Bawolff (Brian Wolff) 2013-05-21 16:52:31 UTC
(In reply to comment #6)
> this was likely caused and (now) fixed by bug 48306 ?

Not entirely. We still let through things that have a mime type not on the blacklist and have no known (to mediawiki) canonical extension associated with that mime type. (I think we should change that. Note I do not believe that represents a security issue currently, but probably not the best idea in terms of appropriate level of paranoia)
Comment 8 Derk-Jan Hartman 2013-05-21 19:26:17 UTC
I vaguely remember I once had a discussion with Tim S about this problem and he didn't consider it terribly important if I remember well (and specifically he said that it definitely wasn't a regression).

But I still don't like it, and there have also been quite a few complaints 'on wiki' about this.
Comment 9 Bawolff (Brian Wolff) 2013-05-21 20:56:44 UTC
I think it would be appropriate to check if the target extension has a known mime type, and only allow the mimes with no known ext if the target ext has no associated mime.
Comment 10 Bawolff (Brian Wolff) 2013-08-19 20:29:04 UTC
*** Bug 52990 has been marked as a duplicate of this bug. ***
Comment 11 Bawolff (Brian Wolff) 2013-08-19 20:29:53 UTC
For mp4 specificly, see https://gerrit.wikimedia.org/r/79809

The issue in general still needs to be addressed.
Comment 12 Gerrit Notification Bot 2013-08-19 23:48:26 UTC
Change 79954 had a related patch set uploaded by Brian Wolff:
Be stricter for file types where we don't know canonical extension

https://gerrit.wikimedia.org/r/79954
Comment 13 Gerrit Notification Bot 2013-08-21 18:17:48 UTC
Change 79954 merged by jenkins-bot:
Be stricter for file types where we don't know canonical extension

https://gerrit.wikimedia.org/r/79954
Comment 14 Bawolff (Brian Wolff) 2014-03-09 08:14:22 UTC
*** Bug 33549 has been marked as a duplicate of this bug. ***
Comment 16 Bawolff (Brian Wolff) 2014-05-16 19:06:21 UTC
(In reply to Marco from comment #15)
> How come that someone uploaded _JPE_ files in May?
> 
> https://commons.wikimedia.org/wiki/File:Bombinhas_SC.jpe
> https://commons.wikimedia.org/wiki/File:
> %D0%91%D1%83%D1%86%D1%8C%D0%BA%D0%B8%D0%B9_%D0%BA%D0%B0%D0%BD%D1%8C%D0%B9%D0%
> BE%D0%BD,_c._%D0%91%D1%83%D0%BA%D0%B8.jpe

Looks like issue with file move code (both moved to new name by Ahonc)

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links