> application/x-zip seems to be ignored - I tried this change and there > were no changes in the behavior. > > I also tried adding OXT to application/zip.. and this caught me up in > the error that ZIP files are explicitly blocked by the MediaWiki mime > type validation. This "can" be bypassed by disabling the mime type > validation/check, but opens up (as I understand it) a hole > for exploits. > Since the OOo Wiki is quite public and subject to quite a lot of > spamming and other malicious poking, I'm not so happy with workarounds > that risk exploits :-( > > > >> I think the problem is in "file", not the wiki nor anything > >> you've done to it. :-) > >> > >> Specifically, you say that a "file -bi" reports those files > >> as being application/x-zip. > >> If I correctly recall some similar struggles I've had, that's > >> the place to focus - convince "file" that what it is *really* > >> is the MIME type for oxt. > > This is something we're also looking at.. trying to find a > way to reset > the mime type in the file itself. So far no success... >
OOXML formats are zip achives. It is likely the only way to correctly identify them is to extract the files from the zip archive and validate them as being office 2007 format. I think the same method was mentioned for OpenDocument files, except OpenDocument has a validator available. I can't find my previous post on this, but I provided a dirty, dirty hack for allowing OOXML uploads. Like the patch in the bug report, it opens a hole for exploits; but, without validation, I think any fix would open a hole for exploits. V/r, Ryan Lane
_______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
