https://bugzilla.wikimedia.org/show_bug.cgi?id=62451
Bug ID: 62451 Summary: Possible to upload files with MIME type of image/x-bmp Product: MediaWiki Version: 1.23-git Hardware: All OS: All Status: NEW Severity: normal Priority: Unprioritized Component: File management Assignee: wikibugs-l@lists.wikimedia.org Reporter: b...@mzmcbride.com CC: aarcos.w...@gmail.com, bawolff...@gmail.com, bryan.tongm...@gmail.com, fflo...@wikimedia.org, gti...@wikimedia.org, mtrac...@member.fsf.org, tstarl...@wikimedia.org Web browser: --- Mobile Platform: --- Splitting this out from bug 33549 comment 8 and bug 33549 comment 9: [[commons:File:Deamado ko.png.bmp]] is MIME type: image/x-bmp. Looking at MediaWiki core's DefaultSettings.php and Wikimedia's CommonSettings.php, I can't figure out how this file type is allowed. Don't we strictly validate file extensions at least? Referring to [[mw:Manual:$wgStrictFileExtensions]], I suppose. I was able to reproduce an upload of this file type on Commons via [[commons:Special:Upload]] a few minutes ago by simply disabling JavaScript in my browser (the file selection input has some associated JavaScript validation logic). (In reply, Bawolff (Brian Wolff) from bug 33549 comment 10) > Umm yeah, that shouldnt be allowed. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l