https://bugzilla.wikimedia.org/show_bug.cgi?id=62451
Bug ID: 62451
Summary: Possible to upload files with MIME type of image/x-bmp
Product: MediaWiki
Version: 1.23-git
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: File management
Assignee: wikibugs-l@lists.wikimedia.org
Reporter: b...@mzmcbride.com
CC: aarcos.w...@gmail.com, bawolff...@gmail.com,
bryan.tongm...@gmail.com, fflo...@wikimedia.org,
gti...@wikimedia.org, mtrac...@member.fsf.org,
tstarl...@wikimedia.org
Web browser: ---
Mobile Platform: ---
Splitting this out from bug 33549 comment 8 and bug 33549 comment 9:
[[commons:File:Deamado ko.png.bmp]] is MIME type: image/x-bmp.
Looking at MediaWiki core's DefaultSettings.php and Wikimedia's
CommonSettings.php, I can't figure out how this file type is allowed. Don't we
strictly validate file extensions at least? Referring to
[[mw:Manual:$wgStrictFileExtensions]], I suppose.
I was able to reproduce an upload of this file type on Commons via
[[commons:Special:Upload]] a few minutes ago by simply disabling JavaScript in
my browser (the file selection input has some associated JavaScript validation
logic).
(In reply, Bawolff (Brian Wolff) from bug 33549 comment 10)
> Umm yeah, that shouldnt be allowed.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
