https://bugzilla.wikimedia.org/show_bug.cgi?id=33549
--- Comment #6 from Derk-Jan Hartman <[email protected]> 2012-01-09 23:42:57 UTC --- Log of local upload: MimeMagic::__construct: loading mime types from /Users/hartman/Development/phase3/includes/mime.types MimeMagic::__construct: loading mime info from /Users/hartman/Development/phase3/includes/mime.info MimeMagic::doGuessMimeType: analyzing head and tail of /private/var/tmp/phpWLR4ey for magic numbers. DjVuImage::getInfo: not a DjVu file MimeMagic::guessMimeType: internal type detection failed for /private/var/tmp/phpWLR4ey (.)... MimeMagic::detectMimeType: magic mime type of /private/var/tmp/phpWLR4ey: video/mp4 MimeMagic::guessMimeType: guessed mime type of /private/var/tmp/phpWLR4ey: video/mp4 MimeMagic::improveTypeFromExtension: improved mime type for .tiff: video/mp4 MediaHandler::getHandler: no handler found for video/mp4. FSFile::getProps: /private/var/tmp/phpWLR4ey loaded, 230482 bytes, video/mp4. mime: <video/mp4> extension: <tiff> file extension not on blacklist UploadBase::verifyExtension: no file extension known for mime type video/mp4, passing file mime mismatch not detected EXTMIME guessed: IETYPES guessed: image/tiff, image/tiff, image/tiff, image/tiff, image/tiff MIME type verified and confirmed UploadBase::detectScript: checking for embedded scripts and HTML stuff UploadBase::detectScript: no scripts found ZipDirectoryReader: Fatal error: zip file lacks EOCDR signature. It probably isn't a zip file. UploadBase::detectVirus: virus scanner disabled So what happens is this: We are able to detect (through finfo or mime_content_type of detectMimeType), that this is likely a video/mp4 file .tiff is on the whitelist .tiff is not on the blacklist The guessed mime type is not checked to match a specific file extension (also would break uploads, if upload restrictions are very loose) Verification: mimeinfo and mime.types don't contain entries for video/mp4 In that case verifyExtension passes the file by default. (UploadBase::verifyExtension: no file extension known for mime type video/mp4, passing file) No other bad aspects are found (IE/virus checks) Solutions ?: - Change the default behavior for verifyExtension to reject files that we do not know in mime.info and/or mime.types (I remember this was a dubious case when we rewrote it in the past) - Add mp4 extensions and friends to mime.info mime.types (can't really hurt but also somewhat useless I think, since we have no internal handling of them at all right now). -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
