https://bugzilla.wikimedia.org/show_bug.cgi?id=16583
--- Comment #10 from [email protected] 2009-08-24 19:27:16 UTC --- Created an attachment (id=6491) --> (https://bugzilla.wikimedia.org/attachment.cgi?id=6491) patch for MimeMagic.php, r55559: check whether file is binary The attached patch fixes this issue for several known image files that were falsely identified, but still successfully detects typical php files being uploaded with an (incorrect) image extension. The patch adds a check to see whether the file header contains three null characters in a row. It's a string that should be present in nearly all binary files, but shouldn't normally be found in text files. It's imperfect and kludge-like -- but so is checking for php files based on the presence of '<?'. And there's no real difference security-wise -- if someone wants to intentionally create a php file that is not recognized by doGuessMimeType, that's already easily possible. This at least resolves the bug until someone wants to do a more thorough re-write of the code. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
