https://bugzilla.wikimedia.org/show_bug.cgi?id=62451

            Bug ID: 62451
           Summary: Possible to upload files with MIME type of image/x-bmp
           Product: MediaWiki
           Version: 1.23-git
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: File management
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected], [email protected],
                    [email protected], [email protected],
                    [email protected], [email protected],
                    [email protected]
       Web browser: ---
   Mobile Platform: ---

Splitting this out from bug 33549 comment 8 and bug 33549 comment 9:

[[commons:File:Deamado ko.png.bmp]] is MIME type: image/x-bmp.

Looking at MediaWiki core's DefaultSettings.php and Wikimedia's
CommonSettings.php, I can't figure out how this file type is allowed. Don't we
strictly validate file extensions at least? Referring to
[[mw:Manual:$wgStrictFileExtensions]], I suppose.

I was able to reproduce an upload of this file type on Commons via
[[commons:Special:Upload]] a few minutes ago by simply disabling JavaScript in
my browser (the file selection input has some associated JavaScript validation
logic).

(In reply, Bawolff (Brian Wolff) from bug 33549 comment 10)
> Umm yeah, that shouldnt be allowed.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to