Bug ID: 62451
           Summary: Possible to upload files with MIME type of image/x-bmp
           Product: MediaWiki
           Version: 1.23-git
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: File management
       Web browser: ---
   Mobile Platform: ---

Splitting this out from bug 33549 comment 8 and bug 33549 comment 9:

[[commons:File:Deamado ko.png.bmp]] is MIME type: image/x-bmp.

Looking at MediaWiki core's DefaultSettings.php and Wikimedia's
CommonSettings.php, I can't figure out how this file type is allowed. Don't we
strictly validate file extensions at least? Referring to
[[mw:Manual:$wgStrictFileExtensions]], I suppose.

I was able to reproduce an upload of this file type on Commons via
[[commons:Special:Upload]] a few minutes ago by simply disabling JavaScript in
my browser (the file selection input has some associated JavaScript validation

(In reply, Bawolff (Brian Wolff) from bug 33549 comment 10)
> Umm yeah, that shouldnt be allowed.

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to