https://bugzilla.wikimedia.org/show_bug.cgi?id=24230
Summary: Implement JAR detection
Product: MediaWiki
Version: 1.17-svn
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: Normal
Component: Uploading
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected], [email protected]
We should find a reliable JAR detection routine, so that we can block JAR
files, instead of having to whitelist all the different zip based fileformats.
Solution:
* Do a simple ZIP detection like we have now:
* Read with ZipArchive http://php.net/manual/en/ref.zip.php
* Traverse and look with zip_entry_name() for files with:
** MANIFEST.MF
** .class or .java or .jar
I'm not sure if this works well enough to plug the GIFAR hole however, because
we don't really know how Java detects if a zip == a jar. Will have to be
verified somehow.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
