Page MenuHomePhabricator
Create Task
Maniphest T187261

Showing Commons 3D file on a local Wikpedia file page results into a warning "...malicious code"
Closed, ResolvedPublic
Actions

Description

https://de.wikipedia.org/wiki/Datei:Asad_Al-Lat.stl shows "Warning: This file type may contain malicious code. By executing it, your system may be compromised."

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
MMV is not a hard dependencymediawiki/extensions/3Dwmf/1.31.0-wmf.21+1 -4
MMV is not a hard dependencymediawiki/extensions/3Dmaster+1 -4
Load 3D extension on other wikis, for display onlyoperations/mediawiki-configmaster+14 -10
Customize query in gerrit

Related Objects

Event Timeline

Raymond created this task.Feb 13 2018, 10:01 PM
Restricted Application added a project: Multimedia. · View Herald TranscriptFeb 13 2018, 10:01 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Ramsey-WMF assigned this task to matthiasmullie.Feb 14 2018, 12:20 AM
Ramsey-WMF triaged this task as High priority.
Ramsey-WMF added a project: Multimedia-Team-Working-Board.
Ramsey-WMF moved this task from Untriaged to Next up on the Multimedia board.
matthiasmullie added a comment.Feb 14 2018, 10:07 AM

Should we enable 3D everywhere, so other wikis are able to display such files? (but don't enable uploads everywhere?)

Raymond added a comment.Feb 14 2018, 10:09 AM
In T187261#3971175, @matthiasmullie wrote:

Should we enable 3D everywhere, so other wikis are able to display such files? (but don't enable uploads everywhere?)

Sounds good to me. Would this be the solution to show a thumbnail in Wikipedia pages too? Like in https://de.wikipedia.org/wiki/Benutzer:Raymond/test

matthiasmullie added a comment.Feb 14 2018, 10:48 AM

Yeah, that'd also take care of that.

TheDJ awarded a token.Feb 14 2018, 11:06 AM
Raymond awarded a token.Feb 14 2018, 11:07 AM
gerritbot subscribed.Feb 14 2018, 12:23 PM

Change 410432 had a related patch set uploaded (by Matthias Mullie; owner: Matthias Mullie):
[mediawiki/extensions/3D@master] MMV is not a hard dependency

https://gerrit.wikimedia.org/r/410432

gerritbot added a project: Patch-For-Review.Feb 14 2018, 12:23 PM
matthiasmullie mentioned this in rETHR0988e4a92624: MMV is not a hard dependency.Feb 14 2018, 12:24 PM
gerritbot added a comment.Feb 14 2018, 12:30 PM

Change 410433 had a related patch set uploaded (by Matthias Mullie; owner: Matthias Mullie):
[operations/mediawiki-config@master] Load 3D extension on other wikis, for display only

https://gerrit.wikimedia.org/r/410433

matthiasmullie moved this task from To Do to Doing on the Multimedia-Team-Working-Board board.Feb 14 2018, 12:34 PM
gerritbot added a comment.Feb 14 2018, 4:14 PM

Change 410432 merged by jenkins-bot:
[mediawiki/extensions/3D@master] MMV is not a hard dependency

https://gerrit.wikimedia.org/r/410432

ReleaseTaggerBot added a project: MW-1.31-release-notes (WMF-deploy-2018-02-20 (1.31.0-wmf.22)).Feb 14 2018, 5:00 PM
matmarex merged a task: T187620: 3D files don't display thumbnails on Wikipedia (and other wikis except Commons).Feb 17 2018, 2:21 PM
matmarex added subscribers: matmarex, matthiasmullie, Ramsey-WMF.
matthiasmullie moved this task from Doing to Code Review on the Multimedia-Team-Working-Board board.Feb 21 2018, 5:33 PM
matmarex mentioned this in T3790: Allow uploading of 3D files to Wikimedia Commons.Feb 21 2018, 6:50 PM
matmarex added a comment.Feb 21 2018, 6:52 PM

For reference, deployment of the config change is scheduled for Thursday: https://wikitech.wikimedia.org/wiki/Deployments#deploycal-item-20180222T1400

gerritbot added a comment.Feb 22 2018, 2:32 PM

Change 410433 merged by jenkins-bot:
[operations/mediawiki-config@master] Load 3D extension on other wikis, for display only

https://gerrit.wikimedia.org/r/410433

gerritbot added a comment.Feb 22 2018, 2:42 PM

Change 413373 had a related patch set uploaded (by Matthias Mullie; owner: Matthias Mullie):
[mediawiki/extensions/3D@wmf/1.31.0-wmf.21] MMV is not a hard dependency

https://gerrit.wikimedia.org/r/413373

matthiasmullie mentioned this in rETHR98a65fb35c40: MMV is not a hard dependency.Feb 22 2018, 2:45 PM
gerritbot added a comment.Feb 22 2018, 2:45 PM

Change 413373 merged by jenkins-bot:
[mediawiki/extensions/3D@wmf/1.31.0-wmf.21] MMV is not a hard dependency

https://gerrit.wikimedia.org/r/413373

ReleaseTaggerBot edited projects, added MW-1.31-release-notes (WMF-deploy-2018-02-13 (1.31.0-wmf.21)); removed MW-1.31-release-notes (WMF-deploy-2018-02-20 (1.31.0-wmf.22)).Feb 22 2018, 3:00 PM
matthiasmullie added a comment.Feb 22 2018, 3:13 PM

This has been deployed.
Existing embeds may not work until the cache gets refreshed, but I believe I just purged all of them.

matthiasmullie moved this task from Code Review to Needs QA on the Multimedia-Team-Working-Board board.Feb 22 2018, 3:14 PM
Ainali subscribed.Feb 22 2018, 5:46 PM
matmarex awarded a token.Feb 23 2018, 5:26 PM
Ramsey-WMF closed this task as Resolved.Feb 26 2018, 5:45 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits