Page MenuHomePhabricator

Support at least one editable open slides format on Commons
Open, Needs TriagePublic

Tokens
"Love" token, awarded by Pamputt."Love" token, awarded by VIGNERON."Love" token, awarded by CorneliusKibelka_WMDE."Love" token, awarded by Mrjohncummings."Love" token, awarded by jhsoby."Love" token, awarded by AdHuikeshoven.
Assigned To
None
Authored By
Mrjohncummings, Jul 23 2018

Description

It would be extremely helpful if Commons supported at least one easily editable slides format that could be opened by LibreOffice/OpenOffice etc. I know you can upload slides in pdf or zip them up, I think it would be very useful to have native support for slides given the amount of Wikimedia related conferences that happen.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 23 2018, 10:07 AM
Reedy added a subscriber: Reedy.EditedJul 23 2018, 11:03 AM

The problem is highlighted here... https://github.com/wikimedia/mediawiki/blob/master/includes/DefaultSettings.php#L923-L930

* @warning If you add any OpenOffice or Microsoft Office file formats here,
* such as odt or doc, and untrusted users are allowed to upload files, then
* your wiki will be vulnerable to cross-site request forgery (CSRF).

I would suggest that unless we implemented some scanning of the files (I've no idea how easy, hard or otherwise that would be. It's probably a rabbit hole), we're basically blocked until we have something like T28508: Content Security Policy (CSP) and running with it in a restrictive mode. But I cannot say offhand if that would be sufficient to quell the problem

The problem is highlighted here... https://github.com/wikimedia/mediawiki/blob/master/includes/DefaultSettings.php#L923-L930

* @warning If you add any OpenOffice or Microsoft Office file formats here,
* such as odt or doc, and untrusted users are allowed to upload files, then
* your wiki will be vulnerable to cross-site request forgery (CSRF).

I would suggest that unless we implemented some scanning of the files (I've no idea how easy, hard or otherwise that would be. It's probably a rabbit hole), we're basically blocked until we have something like T28508: Content Security Policy (CSP) and running with it in a restrictive mode. But I cannot say offhand if that would be sufficient to quell the problem

Thanks very much for clarifying the issues blocking this, are there any open slide formats that would not have this issue? LibreOffice can save files in many formats:

  • .odp
  • .otp
  • .odg
  • .fodp
  • .uop
  • .pptx
  • .ppsx
  • .potm

Not sure, would require some research

I would obviously avoid pptx and ppsx (at least), with them being Microsoft PowerPoint formats, and as such aren't so open formats :)

A thought as a workaround; try saving the presentations to TIFF? It supports multi page images, and MediaWiki will let you browse through the pages too. No idea how well they come out after being saved by the various programs

How could someone research if they would avoid this issue? What should they be looking for?

Thanks for the workaround, I know that zipping up the file also works, but its still a bit of a fudge

Reedy added a comment.EditedJul 23 2018, 11:34 AM

A thought as a workaround; try saving the presentations to TIFF? It supports multi page images, and MediaWiki will let you browse through the pages too. No idea how well they come out after being saved by the various programs

Hmm. So on macOS, PowerPoint saves it to a TIFF file per slide (bleugh)

LibreOffice only seems to export one slide...

I did find https://extensions.libreoffice.org/extensions/export-as-images but might not work on newer versions

Thanks for the workaround, I know that zipping up the file also works, but its still a bit of a fudge

? You can't upload zips to commons

Thanks for the workaround, I know that zipping up the file also works, but its still a bit of a fudge

? You can't upload zips to commons

Ah yes, you're right, I'd been told this at some time but never checked to see if it was true. Thanks

A thought as a workaround; try saving the presentations to TIFF? It supports multi page images, and MediaWiki will let you browse through the pages too. No idea how well they come out after being saved by the various programs

Hmm. So on macOS, PowerPoint saves it to a TIFF file per slide (bleugh)
LibreOffice only seems to export one slide...
I did find https://extensions.libreoffice.org/extensions/export-as-images but might not work on newer versions

Thanks, this is helpful for people who want share images of the slides but doesn't get to the issue of having editable slides.

jhsoby added a subscriber: jhsoby.

See also (and feel free to join) this current discussion at commons (permalink as of today). According to @Bawolff most of the security issues may no longer be a concern. The potential for malicious macros could be a blocker, though.

The problem is highlighted here... https://github.com/wikimedia/mediawiki/blob/master/includes/DefaultSettings.php#L923-L930

* @warning If you add any OpenOffice or Microsoft Office file formats here,
* such as odt or doc, and untrusted users are allowed to upload files, then
* your wiki will be vulnerable to cross-site request forgery (CSRF).

I would suggest that unless we implemented some scanning of the files (I've no idea how easy, hard or otherwise that would be. It's probably a rabbit hole), we're basically blocked until we have something like T28508: Content Security Policy (CSP) and running with it in a restrictive mode. But I cannot say offhand if that would be sufficient to quell the problem

I think that's a reference to the possibility of them being JAR files, which we now scan for.


I think integrating https://webodf.org/ would be a very cool project.