| Dinoguy1000 | |
| Aug 10 2019, 3:00 PM |
| F30005792: AncientElf-ROD-IT-VG.png | |
| Aug 10 2019, 3:01 PM |
Trying to upload the attached PNG file results in an error message "The file is a corrupt or otherwise unreadable ZIP file. It cannot be properly checked for security." Checking it in a hex editor, it turns out that one of the magic numbers for the ZIP format, PK\x05\x06, appears at offset 0xFA4. Can this be fixed? (If not, the error message should at least be clarified.)
Reminds me of T68428: MimeMagic: ZIP types not properly detected (though MimeMagic is now MimeAnalyzer).
Code that checks for PK\x05\x06 is at https://phabricator.wikimedia.org/source/mediawiki/browse/master/includes/libs/mime/MimeAnalyzer.php$808 and https://phabricator.wikimedia.org/source/mediawiki/browse/master/includes/utils/ZipDirectoryReader.php$221
There is a comment in the code that says, the zip check must/should be before getimagesize() (since 1347fc05a6110b72ff918967284fae936617d57c).
getimagesize() seems to be where the png mime type is detected. Due to this order the png seems to be miss-detected.