Page MenuHomePhabricator
Create Task
Maniphest T24933

Upload a new version bypasses file extension checks
Closed, ResolvedPublic
Actions

Description

When you choose "upload a new version", you can upload an arbitrary file type. For instance, you can upload a gif and then reupload a BMP file on top of it.

By default this will succeed, because by default the "ignore warnings" option is checked. This cannot be the intent. The ignore warnings option should probably not be checked by default.

Version: unspecified
Severity: major

Details

Reference
bz22933

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:00 PM
bzimport added a project: MediaWiki-File-management.
bzimport set Reference to bz22933.
bzimport added a subscriber: Unknown Object (MLST).
TheDJ created this task.Mar 23 2010, 8:21 PM
TheDJ added a comment.Mar 23 2010, 8:37 PM

The upload form itself only gives the warning "There's already a file with that name. Do you want to overwrite it?", and it does not say anything about the changed filetype either.

TheDJ added a comment.Apr 1 2010, 1:19 PM

This issue is fixed in trunk, but still broken in wmf-deployment.

bzimport added a comment.Apr 11 2010, 9:18 PM

Bryan.TongMinh wrote:

Probably fixed with the recent deployment?

Gilles added a project: Multimedia.Dec 4 2014, 10:43 AM
Gilles moved this task from Untriaged to Done on the Multimedia board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL