Page MenuHomePhabricator
Create Task
Maniphest T27131

Enable upload of OpenOffice-files on nowikimedia
Closed, DeclinedPublic
Actions

Description

Author: laaknor-wmfbugzilla

Description:
We need to share some files on our public chapter-wiki. Can you enable upload of ODF/ODP/ODT/ODS on no.wikimedia?

Version: unspecified
Severity: enhancement

Details

Reference
bz25131

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 21 2014, 11:16 PM
bzimport added projects: Wikimedia-Site-requests, Shell.
bzimport set Reference to bz25131.
bzimport created this task.Sep 10 2010, 5:03 PM
RobH added a comment.Sep 10 2010, 5:08 PM

It appears that this is only enabled on private wikis. No public wikis on the project have this ability.

It seems to be broken down only by if it is public or private. I imagine its due to exploits possible by uploading those file types.

I will email our tech list and ensure that is why it is this way.

RobH added a comment.Sep 13 2010, 1:01 PM

In reviewing this with some of the tech staff, it seems that indeed, open office file formats are not allowed on public projects. Upload of a maliciously crafted OpenOffice document leads to CSRF. Any public wiki with OpenOffice uploads enabled is vulnerable.

That pretty much means we do not enable them on public wikis. Right now your wiki is both public, open registration, and anyone can edit. So we cannot enable these file types on the project.

Restricted Application added subscribers: jeblad, Danmichaelo. · View Herald TranscriptMay 15 2018, 1:38 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL