Page MenuHomePhabricator
Create Task
Maniphest T3672

html upload fails even when extension .html is whitelisted
Closed, ResolvedPublic
Actions

Description

Author: chris

Description:
The UploadForm::Verify() method will still fail really basic html files, even
when the extension is whitelisted, removed from the blacklist, and file
extensions aren't checked nor strict. The only way to upload html files was to
comment out the $this->verify() section of SpecialUpload.php (lines 210-212).
I'm deploying this mediawiki on my corporate intranet, so all users are trusted.
There should be some way to express this trust in the user settings, without
commenting out useful code like verify().

Version: 1.17.x
Severity: normal

Details

Reference
bz1672

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 8:15 PM
bzimport added a project: MediaWiki-Uploading.
bzimport set Reference to bz1672.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Mar 9 2005, 10:14 PM
bzimport added a comment.Jun 14 2005, 3:51 PM

avarab wrote:

I've done this recently in HEAD and REL1_4, please confirm whether or not the
problem persists.

Marking this as WORKSFORME.

Emufarmers added a comment.Jun 17 2009, 2:02 AM

There's still no way to disable UploadForm::detectScript() without commenting out code.

Emufarmers added a comment.Jun 17 2009, 2:06 AM

Adds a new global, $wgDisableUploadScriptChecks, which will disable the checks

Attached:

allowscriptuploads.patch2 KBDownload

demon added a comment.Sep 22 2009, 7:47 PM

(In reply to comment #3)

Created an attachment (id=6233) [details]
Adds a new global, $wgDisableUploadScriptChecks, which will disable the checks

Cf bug 18684.

Peachey88 added a comment.Apr 30 2011, 12:09 AM

*Bulk BZ Change: +Patch to open bugs with patches attached that are missing the keyword*

Catrope added a comment.Nov 20 2011, 6:58 PM

Modified patch committed in r103772.

Gilles added a project: Multimedia.Dec 4 2014, 10:54 AM
Gilles moved this task from Untriaged to Done on the Multimedia board.Dec 4 2014, 10:59 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL