Page MenuHomePhabricator
Create Task
Maniphest T28809

Error message for file with multiple extensions, with one of them blacklisted, is confusing.
Closed, ResolvedPublic
Actions

Description

Author: dayson

Description:
If I upload a file with the name 'TextmeEncryption.php.zip' I get the following error message.

".zip" is not a permitted file type. Permitted file types are png, gif, jpg, jpeg, zip.

I have also added the following to my list LocalSettings.php

$wgFileExtensions[] = 'zip';
$wgVerifyMimeType = false; //disable mime type verification

If I rename the file to 'TextmeEncryption_php.zip', it works fine!

But this shouldn't be the expected behavior. The first file name used is absolutely appropriate too (Both in terms of naming and mime-type).

Version: 1.16.x
Severity: normal

Details

Reference
bz26809

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:15 PM
bzimport added a project: MediaWiki-Uploading.
bzimport set Reference to bz26809.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Jan 19 2011, 8:51 PM
Bawolff added a comment.Jan 19 2011, 9:10 PM

As Platonides pointed out in irc, this is intentional behaviour due to Apache taking secondary extenions sometimes into account.

However, the error message should be better. For a file like the reporter's above (foo.php.zip), we detect that the .php is blacklisted, so output the bad filetype message, but when outputting that message, we use the final extension in it (.zip), which is confusing to the user.

bzimport added a comment.Jan 22 2011, 8:34 PM

Bryan.TongMinh wrote:

Fixed in r80766.

Gilles added a project: Multimedia.Dec 4 2014, 10:26 AM
Gilles raised the priority of this task from Medium to Unbreak Now!.Dec 4 2014, 10:29 AM
Gilles moved this task from Untriaged to Done on the Multimedia board.
Gilles lowered the priority of this task from Unbreak Now! to Medium.Dec 4 2014, 11:21 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL