Page MenuHomePhabricator
Create Task
Maniphest T41012

Upload verification check broken. mp4 uploaded as .ogg
Closed, ResolvedPublic
Actions

Description

It seems that again our filetype verification checks are broken. The link is a recently uploaded mp4 file under a .ogg name.

This should not be possible with the WMF configuration.

Version: 1.20.x
Severity: normal
URL: https://en.wikipedia.org/wiki/File:02_Calma_Pueblo.ogg
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=48306
https://bugzilla.wikimedia.org/show_bug.cgi?id=22934

Details

Reference
bz39012

Related Objects

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 12:55 AM
bzimport added a project: MediaWiki-File-management.
bzimport set Reference to bz39012.
bzimport added a subscriber: Unknown Object (MLST).
TheDJ created this task.Aug 3 2012, 3:00 PM
Bawolff added a comment.Aug 3 2012, 3:58 PM

There's also a couple of "gif" files on commons that aren't really gif's which should be investigated.

Given how this sort of thing keeps popping up, it screams unittests ;)

Aklapper added a comment.Jan 4 2013, 3:49 PM

https://en.wikipedia.org/wiki/File:02_Calma_Pueblo.ogg only mentions November 2012 in its version history but this report is from August so that testcase is probably moot now.

Emufarmers added a comment.Apr 23 2013, 11:22 PM

User:Dispenser has compiled a list of affected files: https://commons.wikimedia.org/wiki/User:Dispenser/Wrong_Extension

Mattflaschen-WMF added a comment.Apr 26 2013, 9:39 PM
  • Bug 47709 has been marked as a duplicate of this bug. ***
Mattflaschen-WMF added a comment.Apr 26 2013, 9:45 PM

This is definitely still present. https://commons.wikimedia.org/wiki/File:2dschrodinger.ogg is from less than a month ago (April 7, 2013).

Bumping up to normal (could argue even higher).

McZusatz added a comment.May 21 2013, 4:22 PM

this was likely caused and (now) fixed by bug 48306 ?

Bawolff added a comment.May 21 2013, 4:52 PM

(In reply to comment #6)

this was likely caused and (now) fixed by bug 48306 ?

Not entirely. We still let through things that have a mime type not on the blacklist and have no known (to mediawiki) canonical extension associated with that mime type. (I think we should change that. Note I do not believe that represents a security issue currently, but probably not the best idea in terms of appropriate level of paranoia)

TheDJ added a comment.May 21 2013, 7:26 PM

I vaguely remember I once had a discussion with Tim S about this problem and he didn't consider it terribly important if I remember well (and specifically he said that it definitely wasn't a regression).

But I still don't like it, and there have also been quite a few complaints 'on wiki' about this.

Bawolff added a comment.May 21 2013, 8:56 PM

I think it would be appropriate to check if the target extension has a known mime type, and only allow the mimes with no known ext if the target ext has no associated mime.

Bawolff added a comment.Aug 19 2013, 8:29 PM
  • Bug 52990 has been marked as a duplicate of this bug. ***
Bawolff added a comment.Aug 19 2013, 8:29 PM

For mp4 specificly, see https://gerrit.wikimedia.org/r/79809

The issue in general still needs to be addressed.

gerritbot added a comment.Aug 19 2013, 11:48 PM

Change 79954 had a related patch set uploaded by Brian Wolff:
Be stricter for file types where we don't know canonical extension

https://gerrit.wikimedia.org/r/79954

gerritbot added a comment.Aug 21 2013, 6:17 PM

Change 79954 merged by jenkins-bot:
Be stricter for file types where we don't know canonical extension

https://gerrit.wikimedia.org/r/79954

Bawolff added a comment.Mar 9 2014, 8:14 AM
  • Bug 33549 has been marked as a duplicate of this bug. ***
McZusatz added a comment.May 16 2014, 5:49 PM

How come that someone uploaded _JPE_ files in May?

https://commons.wikimedia.org/wiki/File:Bombinhas_SC.jpe
https://commons.wikimedia.org/wiki/File:%D0%91%D1%83%D1%86%D1%8C%D0%BA%D0%B8%D0%B9_%D0%BA%D0%B0%D0%BD%D1%8C%D0%B9%D0%BE%D0%BD,_c._%D0%91%D1%83%D0%BA%D0%B8.jpe

Bawolff added a comment.May 16 2014, 7:06 PM

(In reply to Marco from comment #15)

How come that someone uploaded _JPE_ files in May?

https://commons.wikimedia.org/wiki/File:Bombinhas_SC.jpe
https://commons.wikimedia.org/wiki/File:
%D0%91%D1%83%D1%86%D1%8C%D0%BA%D0%B8%D0%B9_%D0%BA%D0%B0%D0%BD%D1%8C%D0%B9%D0%
BE%D0%BD,_c._%D0%91%D1%83%D0%BA%D0%B8.jpe

Looks like issue with file move code (both moved to new name by Ahonc)

Gilles added a project: Multimedia.Dec 4 2014, 10:20 AM
Gilles raised the priority of this task from Medium to Unbreak Now!.Dec 4 2014, 10:25 AM
Gilles moved this task from Untriaged to Done on the Multimedia board.
Gilles lowered the priority of this task from Unbreak Now! to Medium.Dec 4 2014, 11:20 AM
Mattflaschen-WMF unsubscribed.Dec 9 2014, 3:47 AM
kaldari merged a task: T54990: MP4 upload to Wikimedia Commons not blocked by type checking.Feb 6 2020, 2:52 AM
kaldari added subscribers: Magnus, Rillke, Fastily.
Restricted Application added a project: Commons. · View Herald TranscriptFeb 6 2020, 2:52 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL