> This may be a more generic problem, see: > https://bugzilla.wikimedia.org/show_bug.cgi?id=18684 - Uploading office 2007 > files (docx, pptx etc) results in error. > > When I mentioned this on-line one time, someone pointed out the problem with > having a mime.types file specifically for MediaWiki when it probably should > be dynamically resolved. > > I forget the exact suggestion, but there are security bypass issues and > maybe we should take a look at implementing more generically.
Hmmm I wonder if this merits a new bug report? or an addition to the MS Office related one? >> As a workaround you can try modifying includes/mime.types and >> add the line: >> >> application/x-zip oxt >> >> since I don't see a application/x-zip line in the version >> 1.15.1 mime.types file, in which case you could just add >> "oxt" to the line. >> >> This will fool Mediawiki into matching the x-zip mime type >> with the "oxt" extension and allow the upload. application/x-zip seems to be ignored - I tried this change and there were no changes in the behavior. I also tried adding OXT to application/zip.. and this caught me up in the error that ZIP files are explicitly blocked by the MediaWiki mime type validation. This "can" be bypassed by disabling the mime type validation/check, but opens up (as I understand it) a hole for exploits. Since the OOo Wiki is quite public and subject to quite a lot of spamming and other malicious poking, I'm not so happy with workarounds that risk exploits :-( >> I think the problem is in "file", not the wiki nor anything >> you've done to it. :-) >> >> Specifically, you say that a "file -bi" reports those files >> as being application/x-zip. >> If I correctly recall some similar struggles I've had, that's >> the place to focus - convince "file" that what it is *really* >> is the MIME type for oxt. This is something we're also looking at.. trying to find a way to reset the mime type in the file itself. So far no success... C. _______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
