[Bug 24230] New: Implement JAR detection

bugzilla-daemon Fri, 02 Jul 2010 05:17:46 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=24230


           Summary: Implement JAR detection
           Product: MediaWiki
           Version: 1.17-svn
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: Normal
         Component: Uploading
        AssignedTo: wikibugs-l@lists.wikimedia.org
        ReportedBy: hart...@videolan.org
                CC: gpaum...@wikimedia.org, bryan.tongm...@gmail.com


We should find a reliable JAR detection routine, so that we can block JAR
files, instead of having to whitelist all the different zip based fileformats.

Solution:
* Do a simple ZIP detection like we have now:
* Read with ZipArchive http://php.net/manual/en/ref.zip.php
* Traverse and look with zip_entry_name() for files with:
** MANIFEST.MF
** .class or .java or .jar

I'm not sure if this works well enough to plug the GIFAR hole however, because
we don't really know how Java detects if a zip == a jar. Will have to be
verified somehow.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 24230] New: Implement JAR detection

Reply via email to