https://bugzilla.wikimedia.org/show_bug.cgi?id=24230
Summary: Implement JAR detection Product: MediaWiki Version: 1.17-svn Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: Normal Component: Uploading AssignedTo: wikibugs-l@lists.wikimedia.org ReportedBy: hart...@videolan.org CC: gpaum...@wikimedia.org, bryan.tongm...@gmail.com We should find a reliable JAR detection routine, so that we can block JAR files, instead of having to whitelist all the different zip based fileformats. Solution: * Do a simple ZIP detection like we have now: * Read with ZipArchive http://php.net/manual/en/ref.zip.php * Traverse and look with zip_entry_name() for files with: ** MANIFEST.MF ** .class or .java or .jar I'm not sure if this works well enough to plug the GIFAR hole however, because we don't really know how Java detects if a zip == a jar. Will have to be verified somehow. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l