910d146679
Remove the special case GIFAR vulnerability check from UploadBase. I put it there because the GIFAR vulnerability was so severe that we needed to check for it even if $wgVerifyMimeType was false. Now that support for Java applets has been dropped from browsers, the vulnerability is not so severe and we can wind back the paranoia. Add a ZipDirectoryReader invocation to MimeAnalyzer, to replace some terrible regex hacks. This allows MimeAnalyzer to detect docx files saved by LibreOffice (T291750). This is also the new place for the GIFAR check. Add application/java to $wgMimeTypeExclusions so that JAR uploads are rejected. Since ZipDirectoryReader cannot look inside the contents of files in the package, it can't detect the subtype of Open Document files. Use the file extension instead, like what we do for Microsoft OPC files. Remove public method detectZipType -- no callers in code search. Bug: T291750 Change-Id: Iff1611c7adda9c0f0ed31593bad6dfffc9c9a086 |
||
|---|---|---|
| .. | ||
| MimeAnalyzerTest.php | ||
| MSCompoundFileReaderTest.php | ||