git.heureux-cyclage.org - lhc/web/wiklou.git/commit

author	Brian Wolff <bawolff+wn@gmail.com>
	Tue, 24 Jun 2014 19:15:32 +0000 (16:15 -0300)
committer	Brian Wolff <bawolff+wn@gmail.com>
	Fri, 4 Jul 2014 07:03:31 +0000 (04:03 -0300)
commit	69905ce9c7dc2a5dcc2f0c6fee424d307d297e8e
tree	3524b06c3bea129a4e0b0b449de6a940f31767f7	tree \| snapshot
parent	3fd9ff66f5718de594e567fd55285740e84faf9e	commit \| diff

Fix mime detection of easily-confused-with text/plain formats

json, csv, and tsv are often detected as text/plain. However that's
not right. This patch causes MediaWiki to look at the file extension
of files detected as text/plain, and if the file extension is
for a "textual" type, use the mime type associated with that extension.

This change also changes the "does mime type match uploaded file
extension" check to use the mime based on the file contents
plus extension, as opposed to just the file contents. Various
documentation suggests this is more appropriate (e.g. line 807
of MimeMagic.php). In my opinion we should use just the file
contents when verifying file is not on blacklist, but use ext
when verifying file type matches extension, and for decided
what handler specific checks to run. Not the detect mime type
with extension doesn't override the detected mime type with
the extension, but only uses the extension if content based
detection is ambigious or not specific enough.

This patch should be reviewed by csteipp before merge for
any potential security implications.

Note: This is partially fixing a regression from 3846d1048766a7,
where previously csv and json files were allowed to be uploaded,
and that change prevented them

Bug: 66036
Bug: 45424
Change-Id: Ib637fe6850a81b26f84dc8c00ab4772f3d3a1f34

includes/MimeMagic.php		diff \| blob \| history
includes/mime.info		diff \| blob \| history
includes/mime.types		diff \| blob \| history
includes/upload/UploadBase.php		diff \| blob \| history
tests/phpunit/includes/MimeMagicTest.php	[new file with mode: 0644]	blob