On Tue, Oct 26, 2010 at 6:50 AM, Max Semenik <maxsem.wiki(a)gmail.com> wrote:
>
Instead of amassing social constructs around technical deficiency, I
propose to fix bug 24230 [1] by implementing proper checking for JAR
format. Also, we need to check all contents with antivirus and
disallow certain types of files inside archives (such as .exe). Once
we took all these precautions, I see no need to restrict ZIPs to any
special group. Of course, this doesn't mean that we soul allow all the
safe ZIPs, just several open ZIP-based file formats.
If we only want zip's for several formats, we should check that they
are of the expected type, _and_ that they consist of open file formats
within the zip.
e.g. Open Office XML (the MS format) can include binary files for OLE
objects and fonts (I think)
see "Table 2. Content types in a ZIP container"
http://msdn.microsoft.com/en-us/library/aa338205(office.12).aspx
OOXML can also include any other mimetype, which are registered
_within_ the zip, and linked into the main content file.
afaics, allowing only safe zip to be upload isn't difficult.
Expand the zip, and reject any zip which contains files on
$wgFileBlacklist, and not on $wgFileExtensions + $wgZipFileExtensions.
$wgZipFileExtensions would consist of array('xml')
Then check the mimetypes of the files in the zip, against
$wgMimeTypeBlacklist (with 'application/zip' removed), again allowing
desired XML mimetypes through.
--
John Vandenberg