-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, Nov 16, 2008 at 10:47 PM, Lars Aronsson
<lars(a)aronsson.se> wrote:
> Can someone explain why the Wikimedia Commons accepts uploads of
> printable PDF documents (e.g. brochures) but not the editable
> source version in Open Document Format (e.g. .ODT). This seems to
> violate the open source principle.
ODT and other ZIP-based types are currently disabled on the public sites
until we've nailed down ZIP-based file security a bit better. (It's
enabled on the private sites; we have a basic file type check to confirm
that the file really thinks its an ODF of the appropriate extension, but
not yet checks to confirm there's not evil Java classes also sitting in
the ZIP etc.)
If someone would like to do some work on that, that'd be super -- we
haven't really been prioritizing it yet as there's not a lot of call for
ODF files outside the private working-group wikis.
There's an optional zip extension for PHP which should include support
for listing out the ZIP file directory; however since this isn't
included in PHP by default it might be nice to be able to read the
directory independently without the extension for general MediaWiki
installs. (It shouldn't be necessary to actually decompress anything for
our purposes here -- we're mainly looking for subfiles not expected in
an ODF, particularly Java classes that could be used for a session attack.)
Mohamed Magdy wrote:
I just uploaded a hybrid pdf and it is working
properly. you could use that
until ODFs are allowed.
http://www.oooninja.com/2008/06/pdf-import-hybrid-odf-pdfs-extension-30.html
I'd tend to recommend against that; if the edit updating isn't
transparent you're likely to have things get out of sync, or at least
just be kind of confusing.
On the other hand, it is nice to be able to have a PDF form for people
to download and print without needing to install the behemoth that is
OpenOffice. :)
- -- brion
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iEYEARECAAYFAkkhrd0ACgkQwRnhpk1wk44/8wCeKu+96bxfaWTDps+kmKy9/Mnk
G/0An2JjIWIx8Jy1fAwZekD1XWeiqHDx
=WwZU
-----END PGP SIGNATURE-----