On Tue, Oct 26, 2010 at 6:50 AM, Max Semenik maxsem.wiki@gmail.com wrote:
Instead of amassing social constructs around technical deficiency, I propose to fix bug 24230 [1] by implementing proper checking for JAR format. Also, we need to check all contents with antivirus and disallow certain types of files inside archives (such as .exe). Once we took all these precautions, I see no need to restrict ZIPs to any special group. Of course, this doesn't mean that we soul allow all the safe ZIPs, just several open ZIP-based file formats.
If we only want zip's for several formats, we should check that they are of the expected type, _and_ that they consist of open file formats within the zip.
e.g. Open Office XML (the MS format) can include binary files for OLE objects and fonts (I think)
see "Table 2. Content types in a ZIP container"
http://msdn.microsoft.com/en-us/library/aa338205(office.12).aspx
OOXML can also include any other mimetype, which are registered _within_ the zip, and linked into the main content file.
afaics, allowing only safe zip to be upload isn't difficult.
Expand the zip, and reject any zip which contains files on $wgFileBlacklist, and not on $wgFileExtensions + $wgZipFileExtensions.
$wgZipFileExtensions would consist of array('xml')
Then check the mimetypes of the files in the zip, against $wgMimeTypeBlacklist (with 'application/zip' removed), again allowing desired XML mimetypes through.
-- John Vandenberg