Hi dear tech folks,
The MediaWiki 1.18 release notes stated the following:
“(bug 24230 [1]) Uploads of ZIP types, such as MS Office or OpenOffice can now be safely enabled. A ZIP file reader was added which can scan a ZIP file for potentially dangerous Java applets. This allows applets to be blocked specifically, rather than all ZIP files being blocked.”
On the Wikimedia Commons village pump [2], concerns were still raised about security (some referred to macros specifically).
Brion stated in 2008 that the ZIP issue was the only problem we had with OpenDocument upload [3], and TheDJ confirmed so in said thread; but let’s make it super-extra clear as for the technical side:
* Is it completely safe to enable upload of OpenDocument files on Wikimedia Commons? * If not, would you advise us to restrict this type of uploads to trusted users? [4]
With this confirmation, we can quietly discuss on Commons whether we want this or not :-)
Thanks for your help!
[1] https://bugzilla.wikimedia.org/show_bug.cgi?id=24230 [2] < https://commons.wikimedia.org/wiki/Commons:Village_pump/Archive/2012/03#Enab...
[3] < http://lists.wikimedia.org/pipermail/wikitech-l/2008-November/040246.html%3E [4] in the spirit of < https://commons.wikimedia.org/wiki/Commons:Restricted_uploads%3E
On Sun, Apr 8, 2012 at 11:04 AM, Jean-Frédéric jeanfrederic.wiki@gmail.com wrote:
- If not, would you advise us to restrict this type of uploads to trusted
users? [4]
Just a minor note on this point: we don't currently have any support for per-group uploads. Ideally you would have some sort of array with the key being the user right and the value(s) being the file type(s) that you only want to allow for those users. This would leave upload behavior unchanged for the rest of allowed filetypes.
-Chad
wikitech-l@lists.wikimedia.org