[Foundation-l] Code detecting bots?

Brion Vibber brion at wikimedia.org
Fri Aug 3 01:21:17 UTC 2007


Gregory Maxwell wrote:
> On 8/2/07, David Gerard <dgerard at gmail.com> wrote:
>> Really? I thought we ran "file" on uploads as well as looking at the extension.
> 
> We do. And if it doesn't match what we think it will be... we put a
> notice that no one notices on the image page.

That's incorrect.

If the detected filetype doesn't match the defined filetype for the
extension, then the upload is rejected.

(However note that at this moment we don't have very solid detection for
OGG.)

The warning on image pages about malicious code is bullshit -- we should
remove it, since it has nothing to do with reality.

Greg, don't be afraid to pop things into bugzilla or work with us over
in SVN to fix things up. :)

-- brion vibber (brion @ wikimedia.org)



More information about the foundation-l mailing list