* by looking at the file extension. Typically, this method would be called on the
* result of guessMimeType().
*
- * Currently, this method does the following:
- *
- * If $mime is "unknown/unknown" and isRecognizableExtension( $ext ) returns false,
- * return the result of guessTypesForExtension($ext).
- *
- * If $mime is "application/x-opc+zip" and isMatchingExtension( $ext, $mime )
- * gives true, return the result of guessTypesForExtension($ext).
- *
* @param string $mime The mime type, typically guessed from a file's content.
* @param string $ext The file extension, as taken from the file name
*
".$ext is not a known OPC extension.\n" );
$mime = 'application/zip';
}
+ } elseif ( $mime === 'text/plain' && $this->findMediaType( ".$ext" ) === MEDIATYPE_TEXT ) {
+ // Textual types are sometimes not recognized properly.
+ // If detected as text/plain, and has an extension which is textual
+ // improve to the extension's type. For example, csv and json are often
+ // misdetected as text/plain.
+ $mime = $this->guessTypesForExtension( $ext );
}
if ( isset( $this->mMimeTypeAliases[$mime] ) ) {
$head = fread( $f, 256 );
fclose( $f );
- $head = strtolower( $head );
+ $head = str_replace( 'ffmpeg2theora', '', strtolower( $head ) );
// This is an UGLY HACK, file should be parsed correctly
if ( strpos( $head, 'theora' ) !== false ) {
text/html application/xhtml+xml [TEXT]
application/xml text/xml [TEXT]
text [TEXT]
+ application/json [TEXT]
+ text/csv [TEXT]
+ text/tab-separated-values [TEXT]
application/zip application/x-zip [ARCHIVE]
application/x-gzip [ARCHIVE]
application/vnd.ms-excel.addin.macroEnabled.12 [OFFICE]
application/vnd.ms-excel.sheet.binary.macroEnabled.12 [OFFICE]
application/acad application/x-acad application/autocad_dwg image/x-dwg application/dwg application/x-dwg application/x-autocad image/vnd.dwg drawing/dwg [DRAWING]
+chemical/x-mdl-molfile [DRAWING]
+chemical/x-mdl-sdfile [DRAWING]
+chemical/x-mdl-rxnfile [DRAWING]
+chemical/x-mdl-rdfile [DRAWING]
+chemical/x-mdl-rgfile [DRAWING]
application/x-hdf hdf
application/x-jar jar
application/x-javascript js
+ application/json json
application/x-koan skp skd skt skm
application/x-latex latex
application/x-netcdf nc cdf
model/vrml wrl vrml
text/calendar ics ifb
text/css css
+ text/csv csv
text/html html htm
text/plain txt
text/richtext rtx
model/vnd.dwfx+xps dwfx
application/vnd.ms-xpsdocument xps
application/x-opc+zip docx dotx docm dotm potx ppsx pptx ppam pptm potm ppsm xlsx xltx xlsm xltm xlam xlsb dwfx xps
+chemical/x-mdl-molfile mol
+chemical/x-mdl-sdfile sdf
+chemical/x-mdl-rxnfile rxn
+chemical/x-mdl-rdfile rd
+chemical/x-mdl-rgfile rg
* Can be overridden by subclasses.
*
* @param User $user
- * @return bool
+ * @return bool|string
*/
public static function isAllowed( $user ) {
foreach ( array( 'upload', 'edit' ) as $permission ) {
}
$this->mFileProps = FSFile::getPropsFromPath( $this->mTempPath, $this->mFinalExtension );
- $mime = $this->mFileProps['file-mime'];
+ $mime = $this->mFileProps['mime'];
if ( $wgVerifyMimeType ) {
# XXX: Missing extension will be caught by validateName() via getTitle()
return true;
}
- # href with javascript target
- if ( $stripped == 'href' && strpos( strtolower( $value ), 'javascript:' ) !== false ) {
- wfDebug( __METHOD__
- . ": Found script in href attribute '$attrib'='$value' in uploaded file.\n" );
+ # href with non-local target (don't allow http://, javascript:, etc)
+ if ( $stripped == 'href'
+ && strpos( $value, 'data:' ) !== 0
+ && strpos( $value, '#' ) !== 0
+ ) {
+ if ( !( $strippedElement === 'a'
+ && preg_match( '!^https?://!im', $value ) )
+ ) {
+ wfDebug( __METHOD__ . ": Found href attribute <$strippedElement "
+ . "'$attrib'='$value' in uploaded file.\n" );
- return true;
+ return true;
+ }
}
# href with embedded svg as target