Checking Mediawiki Uploads

Proof of concept

Feedback: Please go to this discussion page to tell me what you think about this.

Source code: checkfile.php, checkfile-test.php

Test files: Download (right-click!) these and try to upload them usung this form.

• image.svg: a svg image (should pass) [show svg]
• html.html: a small html file.
• html.svg: the same html file, mislabeled as svg.
• mixed.txt: text containing html markup.
• scripted.svg: a svg file containing javascript instructions. [show svg]
• empty.txt: an empty file
• eicar_com-virus-test.zip: Zip-File that will be reported as a virus - this is a well known test file from eicar.com and completely harmles.

Setup:

• $virus_scanner: clamscan --no-summary
• $virus_scanner_codes: Array ( [0] => 0 [1] => 1 [52] => -1 [*] => )
• $reject_on_failed_scan: 1
• $forbidden_mime: Array ( [0] => text/html [1] => text/xhtml [2] => application/xhtml [3] => application/xhtml+xml [4] => text/javascript [5] => text/ecmascript [6] => application/x-dosexec )
• $mime_to_ext: Array ( [image/gif] => Array ( [0] => gif ) [image/jpeg] => Array ( [0] => jpg [1] => jpeg ) [image/png] => Array ( [0] => png ) [application/svg+xml] => Array ( [0] => svg ) [image/svg] => Array ( [0] => svg ) )