Project

General

Profile

Actions
Copy link

Bug #17434

closed

Can't upload a Java file

Added by Raffi Khatchadourian almost 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Raymond Hoh
Category name:
WordPress - Media
Target version:
2.0.15
Start date:
2022-12-29
Due date:
% Done:

0%

Estimated time:
Deployment actions:

Description

I'm trying to upload a supplemental Java file for a programming assignment. However, I don't have permissions:

“MyVisitor.java” has failed to upload.
Sorry, you are not allowed to upload this file type.

Why can't I upload a Java file?

Files

InfoGatherer.java (7.19 KB) InfoGatherer.java Sample Java file. Raffi Khatchadourian, 2023-01-04 09:43 AM
Actions
Copy link
 #2

Updated by Boone Gorges almost 2 years ago

  • Assignee set to Raymond Hoh

Ray, are there security issues with allowing .jar files to be uploaded?

Actions
Copy link
 #3

Updated by Raymond Hoh almost 2 years ago

Why can't I upload a Java file?

WordPress multisite restricts many file types from uploading by default. We have to manually add exceptions for file types on a case-by-case basis. Boone, I think we can do a better job here. I've just created a ticket about this in #17445.

Ray, are there security issues with allowing .jar files to be uploaded?

I think .java files should be okay as they are just text files. .jar files on the other hand, I would say no as they can be executable when downloaded and if Java is installed on the user's operating system. In #5047, we made an exception for .js files only on that user's site. Perhaps we should only limit .java uploads on Raffi's site. What do you think, Boone?

If we decide to allow .java files for uploading, Raffi, can you upload your sample .java file here? WordPress uses PHP's FileInfo extension to parse the file's mime type. Depending on the contents of the file, the FileInfo extension can incorrectly assume that .java files uses the text/x-c mime type or the text/x-c++ mime type when they should be "text/plain". Also see https://core.trac.wordpress.org/ticket/40175.

In the meantime, Raffi, as an alternative, you could add your .java file to Github Gist and then, you could use the "oEmbed Gist" WordPress plugin to embed your .java file on your page until we've made a decision about allowing .java files.

Actions
Copy link
 #4

Updated by Raffi Khatchadourian almost 2 years ago

Raymond Hoh wrote in #note-3:

Why can't I upload a Java file?

WordPress multisite restricts many file types from uploading by default. We have to manually add exceptions for file types on a case-by-case basis. Boone, I think we can do a better job here. I've just created a ticket about this in #17445.

Ray, are there security issues with allowing .jar files to be uploaded?

I think .java files should be okay as they are just text files. .jar files on the other hand, I would say no as they can be executable when downloaded and if Java is installed on the user's operating system. In #5047, we made an exception for .js files only on that user's site. Perhaps we should only limit .java uploads on Raffi's site. What do you think, Boone?

If we decide to allow .java files for uploading, Raffi, can you upload your sample .java file here?

Yes.

WordPress uses PHP's FileInfo extension to parse the file's mime type. Depending on the contents of the file, the FileInfo extension can incorrectly assume that .java files uses the text/x-c mime type or the text/x-c++ mime type when they should be "text/plain". Also see https://core.trac.wordpress.org/ticket/40175.

In the meantime, Raffi, as an alternative, you could add your .java file to Github Gist and then, you could use the "oEmbed Gist" WordPress plugin to embed your .java file on your page until we've made a decision about allowing .java files.

OK, thanks. As you said, Java files are just plain text.

Actions
Copy link
 #5

Updated by Raffi Khatchadourian almost 2 years ago

In fact, Redmine allows me to upload a Java file :).

Actions
Copy link
 #6

Updated by Boone Gorges almost 2 years ago

Ray, thanks for the analysis. Uploading text/plain .java files definitely seems OK to me.

Raffi, does this seem like enough for your purpose? Allowing compiled Java executables to be uploaded is more problematic.

Actions
Copy link
 #7

Updated by Raffi Khatchadourian almost 2 years ago

Boone Gorges wrote in #note-6:

...

Raffi, does this seem like enough for your purpose? Allowing compiled Java executables to be uploaded is more problematic.

It would be Java source files. Thanks, Boone and Ray!

Actions
Copy link
 #8

Updated by Raymond Hoh almost 2 years ago

  • Category name set to WordPress - Media
  • Status changed from New to Staged for Production Release
  • Target version set to 2.0.15

Thanks for sharing your .java file, Raffi. I parsed the mime type for this file and it is text/x-java.

I've registered the text/x-java mime type to our codebase: https://github.com/cuny-academic-commons/cac/commit/94ffc4ecf1fc7375356344bac35385c5d6b3c00c . This will be available for next Tuesday's release. If you need it sooner, let us know.

Also, after next Tuesday's release, if you plan on uploading more .java files and you are not able to, then we might need to register more .java mime types with WordPress. If that is the case, attach those .java files to this ticket and we'll add them.

Actions
Copy link
 #9

Updated by Raffi Khatchadourian almost 2 years ago

Thanks, Raymond.

Actions
Copy link
 #10

Updated by Boone Gorges almost 2 years ago

  • Status changed from Staged for Production Release to Resolved
Actions
Copy link

Also available in: Atom PDF