Bug #17434
closedCan't upload a Java file
Added by Raffi Khatchadourian almost 2 years ago. Updated almost 2 years ago.
0%
Description
I'm trying to upload a supplemental Java file for a programming assignment. However, I don't have permissions:
“MyVisitor.java” has failed to upload.
Sorry, you are not allowed to upload this file type.
Why can't I upload a Java file?
Files
InfoGatherer.java (7.19 KB) InfoGatherer.java | Sample Java file. | Raffi Khatchadourian, 2023-01-04 09:43 AM |
Updated by Raffi Khatchadourian almost 2 years ago
BTW, I found this post: https://stackoverflow.com/questions/23113552/how-to-upload-jar-file-in-wordpress#answer-31706825
Updated by Boone Gorges almost 2 years ago
- Assignee set to Raymond Hoh
Ray, are there security issues with allowing .jar files to be uploaded?
Updated by Raymond Hoh almost 2 years ago
Why can't I upload a Java file?
WordPress multisite restricts many file types from uploading by default. We have to manually add exceptions for file types on a case-by-case basis. Boone, I think we can do a better job here. I've just created a ticket about this in #17445.
Ray, are there security issues with allowing .jar files to be uploaded?
I think .java
files should be okay as they are just text files. .jar
files on the other hand, I would say no as they can be executable when downloaded and if Java is installed on the user's operating system. In #5047, we made an exception for .js
files only on that user's site. Perhaps we should only limit .java
uploads on Raffi's site. What do you think, Boone?
If we decide to allow .java
files for uploading, Raffi, can you upload your sample .java
file here? WordPress uses PHP's FileInfo
extension to parse the file's mime type. Depending on the contents of the file, the FileInfo
extension can incorrectly assume that .java
files uses the text/x-c
mime type or the text/x-c++ mime type when they should be "text/plain". Also see https://core.trac.wordpress.org/ticket/40175.
In the meantime, Raffi, as an alternative, you could add your .java
file to Github Gist and then, you could use the "oEmbed Gist" WordPress plugin to embed your .java
file on your page until we've made a decision about allowing .java
files.
Updated by Raffi Khatchadourian almost 2 years ago
- File InfoGatherer.java InfoGatherer.java added
Raymond Hoh wrote in #note-3:
Why can't I upload a Java file?
WordPress multisite restricts many file types from uploading by default. We have to manually add exceptions for file types on a case-by-case basis. Boone, I think we can do a better job here. I've just created a ticket about this in #17445.
Ray, are there security issues with allowing .jar files to be uploaded?
I think
.java
files should be okay as they are just text files..jar
files on the other hand, I would say no as they can be executable when downloaded and if Java is installed on the user's operating system. In #5047, we made an exception for.js
files only on that user's site. Perhaps we should only limit.java
uploads on Raffi's site. What do you think, Boone?If we decide to allow
.java
files for uploading, Raffi, can you upload your sample.java
file here?
Yes.
WordPress uses PHP's
FileInfo
extension to parse the file's mime type. Depending on the contents of the file, theFileInfo
extension can incorrectly assume that.java
files uses thetext/x-c
mime type or the text/x-c++ mime type when they should be "text/plain". Also see https://core.trac.wordpress.org/ticket/40175.In the meantime, Raffi, as an alternative, you could add your
.java
file to Github Gist and then, you could use the "oEmbed Gist" WordPress plugin to embed your.java
file on your page until we've made a decision about allowing.java
files.
OK, thanks. As you said, Java files are just plain text.
Updated by Raffi Khatchadourian almost 2 years ago
In fact, Redmine allows me to upload a Java file :).
Updated by Boone Gorges almost 2 years ago
Ray, thanks for the analysis. Uploading text/plain
.java files definitely seems OK to me.
Raffi, does this seem like enough for your purpose? Allowing compiled Java executables to be uploaded is more problematic.
Updated by Raffi Khatchadourian almost 2 years ago
Boone Gorges wrote in #note-6:
...
Raffi, does this seem like enough for your purpose? Allowing compiled Java executables to be uploaded is more problematic.
It would be Java source files. Thanks, Boone and Ray!
Updated by Raymond Hoh almost 2 years ago
- Category name set to WordPress - Media
- Status changed from New to Staged for Production Release
- Target version set to 2.0.15
Thanks for sharing your .java
file, Raffi. I parsed the mime type for this file and it is text/x-java
.
I've registered the text/x-java
mime type to our codebase: https://github.com/cuny-academic-commons/cac/commit/94ffc4ecf1fc7375356344bac35385c5d6b3c00c . This will be available for next Tuesday's release. If you need it sooner, let us know.
Also, after next Tuesday's release, if you plan on uploading more .java
files and you are not able to, then we might need to register more .java
mime types with WordPress. If that is the case, attach those .java
files to this ticket and we'll add them.
Updated by Boone Gorges almost 2 years ago
- Status changed from Staged for Production Release to Resolved