garlik-gag
commented
12 years ago Hi, thanks for your return, translations and corrections.
I change the mimetype control by a config option string and a strpos control.
About security, there are others controls which verifies that we are dealing with an odt file or something like an odt file (it's a zip file with a content.xml file ...). If it not, the file will be deleted.
I make some changes and add a security rules :
- someone who can't upload file can't store the file in the wiki (just parse it as a wiki page without picture and other attached file).
I upload the new version tonight.
mprins
On Windows XP using Google Chrome version 19.0.1084.56 m the upload form is sent with
application/octetstreamas mime type, this causes the check for mime type (https://github.com/garlik-gag/dokuwiki-plugin-odt2dw/blob/master/odt2dw/action.php#L284) to fail as it only checks forapplication/vnd.oasis.opendocument.textApparently Chrome on Windows does not know about .odt, I have not tested other browsers, but when I comment out this line the upload and processing succeeds.
I think it would be good to check for
application/octetstreamas well and consider this valid (even though this opens the door for other types of files, on windows the mime type is only determined by the file extension so people can upload anything invalid anyway), the other option may be to make this a config option..