.mp3s attached to issues?
dww - December 11, 2006 - 16:19
| Project: | Drupal.org webmasters |
| Component: | Spam |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Description
as reported in http://drupal.org/node/100906 it seems that a few people have taken to posting .mp3 files attached to issues. :(
sorted by date, they are:
-rw-rw-r-- 1 dries apache 769318 Aug 25 2005 VomiT-Souless.mp3
-rw-r--r-- 1 apache apache 28001 Mar 22 2006 test.mp3
-rw-rw-r-- 1 apache apache 1682786 Apr 13 2006 01 Ode.mp3
-rw-rw-r-- 1 apache apache 51752 Jun 24 08:40 eemaan_ibn_baz.mp3
-rw-rw-r-- 1 apache apache 866609 Jul 2 11:27 FirstOfMay.mp3for now, i moved all of them to /var/www/drupal.org/tmp-files.
what else should we do about this? sadly, there's not yet a setting to limit what file extensions can be attached to issues (i know, there should be... but i'm only human and there's only so much i can do). ;)
anything else to be done in the meantime? (cron job to check the files/issues dir for *.mp3, etc?)
or should this just move immediately to project_issue.module's queue, instead? ;)
thanks,
-derek
#1
Doesn't D.org use the usual upload.module for attachments? It supports file type limitation based on file extensions.
#2
Yes, but not project module. Project module was built in the dark ages and does its own attachment handling.
#3
Project Issue implements per role whitelists and non-terminal extension munging since about 5 days (DRUPAL-SA-2007-004), so this shouldn't be a problem in the future.
We'll need to take a look in the issues directory once more and delete remaining junk, then this issue can be closed.
#4
although, in theory, desperate folks could still post .mp3s, which get converted to .mp3.txt, then they could share that link and folks would just have to save the downloaded file and rename it... certainly more of a pain, so much less likely to be abused, but still a little troublesome. *shrug*
#5
Has #5 task been done? Good to close this issue now that we restrict issue attachment types?