Affects Version/s: None
Fix Version/s: 2013-08-05
I realise that the images don't pass through MB's servers, so I assume this request will need forwarding to the IA.
While we do check for JPEG file extensions, this has proven to be insufficient. See
CAA-23 for a list of what I found in the first few weeks (PNGs, TIFFs, BMPs and HTML files so far).
There are several reasons why it happens:
- The image was taken from a site which served it with the wrong extension.
- The user changed the file extension, thinking that that would convert the file.
- The image was saved from a site which embedded it in a HTML page (or from web.archive.org and their bloody interstitial pages)
- The user changed the file extension just to get around the filter.
In the first two cases, the user has no reason to believe that the image is not a JPEG and in the last case, the user doesn't care, so I think a technical solution is the only option.
The way I would expect it to work is that when someone uploads a file, if it's not acceptable, instead saving the image and printing the code that submits the edit, it wouldn't save the image and would instead print an error with a link to a help page.
Once we add GIF/PNG support, this could also be used to automatically change the extension, so that if someone uploads a PNG as foo.jpg, it's accepted but changed to foo.png.