Per r108369 CR comment, use StringUtils::escapeRegexReplacement() since backend name can have $1 or such. Also added comments to discourage such characters in backend names.

includes/filerepo/backend/FileBackend.php

@@ -42,8 +42,9 @@ abstract class FileBackend {
 	 * 
 	 * $config includes:
 	 *     'name'        : The unique name of this backend.
+	 *                     This should consist of alphanumberic, '-', and '_' characters.
 	 *     'wikiId'      : Prefix to container names that is unique to this wiki.
-	 *                     This should consist of alphanumberic, '-', and '_' chars.
+	 *                     This should consist of alphanumberic, '-', and '_' characters.
 	 *     'lockManager' : Registered name of a file lock manager to use.
 	 *     'readOnly'    : Write operations are disallowed if this is a non-empty string.
 	 *                     It should be an explanation for the backend being read-only.

includes/filerepo/backend/FileBackendMultiWrite.php

@@ -256,7 +256,7 @@ class FileBackendMultiWrite extends FileBackend {
 	protected function substPaths( $paths, FileBackendStore $backend ) {
 		return preg_replace(
 			'!^mwstore://' . preg_quote( $this->name ) . '/!',
-			'mwstore://' . $backend->getName() . '/',
+			StringUtils::escapeRegexReplacement( "mwstore://{$backend->getName()}/" ),
 			$paths // string or array
 		);
 	}
@@ -270,7 +270,7 @@ class FileBackendMultiWrite extends FileBackend {
 	protected function unsubstPaths( $paths ) {
 		return preg_replace(
 			'!^mwstore://([^/]+)!',
-			"mwstore://{$this->name}",
+			StringUtils::escapeRegexReplacement( "mwstore://{$this->name}" ),
 			$paths // string or array
 		);
 	}