* Forbid files with * and ? to be uploaded under Windows (it caused internal errors since such characters are illegal there)
* Forbid files to be moved to invalid filenames * wfVarDump() should use var_dump(), not var_export()
This commit is contained in:
Victor Vasiliev
parent
c91511cef9
commit
e7487c0789
6 changed files with 33 additions and 1 deletions
|
|
@ -431,6 +431,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
|
|||
on non-mySQL schemas.
|
||||
* (bug 14763) Child classes of Database (DatabasePostgres and DatabaseOracle)
|
||||
had stict standards issues with setFakeSlaveLag() and setFakeMaster().
|
||||
* Image now can't contain "*" or "?" characters under Windows
|
||||
|
||||
=== API changes in 1.13 ===
|
||||
|
||||
|
|
|
|||
|
|
@ -862,7 +862,10 @@ function wfMerge( $old, $mine, $yours, &$result ){
|
|||
*/
|
||||
function wfVarDump( $var ) {
|
||||
global $wgOut;
|
||||
$s = str_replace("\n","<br />\n", var_export( $var, true ) . "\n");
|
||||
ob_start();
|
||||
var_dump( $var );
|
||||
$s = str_replace("\n","<br />\n", ob_get_contents() . "\n");
|
||||
ob_end_clean();
|
||||
if ( headers_sent() || !@is_object( $wgOut ) ) {
|
||||
print $s;
|
||||
} else {
|
||||
|
|
@ -2364,3 +2367,24 @@ function wfGenerateToken( $salt = '' ) {
|
|||
|
||||
return md5( mt_rand( 0, 0x7fffffff ) . $salt );
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks filename for validity
|
||||
* @param mixed $title Filename or title to check
|
||||
*/
|
||||
function wfIsValidFileName( $name ) {
|
||||
if( !$name instanceof Title )
|
||||
if( !Title::makeTitleSafe( NS_IMAGE, $name ) )
|
||||
return false;
|
||||
else
|
||||
$name = $name->getText();
|
||||
|
||||
if( in_string( ':', $name ) )
|
||||
return false;
|
||||
elseif( wfBaseName( $name ) != $name )
|
||||
return false;
|
||||
elseif( wfIsWindows() && ( in_string( '*', $name ) || in_string( '?', $name ) ) )
|
||||
return false;
|
||||
else
|
||||
return true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2443,6 +2443,9 @@ class Title {
|
|||
if( $nt->getNamespace() != NS_IMAGE ) {
|
||||
$errors[] = array('imagenocrossnamespace');
|
||||
}
|
||||
if( !wfIsValidFileName( $nt ) ) {
|
||||
$errors[] = array('imageinvalidfilename');
|
||||
}
|
||||
if( !File::checkExtensionCompatibility( $file, $nt->getDbKey() ) ) {
|
||||
$errors[] = array('imagetypemismatch');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -427,6 +427,8 @@ class UploadForm {
|
|||
* out of it. We'll strip some silently that Title would die on.
|
||||
*/
|
||||
$filtered = preg_replace ( "/[^".Title::legalChars()."]|:/", '-', $filtered );
|
||||
if( wfIsWindows() )
|
||||
$filtered = preg_replace ( "/[*?]/", '-', $filtered );
|
||||
$nt = Title::makeTitleSafe( NS_IMAGE, $filtered );
|
||||
if( is_null( $nt ) ) {
|
||||
$resultDetails = array( 'filtered' => $filtered );
|
||||
|
|
|
|||
|
|
@ -2485,6 +2485,7 @@ cannot move a page over itself.',
|
|||
cannot move pages from and into that namespace.',
|
||||
'imagenocrossnamespace' => 'Cannot move file to non-file namespace',
|
||||
'imagetypemismatch' => 'The new file extension does not match its type',
|
||||
'imageinvalidfilename' => 'Target image file name is invalid',
|
||||
|
||||
# Export
|
||||
'export' => 'Export pages',
|
||||
|
|
|
|||
|
|
@ -1692,6 +1692,7 @@ $wgMessageStructure = array(
|
|||
'immobile_namespace',
|
||||
'imagenocrossnamespace',
|
||||
'imagetypemismatch',
|
||||
'imageinvalidfilename',
|
||||
),
|
||||
'export' => array(
|
||||
'export',
|
||||
|
|
|
|||
Loading…
Reference in a new issue