From 3090ace527df340015aca6dcb5a14d8f94838d18 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Sun, 9 Mar 2014 06:08:19 -0300
Subject: [PATCH] When checking whitelist of extensions, only count last
 extension.

When we are doing blacklisted extensions, we count all extensions
as some programs (like apache sometimes) consider extensions that
aren't the final extension. However when doing whitelists we need
to only count the last extension, otherwise people can name files
foo.goodExt.BadExt. For example [[commons:File:Deamado ko.png.bmp]]

I do not believe this represents a security risk as bad files are
still filtered out. However it does allow unwanted files to be
uploaded.

Bug: 62451
Change-Id: Ie27c15f749812710571f432bc5915e498f8017e3
---
 includes/upload/UploadBase.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index db7a24e4e8..6cce4ac3f2 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -786,7 +786,7 @@ abstract class UploadBase {
 			return $this->mTitle;
 		} elseif ( $blackListedExtensions ||
 				( $wgCheckFileExtensions && $wgStrictFileExtensions &&
-					!$this->checkFileExtensionList( $ext, $wgFileExtensions ) ) ) {
+					!$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) ) {
 			$this->mBlackListedExtensions = $blackListedExtensions;
 			$this->mTitleError = self::FILETYPE_BADTYPE;
 			$this->mTitle = null;
-- 
2.20.1