*/
public function getRealPath( $srcPath ) {
$repo = RepoGroup::singleton()->getLocalRepo();
- if ( $repo->isVirtualUrl( $srcPath ) ) {
+ if ( FileRepo::isVirtualUrl( $srcPath ) ) {
/** @todo Just make uploads work with storage paths UploadFromStash
* loads files via virtual URLs.
*/
*/
list( $partname, $ext ) = $this->splitExtensions( $this->mFilteredName );
- if ( count( $ext ) ) {
- $this->mFinalExtension = trim( $ext[count( $ext ) - 1] );
+ if ( $ext !== [] ) {
+ $this->mFinalExtension = trim( end( $ext ) );
} else {
$this->mFinalExtension = '';
* scripts, so the blacklist needs to check them all.
*
* @param string $filename
- * @return array
+ * @return array [ string, string[] ]
*/
public static function splitExtensions( $filename ) {
$bits = explode( '.', $filename );
* Perform case-insensitive match against a list of file extensions.
* Returns an array of matching extensions.
*
- * @param array $ext
- * @param array $list
+ * @param string[] $ext
+ * @param string[] $list
* @return bool
*/
public static function checkFileExtensionList( $ext, $list ) {
}
# image filters can pull in url, which could be svg that executes scripts
+ # Only allow url( "#foo" ). Do not allow url( http://example.com )
if ( $strippedElement == 'image'
&& $stripped == 'filter'
- && preg_match( '!url\s*\(!sim', $value )
+ && preg_match( '!url\s*\(\s*["\']?[^#]!sim', $value )
) {
wfDebug( __METHOD__ . ": Found image filter with url: "
. "\"<$strippedElement $stripped='$value'...\" in uploaded file.\n" );