From: Aaron Schulz Date: Wed, 10 Oct 2012 23:15:29 +0000 (-0700) Subject: Avoid fatals for bad filenames given for chunk uploads. X-Git-Tag: 1.31.0-rc.0~22069 X-Git-Url: http://git.cyclocoop.org/%22.%24image2.%22?a=commitdiff_plain;h=5ece17a46d15869f4eec36b13e02d8e6b45accbb;p=lhc%2Fweb%2Fwiklou.git Avoid fatals for bad filenames given for chunk uploads. Change-Id: I904a801ecbf9eabd9156d70a42d46323455507bd --- diff --git a/includes/api/ApiUpload.php b/includes/api/ApiUpload.php index 3a9b5c5642..6b8639c8e6 100644 --- a/includes/api/ApiUpload.php +++ b/includes/api/ApiUpload.php @@ -86,10 +86,13 @@ class ApiUpload extends ApiBase { if( $this->mParams['filesize'] > $maxSize ) { $this->dieUsage( 'The file you submitted was too large', 'file-too-large' ); } + if ( !$this->mUpload->getTitle() ) { + $this->dieUsage( 'Invalid file title supplied', 'internal-error' ); + } } else { $this->verifyUpload(); } - + // Check if the user has the rights to modify or overwrite the requested title // (This check is irrelevant if stashing is already requested, since the errors // can always be fixed by changing the title) @@ -99,7 +102,7 @@ class ApiUpload extends ApiBase { $this->dieRecoverableError( $permErrors[0], 'filename' ); } } - // Get the result based on the current upload context: + // Get the result based on the current upload context: $result = $this->getContextResult(); if ( $result['result'] === 'Success' ) { @@ -196,7 +199,7 @@ class ApiUpload extends ApiBase { return array(); } - // Check we added the last chunk: + // Check we added the last chunk: if( $this->mParams['offset'] + $chunkSize == $this->mParams['filesize'] ) { $status = $this->mUpload->concatenateChunks(); @@ -222,7 +225,7 @@ class ApiUpload extends ApiBase { $result['offset'] = $this->mParams['offset'] + $chunkSize; return $result; } - + /** * Stash the file and return the file key * Also re-raises exceptions with slightly more informative message strings (useful for API)