From 2fe1420f43f65f919b0a3116292c8d8b095c5477 Mon Sep 17 00:00:00 2001
From: Russ Nelson <nelson@users.mediawiki.org>
Date: Tue, 28 Jun 2011 22:00:21 +0000
Subject: [PATCH] UploadStashFile::__construct() can't assume that the
 mwrepo-produced paths match the temp zone.

---
 includes/upload/UploadStash.php | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/includes/upload/UploadStash.php b/includes/upload/UploadStash.php
index 8432f0d4f3..baa50e6beb 100644
--- a/includes/upload/UploadStash.php
+++ b/includes/upload/UploadStash.php
@@ -258,20 +258,21 @@ class UploadStashFile extends UnregisteredLocalFile {
 		// resolve mwrepo:// urls
 		if ( $repo->isVirtualUrl( $path ) ) {
 			$path = $repo->resolveVirtualUrl( $path );
-		}
+		} else {
 
-		// check if path appears to be sane, no parent traversals, and is in this repo's temp zone.
-		$repoTempPath = $repo->getZonePath( 'temp' );
-		if ( ( ! $repo->validateFilename( $path ) ) ||
-				( strpos( $path, $repoTempPath ) !== 0 ) ) {
-			wfDebug( "UploadStash: tried to construct an UploadStashFile from a file that should already exist at '$path', but path is not valid\n" );
-			throw new UploadStashBadPathException( 'path is not valid' );
-		}
+			// check if path appears to be sane, no parent traversals, and is in this repo's temp zone.
+			$repoTempPath = $repo->getZonePath( 'temp' );
+			if ( ( ! $repo->validateFilename( $path ) ) ||
+					( strpos( $path, $repoTempPath ) !== 0 ) ) {
+				wfDebug( "UploadStash: tried to construct an UploadStashFile from a file that should already exist at '$path', but path is not valid\n" );
+				throw new UploadStashBadPathException( 'path is not valid' );
+			}
 
-		// check if path exists! and is a plain file.
-		if ( ! $repo->fileExists( $path, FileRepo::FILES_ONLY ) ) {
-			wfDebug( "UploadStash: tried to construct an UploadStashFile from a file that should already exist at '$path', but path is not found\n" );
-			throw new UploadStashFileNotFoundException( 'cannot find path, or not a plain file' );
+			// check if path exists! and is a plain file.
+			if ( ! $repo->fileExists( $path, FileRepo::FILES_ONLY ) ) {
+				wfDebug( "UploadStash: tried to construct an UploadStashFile from a file that should already exist at '$path', but path is not found\n" );
+				throw new UploadStashFileNotFoundException( 'cannot find path, or not a plain file' );
+			}
 		}
 
 		parent::__construct( false, $repo, $path, false );
-- 
2.20.1