From 5ece17a46d15869f4eec36b13e02d8e6b45accbb Mon Sep 17 00:00:00 2001 From: Aaron Schulz Date: Wed, 10 Oct 2012 16:15:29 -0700 Subject: [PATCH] Avoid fatals for bad filenames given for chunk uploads. Change-Id: I904a801ecbf9eabd9156d70a42d46323455507bd --- includes/api/ApiUpload.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/includes/api/ApiUpload.php b/includes/api/ApiUpload.php index 3a9b5c5642..6b8639c8e6 100644 --- a/includes/api/ApiUpload.php +++ b/includes/api/ApiUpload.php @@ -86,10 +86,13 @@ class ApiUpload extends ApiBase { if( $this->mParams['filesize'] > $maxSize ) { $this->dieUsage( 'The file you submitted was too large', 'file-too-large' ); } + if ( !$this->mUpload->getTitle() ) { + $this->dieUsage( 'Invalid file title supplied', 'internal-error' ); + } } else { $this->verifyUpload(); } - + // Check if the user has the rights to modify or overwrite the requested title // (This check is irrelevant if stashing is already requested, since the errors // can always be fixed by changing the title) @@ -99,7 +102,7 @@ class ApiUpload extends ApiBase { $this->dieRecoverableError( $permErrors[0], 'filename' ); } } - // Get the result based on the current upload context: + // Get the result based on the current upload context: $result = $this->getContextResult(); if ( $result['result'] === 'Success' ) { @@ -196,7 +199,7 @@ class ApiUpload extends ApiBase { return array(); } - // Check we added the last chunk: + // Check we added the last chunk: if( $this->mParams['offset'] + $chunkSize == $this->mParams['filesize'] ) { $status = $this->mUpload->concatenateChunks(); @@ -222,7 +225,7 @@ class ApiUpload extends ApiBase { $result['offset'] = $this->mParams['offset'] + $chunkSize; return $result; } - + /** * Stash the file and return the file key * Also re-raises exceptions with slightly more informative message strings (useful for API) -- 2.20.1