From b9c4d8d7a7413a3b0f091b047e27d955741aa511 Mon Sep 17 00:00:00 2001 From: Victor Vasiliev Date: Thu, 10 Jul 2008 08:16:58 +0000 Subject: [PATCH] * (bug 14772) Disallow moving images to invalid titles --- includes/GlobalFunctions.php | 15 ++++++++++++++- includes/Title.php | 3 +++ includes/specials/SpecialUpload.php | 14 +++++++------- languages/messages/MessagesEn.php | 1 + maintenance/language/messages.inc | 1 + 5 files changed, 26 insertions(+), 8 deletions(-) diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index b7ac5d1375..aa90d41ef3 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -862,7 +862,10 @@ function wfMerge( $old, $mine, $yours, &$result ){ */ function wfVarDump( $var ) { global $wgOut; - $s = str_replace("\n","
\n", var_export( $var, true ) . "\n"); + ob_start(); + var_dump( $var ); + $s = str_replace("\n","
\n", ob_get_contents() . "\n"); + ob_end_clean(); if ( headers_sent() || !@is_object( $wgOut ) ) { print $s; } else { @@ -2364,3 +2367,13 @@ function wfGenerateToken( $salt = '' ) { return md5( mt_rand( 0, 0x7fffffff ) . $salt ); } + +/** + * Replace all invalid characters with - + * @param mixed $title Filename to process + */ +function wfStripIllegalFilenameChars( $name ) { + $name = wfBaseName( $name ); + $name = preg_replace ( "/[^".Title::legalChars()."]|:/", '-', $name ); + return $name; +} diff --git a/includes/Title.php b/includes/Title.php index 972d3fc842..b64d2c9c87 100644 --- a/includes/Title.php +++ b/includes/Title.php @@ -2443,6 +2443,9 @@ class Title { if( $nt->getNamespace() != NS_IMAGE ) { $errors[] = array('imagenocrossnamespace'); } + if( $nt->getText() != wfStripIllegalFilenameChars( $nt->getText() ) ) { + $errors[] = array('imageinvalidfilename'); + } if( !File::checkExtensionCompatibility( $file, $nt->getDbKey() ) ) { $errors[] = array('imagetypemismatch'); } diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php index 2b3873a8b6..332fd281d7 100644 --- a/includes/specials/SpecialUpload.php +++ b/includes/specials/SpecialUpload.php @@ -391,13 +391,17 @@ class UploadForm { return self::BEFORE_PROCESSING; } - # Chop off any directories in the given filename + /** + * Chop off any directories in the given filename. Then + * filter out illegal characters, and try to make a legible name + * out of it. We'll strip some silently that Title would die on. + */ if( $this->mDesiredDestName ) { $basename = $this->mDesiredDestName; } else { $basename = $this->mSrcName; } - $filtered = wfBaseName( $basename ); + $filtered = wfStripIllegalFilenameChars( $basename ); /** * We'll want to blacklist against *any* 'extension', and use @@ -422,11 +426,7 @@ class UploadForm { return self::MIN_LENGHT_PARTNAME; } - /** - * Filter out illegal characters, and try to make a legible name - * out of it. We'll strip some silently that Title would die on. - */ - $filtered = preg_replace ( "/[^".Title::legalChars()."]|:/", '-', $filtered ); + $nt = Title::makeTitleSafe( NS_IMAGE, $filtered ); if( is_null( $nt ) ) { $resultDetails = array( 'filtered' => $filtered ); diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index 359da308ff..8c9ebf0c3a 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -2485,6 +2485,7 @@ cannot move a page over itself.', cannot move pages from and into that namespace.', 'imagenocrossnamespace' => 'Cannot move file to non-file namespace', 'imagetypemismatch' => 'The new file extension does not match its type', +'imageinvalidfilename' => 'Target image file name is invalid', # Export 'export' => 'Export pages', diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc index 6091345ffb..ba68f69ff7 100644 --- a/maintenance/language/messages.inc +++ b/maintenance/language/messages.inc @@ -1692,6 +1692,7 @@ $wgMessageStructure = array( 'immobile_namespace', 'imagenocrossnamespace', 'imagetypemismatch', + 'imageinvalidfilename', ), 'export' => array( 'export', -- 2.20.1