From: Ævar Arnfjörð Bjarmason Date: Mon, 22 May 2006 07:12:53 +0000 (+0000) Subject: * Pass the extension to detectScript and allow files with the 'svg' extension to... X-Git-Tag: 1.31.0-rc.0~57066 X-Git-Url: http://git.cyclocoop.org//%22javascript:ModifierStyle%28%27%22.%24id.%22%27%29/%22?a=commitdiff_plain;h=ce0a97cf0acf2f6f150747a3c29a7b0e75de1ea3;p=lhc%2Fweb%2Fwiklou.git * Pass the extension to detectScript and allow files with the 'svg' extension to possibly maybe contain --- diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php index e3aaa8bb3e..7d260b6bed 100644 --- a/includes/SpecialUpload.php +++ b/includes/SpecialUpload.php @@ -782,7 +782,7 @@ class UploadForm { } #check for htmlish code and javascript - if( $this->detectScript ( $tmpfile, $mime ) ) { + if( $this->detectScript ( $tmpfile, $mime, $extension ) ) { return new WikiErrorMsg( 'uploadscripted' ); } @@ -842,9 +842,10 @@ class UploadForm { * * @param string $file Pathname to the temporary upload file * @param string $mime The mime type of the file + * @param string $extension The extension of the file * @return bool true if the file contains something looking like embedded scripts */ - function detectScript($file,$mime) { + function detectScript($file, $mime, $extension) { global $wgAllowTitlesInSVG; #ugly hack: for text files, always look at the entire file. @@ -902,8 +903,9 @@ class UploadForm { '<script', #also in safari '<table' ); - if( $mime != 'image/svg' || !$wgAllowTitlesInSVG ) + if( ! $wgAllowTitlesInSVG && $extension !== 'svg' && $mime !== 'image/svg' ) { $tags[] = '<title'; + } foreach( $tags as $tag ) { if( false !== strpos( $chunk, $tag ) ) {