From 2a7bf6fb2ab0ba6b80830c21d181bd32d9506e4f Mon Sep 17 00:00:00 2001 From: Raimond Spekking Date: Thu, 27 Mar 2008 21:34:14 +0000 Subject: [PATCH] Sanitize evil php.ini values. Thanks to Simetrical --- includes/SpecialUpload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php index 24e1083958..9dae81d2fd 100644 --- a/includes/SpecialUpload.php +++ b/includes/SpecialUpload.php @@ -983,7 +983,7 @@ wgUploadAutoFill = {$autofill}; # Get the maximum file size from php.ini as $wgMaxUploadSize works for uploads from URL via CURL only # See http://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize for possible values of upload_max_filesize $val = trim( ini_get( 'upload_max_filesize' ) ); - $last = ( substr( $val, -1 ) ); + $last = strtoupper( ( substr( $val, -1 ) ) ); switch( $last ) { case 'G': $val2 = substr( $val, 0, -1 ) * 1024 * 1024 * 1024; @@ -998,7 +998,7 @@ wgUploadAutoFill = {$autofill}; $val2 = $val; } $val2 = $wgAllowCopyUploads ? min( $wgMaxUploadSize, $val2 ) : $val2; - $maxUploadSize = wfMsgExt( 'upload-maxfilesize', 'parseinline', $wgLang->formatSize( $val2 ) ); + $maxUploadSize = wfMsgExt( 'upload-maxfilesize', array( 'parseinline', 'escape' ), $wgLang->formatSize( $val2 ) ); $sourcefilename = wfMsgExt( 'sourcefilename', 'escapenoentities' ); $destfilename = wfMsgExt( 'destfilename', 'escapenoentities' ); -- 2.20.1