Removed thumb area restriction code, added code to chck for zero-sized thumbnails

[lhc/web/wiklou.git] / includes / SpecialUpload.php

diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php
index 5f69dc2..acbba92 100644 (file)
--- a/includes/SpecialUpload.php
+++ b/includes/SpecialUpload.php
@@ -4,8 +4,6 @@ function wfSpecialUpload()
 {
        global $wgUser, $wgOut, $wpUpload, $wpReUpload, $action;
        global $wgDisableUploads;
-       $wpUpload   = $_REQUEST["wpUpload"];
-       $wpReUpload = $_REQUEST["wpReUpload"];
        
        $fields = array( "wpUploadFile", "wpUploadDescription" );
        wfCleanFormFields( $fields );
@@ -41,23 +39,15 @@ function processUpload()
        global $wpUploadSaveName, $wpUploadTempName, $wpUploadSize;
        global $wgSavedFile, $wgUploadOldVersion, $wpUploadOldVersion;
        global $wgUseCopyrightUpload , $wpUploadCopyStatus , $wpUploadSource ;
-       $wpUploadAffirm       = $_REQUEST["wpUploadAffirm"];
-       $wpUploadFile         = $_REQUEST["wpUploadFile"];
-       $wpUploadDescription  = $_REQUEST["wpUploadDescription"];
-       $wpIgnoreWarning      = $_REQUEST["wpIgnoreWarning"];
-       $wpUploadSaveName     = $_REQUEST["wpUploadSaveName"];
-       $wpUploadTempName     = $_REQUEST["wpUploadTempName"];
-       $wpUploadSize         = $_REQUEST["wpUploadSize"];
-       $wpUploadOldVersion   = $_REQUEST["wpUploadOldVersion"];
-       $wpUploadCopyStatus   = $_REQUEST["wpUploadCopyStatus"];
-       $wpUploadSource       = $_REQUEST["wpUploadSource"];
+       global $wgCheckFileExtensions, $wgStrictFileExtensions;
+       global $wgFileExtensions, $wgFileBlacklist;
 
-       if ( $wgUseCopyrightUpload )
-         {
-           $wpUploadAffirm = 1 ;
-           if ( trim ( $wpUploadCopyStatus ) == "" || trim ( $wpUploadSource ) == "" )
-                $wpUploadAffirm = 0 ;
-         }
+       if ( $wgUseCopyrightUpload ) {
+               $wpUploadAffirm = 1;
+               if ( trim ( $wpUploadCopyStatus ) == "" || trim ( $wpUploadSource ) == "" ) {
+                       $wpUploadAffirm = 0;
+               }
+       }
 
        if ( 1 != $wpUploadAffirm ) {
                mainUploadForm( WfMsg( "noaffirmation" ) );
@@ -93,15 +83,23 @@ function processUpload()
                $nt = Title::newFromText( $basename );
                $wpUploadSaveName = $nt->getDBkey();
 
+               /* Don't allow users to override the blacklist */
+               if( checkFileExtension( $ext, $wgFileBlacklist ) ||
+                       ($wgStrictFileExtensions && !checkFileExtension( $ext, $wgFileExtensions ) ) ) {
+                       return uploadError( wfMsg( "badfiletype", $ext ) );
+               }
+               
                saveUploadedFile();
                if ( ( ! $wpIgnoreWarning ) &&
                  ( 0 != strcmp( ucfirst( $basename ), $wpUploadSaveName ) ) ) {
                        return uploadWarning( wfMsg( "badfilename", $wpUploadSaveName ) );
                }
-               $extensions = array( "png", "jpg", "jpeg", "ogg" ); 
-               if ( ( ! $wpIgnoreWarning ) &&
-                 ( ! in_array( strtolower( $ext ), $extensions ) ) ) {
-                       return uploadWarning( wfMsg( "badfiletype", $ext ) );
+           
+               if ( $wgCheckFileExtensions ) {
+                       if ( ( ! $wpIgnoreWarning ) &&
+                                ( ! checkFileExtension( $ext, $wgFileExtensions ) ) ) {
+                               return uploadWarning( wfMsg( "badfiletype", $ext ) );
+                       }
                }
                if ( ( ! $wpIgnoreWarning ) && ( $wpUploadSize > 150000 ) ) {
                        return uploadWarning( WfMsg( "largefile" ) );
@@ -125,6 +123,10 @@ function processUpload()
        $wgOut->returnToMain( false );
 }
 
+function checkFileExtension( $ext, $list ) {
+       return in_array( strtolower( $ext ), $list );
+}
+
 function saveUploadedFile()
 {
        global $wpUploadSaveName, $wpUploadTempName;
@@ -156,7 +158,6 @@ function unsaveUploadedFile()
 {
        global $wpSessionKey, $wpUploadOldVersion;
        global $wgUploadDirectory, $wgOut, $wsUploadFiles;
-       $wpSessionKey       = $_REQUEST["wpSessionKey"];
        
        $wgSavedFile = $wsUploadFiles[$wpSessionKey];
        $wgUploadOldVersion = $wpUploadOldVersion;
@@ -177,6 +178,14 @@ function unsaveUploadedFile()
        }
 }
 
+function uploadError( $error )
+{
+       global $wgOut;
+       $sub = wfMsg( "uploadwarning" );
+       $wgOut->addHTML( "<h2>{$sub}</h2>\n" );
+       $wgOut->addHTML( "<h4><font color=red>{$error}</font></h4>\n" );
+}
+
 function uploadWarning( $warning )
 {
        global $wgOut, $wgUser, $wgLang, $wgUploadDirectory;
@@ -186,7 +195,6 @@ function uploadWarning( $warning )
        global $wgSavedFile, $wgUploadOldVersion;
        global $wpSessionKey, $wpUploadOldVersion, $wsUploadFiles;
        global $wgUseCopyrightUpload , $wpUploadCopyStatus , $wpUploadSource ;
-       $wpSessionKey       = $_REQUEST["wpSessionKey"];
 
        # wgSavedFile is stored in the session not the form, for security
        $wpSessionKey = mt_rand( 0, 0x7fffffff );
@@ -239,14 +247,6 @@ function mainUploadForm( $msg )
        global $wpUploadDescription, $wpIgnoreWarning;
        global $wgUseCopyrightUpload , $wpUploadSource , $wpUploadCopyStatus ;
 
-       $wpUpload            = $_REQUEST["wpUpload"];
-       $wpUploadAffirm      = $_REQUEST["wpUploadAffirm"];
-       $wpUploadFile        = $_REQUEST["wpUploadFile"];
-       $wpUploadDescription = $_REQUEST["wpUploadDescription"];
-       $wpIgnoreWarning     = $_REQUEST["wpIgnoreWarning"];
-       $wpUploadSource      = $_REQUEST["wpUploadSource"];
-       $wpUploadCopyStatus  = $_REQUEST["wpUploadCopyStatus"];
-
        if ( "" != $msg ) {
                $sub = wfMsg( "uploaderror" );
                $wgOut->addHTML( "<h2>{$sub}</h2>\n" .