{
global $wgUser, $wgOut, $wpUpload, $wpReUpload, $action;
global $wgDisableUploads;
- $wpUpload = $_REQUEST["wpUpload"];
- $wpReUpload = $_REQUEST["wpReUpload"];
$fields = array( "wpUploadFile", "wpUploadDescription" );
wfCleanFormFields( $fields );
global $wpUploadSaveName, $wpUploadTempName, $wpUploadSize;
global $wgSavedFile, $wgUploadOldVersion, $wpUploadOldVersion;
global $wgUseCopyrightUpload , $wpUploadCopyStatus , $wpUploadSource ;
- $wpUploadAffirm = $_REQUEST["wpUploadAffirm"];
- $wpUploadFile = $_REQUEST["wpUploadFile"];
- $wpUploadDescription = $_REQUEST["wpUploadDescription"];
- $wpIgnoreWarning = $_REQUEST["wpIgnoreWarning"];
- $wpUploadSaveName = $_REQUEST["wpUploadSaveName"];
- $wpUploadTempName = $_REQUEST["wpUploadTempName"];
- $wpUploadSize = $_REQUEST["wpUploadSize"];
- $wpUploadOldVersion = $_REQUEST["wpUploadOldVersion"];
- $wpUploadCopyStatus = $_REQUEST["wpUploadCopyStatus"];
- $wpUploadSource = $_REQUEST["wpUploadSource"];
+ global $wgCheckFileExtensions, $wgStrictFileExtensions;
+ global $wgFileExtensions, $wgFileBlacklist;
- if ( $wgUseCopyrightUpload )
- {
- $wpUploadAffirm = 1 ;
- if ( trim ( $wpUploadCopyStatus ) == "" || trim ( $wpUploadSource ) == "" )
- $wpUploadAffirm = 0 ;
- }
+ if ( $wgUseCopyrightUpload ) {
+ $wpUploadAffirm = 1;
+ if ( trim ( $wpUploadCopyStatus ) == "" || trim ( $wpUploadSource ) == "" ) {
+ $wpUploadAffirm = 0;
+ }
+ }
if ( 1 != $wpUploadAffirm ) {
mainUploadForm( WfMsg( "noaffirmation" ) );
$nt = Title::newFromText( $basename );
$wpUploadSaveName = $nt->getDBkey();
+ /* Don't allow users to override the blacklist */
+ if( checkFileExtension( $ext, $wgFileBlacklist ) ||
+ ($wgStrictFileExtensions && !checkFileExtension( $ext, $wgFileExtensions ) ) ) {
+ return uploadError( wfMsg( "badfiletype", $ext ) );
+ }
+
saveUploadedFile();
if ( ( ! $wpIgnoreWarning ) &&
( 0 != strcmp( ucfirst( $basename ), $wpUploadSaveName ) ) ) {
return uploadWarning( wfMsg( "badfilename", $wpUploadSaveName ) );
}
- $extensions = array( "png", "jpg", "jpeg", "ogg" );
- if ( ( ! $wpIgnoreWarning ) &&
- ( ! in_array( strtolower( $ext ), $extensions ) ) ) {
- return uploadWarning( wfMsg( "badfiletype", $ext ) );
+
+ if ( $wgCheckFileExtensions ) {
+ if ( ( ! $wpIgnoreWarning ) &&
+ ( ! checkFileExtension( $ext, $wgFileExtensions ) ) ) {
+ return uploadWarning( wfMsg( "badfiletype", $ext ) );
+ }
}
if ( ( ! $wpIgnoreWarning ) && ( $wpUploadSize > 150000 ) ) {
return uploadWarning( WfMsg( "largefile" ) );
$wgOut->returnToMain( false );
}
+function checkFileExtension( $ext, $list ) {
+ return in_array( strtolower( $ext ), $list );
+}
+
function saveUploadedFile()
{
global $wpUploadSaveName, $wpUploadTempName;
{
global $wpSessionKey, $wpUploadOldVersion;
global $wgUploadDirectory, $wgOut, $wsUploadFiles;
- $wpSessionKey = $_REQUEST["wpSessionKey"];
$wgSavedFile = $wsUploadFiles[$wpSessionKey];
$wgUploadOldVersion = $wpUploadOldVersion;
}
}
+function uploadError( $error )
+{
+ global $wgOut;
+ $sub = wfMsg( "uploadwarning" );
+ $wgOut->addHTML( "<h2>{$sub}</h2>\n" );
+ $wgOut->addHTML( "<h4><font color=red>{$error}</font></h4>\n" );
+}
+
function uploadWarning( $warning )
{
global $wgOut, $wgUser, $wgLang, $wgUploadDirectory;
global $wgSavedFile, $wgUploadOldVersion;
global $wpSessionKey, $wpUploadOldVersion, $wsUploadFiles;
global $wgUseCopyrightUpload , $wpUploadCopyStatus , $wpUploadSource ;
- $wpSessionKey = $_REQUEST["wpSessionKey"];
# wgSavedFile is stored in the session not the form, for security
$wpSessionKey = mt_rand( 0, 0x7fffffff );
global $wpUploadDescription, $wpIgnoreWarning;
global $wgUseCopyrightUpload , $wpUploadSource , $wpUploadCopyStatus ;
- $wpUpload = $_REQUEST["wpUpload"];
- $wpUploadAffirm = $_REQUEST["wpUploadAffirm"];
- $wpUploadFile = $_REQUEST["wpUploadFile"];
- $wpUploadDescription = $_REQUEST["wpUploadDescription"];
- $wpIgnoreWarning = $_REQUEST["wpIgnoreWarning"];
- $wpUploadSource = $_REQUEST["wpUploadSource"];
- $wpUploadCopyStatus = $_REQUEST["wpUploadCopyStatus"];
-
if ( "" != $msg ) {
$sub = wfMsg( "uploaderror" );
$wgOut->addHTML( "<h2>{$sub}</h2>\n" .