* (bug 14772) Disallow moving images to invalid titles

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index b7ac5d1..aa90d41 100644 (file)
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -862,7 +862,10 @@ function wfMerge( $old, $mine, $yours, &$result ){
  */
 function wfVarDump( $var ) {
        global $wgOut;
-       $s = str_replace("\n","<br />\n", var_export( $var, true ) . "\n");
+       ob_start();
+       var_dump( $var );
+       $s = str_replace("\n","<br />\n", ob_get_contents() . "\n");
+       ob_end_clean();
        if ( headers_sent() || !@is_object( $wgOut ) ) {
                print $s;
        } else {
@@ -2364,3 +2367,13 @@ function wfGenerateToken( $salt = '' ) {
 
        return md5( mt_rand( 0, 0x7fffffff ) . $salt );
 }
+
+/**
+ * Replace all invalid characters with -
+ * @param mixed $title Filename to process
+ */
+function wfStripIllegalFilenameChars( $name ) {
+       $name = wfBaseName( $name );
+       $name = preg_replace ( "/[^".Title::legalChars()."]|:/", '-', $name );
+       return $name;
+}

diff --git a/includes/Title.php b/includes/Title.php
index 972d3fc..b64d2c9 100644 (file)
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -2443,6 +2443,9 @@ class Title {
                                if( $nt->getNamespace() != NS_IMAGE ) {
                                        $errors[] = array('imagenocrossnamespace');
                                }
+                               if( $nt->getText() != wfStripIllegalFilenameChars( $nt->getText() ) ) {
+                                       $errors[] = array('imageinvalidfilename');
+                               }
                                if( !File::checkExtensionCompatibility( $file, $nt->getDbKey() ) ) {
                                        $errors[] = array('imagetypemismatch');
                                }

diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php
index 2b3873a..332fd28 100644 (file)
--- a/includes/specials/SpecialUpload.php
+++ b/includes/specials/SpecialUpload.php
@@ -391,13 +391,17 @@ class UploadForm {
                        return self::BEFORE_PROCESSING;
                }
 
-               # Chop off any directories in the given filename
+               /**
+                * Chop off any directories in the given filename. Then
+                * filter out illegal characters, and try to make a legible name
+                * out of it. We'll strip some silently that Title would die on.
+                */
                if( $this->mDesiredDestName ) {
                        $basename = $this->mDesiredDestName;
                } else {
                        $basename = $this->mSrcName;
                }
-               $filtered = wfBaseName( $basename );
+               $filtered = wfStripIllegalFilenameChars( $basename );
 
                /**
                 * We'll want to blacklist against *any* 'extension', and use
@@ -422,11 +426,7 @@ class UploadForm {
                        return self::MIN_LENGHT_PARTNAME;
                }
 
-               /**
-                * Filter out illegal characters, and try to make a legible name
-                * out of it. We'll strip some silently that Title would die on.
-                */
-               $filtered = preg_replace ( "/[^".Title::legalChars()."]|:/", '-', $filtered );
+               
                $nt = Title::makeTitleSafe( NS_IMAGE, $filtered );
                if( is_null( $nt ) ) {
                        $resultDetails = array( 'filtered' => $filtered );

diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 359da30..8c9ebf0 100644 (file)
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -2485,6 +2485,7 @@ cannot move a page over itself.',
 cannot move pages from and into that namespace.',
 'imagenocrossnamespace'   => 'Cannot move file to non-file namespace',
 'imagetypemismatch'       => 'The new file extension does not match its type',
+'imageinvalidfilename'    => 'Target image file name is invalid',
 
 # Export
 'export'            => 'Export pages',

diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc
index 6091345..ba68f69 100644 (file)
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -1692,6 +1692,7 @@ $wgMessageStructure = array(
                'immobile_namespace',
                'imagenocrossnamespace',
                'imagetypemismatch',
+               'imageinvalidfilename',
        ),
        'export' => array(
                'export',