* Forbid files with * and ? to be uploaded under Windows (it caused internal errors...

* Forbid files to be moved to invalid filenames
* wfVarDump() should use var_dump(), not var_export()

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 0f6dc37..a03dbb6 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -431,6 +431,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
   on non-mySQL schemas.
 * (bug 14763) Child classes of Database (DatabasePostgres and DatabaseOracle)
   had stict standards issues with setFakeSlaveLag() and setFakeMaster().
+* Image now can't contain "*" or "?" characters under Windows
 
 === API changes in 1.13 ===
 

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index b7ac5d1..2f1b60b 100644 (file)
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -862,7 +862,10 @@ function wfMerge( $old, $mine, $yours, &$result ){
  */
 function wfVarDump( $var ) {
        global $wgOut;
-       $s = str_replace("\n","<br />\n", var_export( $var, true ) . "\n");
+       ob_start();
+       var_dump( $var );
+       $s = str_replace("\n","<br />\n", ob_get_contents() . "\n");
+       ob_end_clean();
        if ( headers_sent() || !@is_object( $wgOut ) ) {
                print $s;
        } else {
@@ -2364,3 +2367,24 @@ function wfGenerateToken( $salt = '' ) {
 
        return md5( mt_rand( 0, 0x7fffffff ) . $salt );
 }
+
+/**
+ * Checks filename for validity
+ * @param mixed $title Filename or title to check
+ */
+function wfIsValidFileName( $name ) {
+       if( !$name instanceof Title ) 
+               if( !Title::makeTitleSafe( NS_IMAGE, $name ) )
+                       return false;
+       else
+               $name = $name->getText();
+
+       if( in_string( ':', $name ) )
+               return false;
+       elseif( wfBaseName( $name ) != $name )
+               return false;
+       elseif( wfIsWindows() && ( in_string( '*', $name ) || in_string( '?', $name ) ) )
+               return false;
+       else
+               return true;
+}

diff --git a/includes/Title.php b/includes/Title.php
index 972d3fc..f481311 100644 (file)
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -2443,6 +2443,9 @@ class Title {
                                if( $nt->getNamespace() != NS_IMAGE ) {
                                        $errors[] = array('imagenocrossnamespace');
                                }
+                               if( !wfIsValidFileName( $nt ) ) {
+                                       $errors[] = array('imageinvalidfilename');
+                               }
                                if( !File::checkExtensionCompatibility( $file, $nt->getDbKey() ) ) {
                                        $errors[] = array('imagetypemismatch');
                                }

diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php
index 2b3873a..5567c8d 100644 (file)
--- a/includes/specials/SpecialUpload.php
+++ b/includes/specials/SpecialUpload.php
@@ -427,6 +427,8 @@ class UploadForm {
                 * out of it. We'll strip some silently that Title would die on.
                 */
                $filtered = preg_replace ( "/[^".Title::legalChars()."]|:/", '-', $filtered );
+               if( wfIsWindows() )
+                       $filtered = preg_replace ( "/[*?]/", '-', $filtered );
                $nt = Title::makeTitleSafe( NS_IMAGE, $filtered );
                if( is_null( $nt ) ) {
                        $resultDetails = array( 'filtered' => $filtered );

diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 359da30..8c9ebf0 100644 (file)
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -2485,6 +2485,7 @@ cannot move a page over itself.',
 cannot move pages from and into that namespace.',
 'imagenocrossnamespace'   => 'Cannot move file to non-file namespace',
 'imagetypemismatch'       => 'The new file extension does not match its type',
+'imageinvalidfilename'    => 'Target image file name is invalid',
 
 # Export
 'export'            => 'Export pages',

diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc
index 6091345..ba68f69 100644 (file)
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -1692,6 +1692,7 @@ $wgMessageStructure = array(
                'immobile_namespace',
                'imagenocrossnamespace',
                'imagetypemismatch',
+               'imageinvalidfilename',
        ),
        'export' => array(
                'export',