From ce0a97cf0acf2f6f150747a3c29a7b0e75de1ea3 Mon Sep 17 00:00:00 2001 From: =?utf8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Mon, 22 May 2006 07:12:53 +0000 Subject: [PATCH] * Pass the extension to detectScript and allow files with the 'svg' extension to possibly maybe contain --- includes/SpecialUpload.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php index e3aaa8bb3e..7d260b6bed 100644 --- a/includes/SpecialUpload.php +++ b/includes/SpecialUpload.php @@ -782,7 +782,7 @@ class UploadForm { } #check for htmlish code and javascript - if( $this->detectScript ( $tmpfile, $mime ) ) { + if( $this->detectScript ( $tmpfile, $mime, $extension ) ) { return new WikiErrorMsg( 'uploadscripted' ); } @@ -842,9 +842,10 @@ class UploadForm { * * @param string $file Pathname to the temporary upload file * @param string $mime The mime type of the file + * @param string $extension The extension of the file * @return bool true if the file contains something looking like embedded scripts */ - function detectScript($file,$mime) { + function detectScript($file, $mime, $extension) { global $wgAllowTitlesInSVG; #ugly hack: for text files, always look at the entire file. @@ -902,8 +903,9 @@ class UploadForm { '<script', #also in safari '<table' ); - if( $mime != 'image/svg' || !$wgAllowTitlesInSVG ) + if( ! $wgAllowTitlesInSVG && $extension !== 'svg' && $mime !== 'image/svg' ) { $tags[] = '<title'; + } foreach( $tags as $tag ) { if( false !== strpos( $chunk, $tag ) ) { -- 2.20.1