From: Brion Vibber Date: Mon, 2 Aug 2004 05:57:33 +0000 (+0000) Subject: Detect illegal title from uploaded file and show a helpful error message X-Git-Tag: 1.5.0alpha1~2539 X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dmembres/modifier.php?a=commitdiff_plain;h=e4cc42b0223898fee838c5285f161fb207cfce82;p=lhc%2Fweb%2Fwiklou.git Detect illegal title from uploaded file and show a helpful error message instead of dying with a PHP fatal error. * [ 991457 ] "+" in filename generates an error Also html-escapes filename fragments in error message output. --- diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php index f9dfebd824..3616d1c9e5 100644 --- a/includes/SpecialUpload.php +++ b/includes/SpecialUpload.php @@ -107,29 +107,32 @@ class UploadForm { return; } $nt = Title::newFromText( $basename ); + if( !$nt ) { + return $this->uploadError( wfMsg( "illegalfilename", htmlspecialchars( $basename ) ) ); + } $nt->setNamespace( Namespace::getImage() ); $this->mUploadSaveName = $nt->getDBkey(); /* Don't allow users to override the blacklist */ if( $this->checkFileExtension( $ext, $wgFileBlacklist ) || ($wgStrictFileExtensions && !$this->checkFileExtension( $ext, $wgFileExtensions ) ) ) { - return $this->uploadError( wfMsg( "badfiletype", $ext ) ); + return $this->uploadError( wfMsg( "badfiletype", htmlspecialchars( $ext ) ) ); } $this->saveUploadedFile( $this->mUploadSaveName, $this->mUploadTempName ); if ( !$nt->userCanEdit() ) { return $this->uploadError( wfMsg( "protectedpage" ) ); - } + } if ( ! $this->mIgnoreWarning ) { $warning = ''; if( 0 != strcmp( ucfirst( $basename ), $this->mUploadSaveName ) ) { - $warning .= '
  • '.wfMsg( "badfilename", $this->mUploadSaveName ).'
    • '; + $warning .= '
  • '.wfMsg( "badfilename", htmlspecialchars( $this->mUploadSaveName ) ).'
    • '; } if ( $wgCheckFileExtensions ) { if ( ! $this->checkFileExtension( $ext, $wgFileExtensions ) ) { - $warning .= '
  • '.wfMsg( "badfiletype", $ext ).'
    • '; + $warning .= '
  • '.wfMsg( "badfiletype", htmlspecialchars( $ext ) ).'
    • '; } } if ( $wgUploadSizeWarning && ( $this->mUploadSize > $wgUploadSizeWarning ) ) { diff --git a/languages/Language.php b/languages/Language.php index e5ee0d614e..d3714e68d5 100644 --- a/languages/Language.php +++ b/languages/Language.php @@ -872,6 +872,7 @@ agrees to license it under the terms of the $1.", 'noaffirmation' => 'You must affirm that your upload does not violate any copyrights.', 'ignorewarning' => 'Ignore warning and save file anyway.', 'minlength' => 'Image names must be at least three letters.', +'illegalfilename' => 'The filename "$1" contains characters that are not allowed in page titles. Please rename the file and try uploading it again.', 'badfilename' => "Image name has been changed to \"$1\".", 'badfiletype' => "\".$1\" is not a recommended image file format.", 'largefile' => 'It is recommended that images not exceed 100k in size.',