From a17e263c81b2d0a77624275b12732ab557d5b003 Mon Sep 17 00:00:00 2001 From: Aaron Schulz Date: Wed, 22 Aug 2012 20:46:54 -0700 Subject: [PATCH] Added sanity check to StreamFile for mwstore paths. Change-Id: Id402f077037f3e84c9158f7d48be0ed82ba4a1cf --- includes/GlobalFunctions.php | 2 +- includes/StreamFile.php | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index 4252f55aa9..35c7bbb676 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -2607,7 +2607,7 @@ function wfMkdirParents( $dir, $mode = null, $caller = null ) { global $wgDirectoryMode; if ( FileBackend::isStoragePath( $dir ) ) { // sanity - throw new MWException( __FUNCTION__ . " given storage path `$dir`."); + throw new MWException( __FUNCTION__ . " given storage path '$dir'." ); } if ( !is_null( $caller ) ) { diff --git a/includes/StreamFile.php b/includes/StreamFile.php index 6539e08c99..e7f7811731 100644 --- a/includes/StreamFile.php +++ b/includes/StreamFile.php @@ -31,7 +31,7 @@ class StreamFile { * Stream a file to the browser, adding all the headings and fun stuff. * Headers sent include: Content-type, Content-Length, Last-Modified, * and Content-Disposition. - * + * * @param $fname string Full name and path of the file to stream * @param $headers array Any additional headers to send * @param $sendErrors bool Send error messages if errors occur (like 404) @@ -40,6 +40,10 @@ class StreamFile { public static function stream( $fname, $headers = array(), $sendErrors = true ) { wfProfileIn( __METHOD__ ); + if ( FileBackend::isStoragePath( $fname ) ) { // sanity + throw new MWException( __FUNCTION__ . " given storage path '$fname'." ); + } + wfSuppressWarnings(); $stat = stat( $fname ); wfRestoreWarnings(); @@ -142,7 +146,7 @@ class StreamFile { /** * Determine the file type of a file based on the path - * + * * @param $filename string Storage path or file system path * @param $safe bool Whether to do retroactive upload blacklist checks * @return null|string -- 2.20.1