From e7487c0789c8b42540b8b11805b22e9d4174c735 Mon Sep 17 00:00:00 2001 From: Victor Vasiliev Date: Wed, 9 Jul 2008 21:11:08 +0000 Subject: [PATCH] * Forbid files with * and ? to be uploaded under Windows (it caused internal errors since such characters are illegal there) * Forbid files to be moved to invalid filenames * wfVarDump() should use var_dump(), not var_export() --- RELEASE-NOTES | 1 + includes/GlobalFunctions.php | 26 +++++++++++++++++++++++++- includes/Title.php | 3 +++ includes/specials/SpecialUpload.php | 2 ++ languages/messages/MessagesEn.php | 1 + maintenance/language/messages.inc | 1 + 6 files changed, 33 insertions(+), 1 deletion(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0f6dc377ac..a03dbb62bd 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -431,6 +431,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN on non-mySQL schemas. * (bug 14763) Child classes of Database (DatabasePostgres and DatabaseOracle) had stict standards issues with setFakeSlaveLag() and setFakeMaster(). +* Image now can't contain "*" or "?" characters under Windows === API changes in 1.13 === diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index b7ac5d1375..2f1b60b552 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -862,7 +862,10 @@ function wfMerge( $old, $mine, $yours, &$result ){ */ function wfVarDump( $var ) { global $wgOut; - $s = str_replace("\n","
\n", var_export( $var, true ) . "\n"); + ob_start(); + var_dump( $var ); + $s = str_replace("\n","
\n", ob_get_contents() . "\n"); + ob_end_clean(); if ( headers_sent() || !@is_object( $wgOut ) ) { print $s; } else { @@ -2364,3 +2367,24 @@ function wfGenerateToken( $salt = '' ) { return md5( mt_rand( 0, 0x7fffffff ) . $salt ); } + +/** + * Checks filename for validity + * @param mixed $title Filename or title to check + */ +function wfIsValidFileName( $name ) { + if( !$name instanceof Title ) + if( !Title::makeTitleSafe( NS_IMAGE, $name ) ) + return false; + else + $name = $name->getText(); + + if( in_string( ':', $name ) ) + return false; + elseif( wfBaseName( $name ) != $name ) + return false; + elseif( wfIsWindows() && ( in_string( '*', $name ) || in_string( '?', $name ) ) ) + return false; + else + return true; +} diff --git a/includes/Title.php b/includes/Title.php index 972d3fc842..f481311251 100644 --- a/includes/Title.php +++ b/includes/Title.php @@ -2443,6 +2443,9 @@ class Title { if( $nt->getNamespace() != NS_IMAGE ) { $errors[] = array('imagenocrossnamespace'); } + if( !wfIsValidFileName( $nt ) ) { + $errors[] = array('imageinvalidfilename'); + } if( !File::checkExtensionCompatibility( $file, $nt->getDbKey() ) ) { $errors[] = array('imagetypemismatch'); } diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php index 2b3873a8b6..5567c8d506 100644 --- a/includes/specials/SpecialUpload.php +++ b/includes/specials/SpecialUpload.php @@ -427,6 +427,8 @@ class UploadForm { * out of it. We'll strip some silently that Title would die on. */ $filtered = preg_replace ( "/[^".Title::legalChars()."]|:/", '-', $filtered ); + if( wfIsWindows() ) + $filtered = preg_replace ( "/[*?]/", '-', $filtered ); $nt = Title::makeTitleSafe( NS_IMAGE, $filtered ); if( is_null( $nt ) ) { $resultDetails = array( 'filtered' => $filtered ); diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index 359da308ff..8c9ebf0c3a 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -2485,6 +2485,7 @@ cannot move a page over itself.', cannot move pages from and into that namespace.', 'imagenocrossnamespace' => 'Cannot move file to non-file namespace', 'imagetypemismatch' => 'The new file extension does not match its type', +'imageinvalidfilename' => 'Target image file name is invalid', # Export 'export' => 'Export pages', diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc index 6091345ffb..ba68f69ff7 100644 --- a/maintenance/language/messages.inc +++ b/maintenance/language/messages.inc @@ -1692,6 +1692,7 @@ $wgMessageStructure = array( 'immobile_namespace', 'imagenocrossnamespace', 'imagetypemismatch', + 'imageinvalidfilename', ), 'export' => array( 'export', -- 2.20.1