From: Brion Vibber Date: Sat, 8 Oct 2005 05:48:45 +0000 (+0000) Subject: Correction to fix for bug 3641: don't reject on all unrecognized files X-Git-Tag: 1.6.0~1512 X-Git-Url: https://git.cyclocoop.org/admin/?a=commitdiff_plain;h=95d571e34f0325205c268f1ec66157f1b897ca14;p=lhc%2Fweb%2Fwiklou.git Correction to fix for bug 3641: don't reject on all unrecognized files which we happen to know an extension -> mime type mapping for. Just do it for those which can be detected from content by getimagesize() for now. --- diff --git a/includes/MimeMagic.php b/includes/MimeMagic.php index 5be0ee6029..d720412565 100644 --- a/includes/MimeMagic.php +++ b/includes/MimeMagic.php @@ -304,6 +304,27 @@ class MimeMagic { return in_array( $mime, $types ); } + /** + * Returns true if the extension represents a type which can + * be reliably detected from its content. Use this to determine + * whether strict content checks should be applied to reject + * invalid uploads; if we can't identify the type we won't + * be able to say if it's invalid. + * + * @todo Be more accurate when using fancy mime detector plugins; + * right now this is the bare minimum getimagesize() list. + * @return bool + */ + function isRecognizableExtension( $extension ) { + static $types = array( + 'gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', + 'bmp', 'tiff', 'tif', 'jpc', 'jp2', + 'jpx', 'jb2', 'swc', 'iff', 'wbmp', + 'xbm' + ); + return in_array( strtolower( $extension ), $types ); + } + /** mime type detection. This uses detectMimeType to detect the mim type of the file, * but applies additional checks to determine some well known file formats that may be missed diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php index 06b79a7843..995e6b595a 100644 --- a/includes/SpecialUpload.php +++ b/includes/SpecialUpload.php @@ -755,11 +755,11 @@ class UploadForm { $magic =& wfGetMimeMagic(); if ( ! $mime || $mime == 'unknown' || $mime == 'unknown/unknown' ) - if ( ! $magic->getTypesForExtension( $extension ) ) { - wfDebug( "$fname: passing file with unknown mime type and unknown extension\n" ); + if ( ! $magic->isRecognizableExtension( $extension ) ) { + wfDebug( "$fname: passing file with unknown detected mime type; unrecognized extension '$extension', can't verify\n" ); return true; } else { - wfDebug( "$fname: rejecting file with unknown mime type but known extension\n" ); + wfDebug( "$fname: rejecting file with unknown detected mime type; recognized extension '$extension', so probably invalid file\n" ); return false; }