dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3535473)
Sanitize evil php.ini values. Thanks to Simetrical
authorRaimond Spekking <raymond@users.mediawiki.org>
Thu, 27 Mar 2008 21:34:14 +0000 (21:34 +0000)
committerRaimond Spekking <raymond@users.mediawiki.org>
Thu, 27 Mar 2008 21:34:14 +0000 (21:34 +0000)
includes/SpecialUpload.php patch | blob | history

diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php
index 24e1083..9dae81d 100644 (file)
--- a/includes/SpecialUpload.php
+++ b/includes/SpecialUpload.php
@@ -983,7 +983,7 @@ wgUploadAutoFill = {$autofill};
                # Get the maximum file size from php.ini as $wgMaxUploadSize works for uploads from URL via CURL only
                # See http://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize for possible values of upload_max_filesize
                $val = trim( ini_get( 'upload_max_filesize' ) );
-               $last = ( substr( $val, -1 ) );
+               $last = strtoupper( ( substr( $val, -1 ) ) );
                switch( $last ) {
                        case 'G':
                                $val2 = substr( $val, 0, -1 ) * 1024 * 1024 * 1024;
@@ -998,7 +998,7 @@ wgUploadAutoFill = {$autofill};
                                $val2 = $val;
                }
                $val2 = $wgAllowCopyUploads ? min( $wgMaxUploadSize, $val2 ) : $val2;
-               $maxUploadSize = wfMsgExt( 'upload-maxfilesize', 'parseinline', $wgLang->formatSize( $val2 ) );
+               $maxUploadSize = wfMsgExt( 'upload-maxfilesize', array( 'parseinline', 'escape' ), $wgLang->formatSize( $val2 ) );
 
                $sourcefilename = wfMsgExt( 'sourcefilename', 'escapenoentities' );
                $destfilename = wfMsgExt( 'destfilename', 'escapenoentities' );
Wiklou, le Wiki du Wiklou