dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2305e76)
Be stricter for file types where we don't know canonical extension
authorBrian Wolff <bawolff+wn@gmail.com>
Mon, 19 Aug 2013 23:41:28 +0000 (16:41 -0700)
committerBrian Wolff <bawolff+wn@gmail.com>
Wed, 21 Aug 2013 17:34:10 +0000 (17:34 +0000)
Previously if a file had a format, where we didn't have an
extension associated with it in mime.types, people could upload
it with any extension that is in $wgFileExtensions. This meant
people could upload a non-allowed file type if it had an allowed
extension, and the non-allowed file type didn't have a canonical
extension in mime.types

Bug: 39012
Change-Id: Ib373fafdfceceed65fbd23cf468f3c19196545c9

RELEASE-NOTES-1.22 patch | blob | history
includes/upload/UploadBase.php patch | blob | history

diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index 45a6eef..6f809ad 100644 (file)
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -263,6 +263,9 @@ production.
   adding a new topic on a page
 * (bug 41756) Improve treatment of multiple comments on a blank line.
 * (bug 51064) Purge upstream caches when deleting file assets.
+* (bug 39012) File types with a mime that we do not know the extension for
+  can no longer be uploaded as an extension that we do know the mime type
+  for.
 
 === API changes in 1.22 ===
 * (bug 25553) The JSON output formatter now leaves forward slashes unescaped
diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index b6ea4c8..37dc7cb 100644 (file)
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -940,8 +940,13 @@ abstract class UploadBase {
                $match = $magic->isMatchingExtension( $extension, $mime );
 
                if ( $match === null ) {
-                       wfDebug( __METHOD__ . ": no file extension known for mime type $mime, passing file\n" );
-                       return true;
+                       if ( $magic->getTypesForExtension( $extension ) !== null ) {
+                               wfDebug( __METHOD__ . ": No extension known for $mime, but we know a mime for $extension\n" );
+                               return false;
+                       } else {
+                               wfDebug( __METHOD__ . ": no file extension known for mime type $mime, passing file\n" );
+                               return true;
+                       }
                } elseif ( $match === true ) {
                        wfDebug( __METHOD__ . ": mime type $mime matches extension $extension, passing file\n" );
 
Wiklou, le Wiki du Wiklou