When we are doing blacklisted extensions, we count all extensions
as some programs (like apache sometimes) consider extensions that
aren't the final extension. However when doing whitelists we need
to only count the last extension, otherwise people can name files
foo.goodExt.BadExt. For example [[commons:File:Deamado ko.png.bmp]]
I do not believe this represents a security risk as bad files are
still filtered out. However it does allow unwanted files to be
uploaded.
Bug: 62451
Change-Id: Ie27c15f749812710571f432bc5915e498f8017e3
return $this->mTitle;
} elseif ( $blackListedExtensions ||
( $wgCheckFileExtensions && $wgStrictFileExtensions &&
- !$this->checkFileExtensionList( $ext, $wgFileExtensions ) ) ) {
+ !$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) ) {
$this->mBlackListedExtensions = $blackListedExtensions;
$this->mTitleError = self::FILETYPE_BADTYPE;
$this->mTitle = null;
dépôts / lhc / web / wiklou.git / commitdiff