[MediaWiki-commits] [Gerrit] When checking whitelist of extensions, only count last exten... - change (mediawiki/core)

Brian Wolff (Code Review) Sun, 09 Mar 2014 00:12:25 -0800

Brian Wolff has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/117668


Change subject: When checking whitelist of extensions, only count last 
extension.
......................................................................

When checking whitelist of extensions, only count last extension.

When we are doing blacklisted extensions, we count all extensions
as some programs (like apache sometimes) consider extensions that
aren't the final extension. However when doing whitelists we need
to only count the last extension, otherwise people can name files
foo.goodExt.BadExt. For example [[commons:File:Deamado ko.png.bmp]]

I do not believe this represents a security risk as bad files are
still filtered out. However it does allow unwanted files to be
uploaded.

Bug: 62451
Change-Id: Ie27c15f749812710571f432bc5915e498f8017e3
---
M includes/upload/UploadBase.php
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/68/117668/1

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index db7a24e..6cce4ac 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -786,7 +786,7 @@
                        return $this->mTitle;
                } elseif ( $blackListedExtensions ||
                                ( $wgCheckFileExtensions && 
$wgStrictFileExtensions &&
-                                       !$this->checkFileExtensionList( $ext, 
$wgFileExtensions ) ) ) {
+                                       !$this->checkFileExtension( 
$this->mFinalExtension, $wgFileExtensions ) ) ) {
                        $this->mBlackListedExtensions = $blackListedExtensions;
                        $this->mTitleError = self::FILETYPE_BADTYPE;
                        $this->mTitle = null;

-- 
To view, visit https://gerrit.wikimedia.org/r/117668
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie27c15f749812710571f432bc5915e498f8017e3
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Brian Wolff <bawolff...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] When checking whitelist of extensions, only count last exten... - change (mediawiki/core)

Reply via email to