r32524 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r32523‎ \| r32524 \| r32525 >
Date:	21:34, 27 March 2008
Author:	raymond
Status:	old
Tags:
Comment:	Sanitize evil php.ini values. Thanks to Simetrical
Modified paths:	/trunk/phase3/includes/SpecialUpload.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/SpecialUpload.php
—	—	@@ -983,7 +983,7 @@
984	984	# Get the maximum file size from php.ini as $wgMaxUploadSize works for uploads from URL via CURL only
985	985	# See http://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize for possible values of upload_max_filesize
986	986	$val = trim( ini_get( 'upload_max_filesize' ) );
987		~~- $last = ( substr( $val, -1 ) );~~
	987	+ $last = strtoupper( ( substr( $val, -1 ) ) );
988	988	switch( $last ) {
989	989	case 'G':
990	990	$val2 = substr( $val, 0, -1 ) * 1024 * 1024 * 1024;
—	—	@@ -998,7 +998,7 @@
999	999	$val2 = $val;
1000	1000	}
1001	1001	$val2 = $wgAllowCopyUploads ? min( $wgMaxUploadSize, $val2 ) : $val2;
1002		~~- $maxUploadSize = wfMsgExt( 'upload-maxfilesize', 'parseinline', $wgLang->formatSize( $val2 ) );~~
	1002	+ $maxUploadSize = wfMsgExt( 'upload-maxfilesize', array( 'parseinline', 'escape' ), $wgLang->formatSize( $val2 ) );
1003	1003
1004	1004	$sourcefilename = wfMsgExt( 'sourcefilename', 'escapenoentities' );
1005	1005	$destfilename = wfMsgExt( 'destfilename', 'escapenoentities' );

15:25, 12 September 2011 Meno25 (talk | contribs) changed the status of r32524 [removed: ok added: old]