r49470 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r49469‎ \| r49470 \| r49471 >
Date:	17:11, 14 April 2009
Author:	dale
Status:	deferred
Tags:
Comment:	fixes: bug 16414 Upload form should prevent submission of filename with disallowed extension
Modified paths:	/branches/new-upload/phase3/includes/Skin.php (modified) (history) /branches/new-upload/phase3/skins/common/upload.js (modified) (history)

Diff [purge]

Index: branches/new-upload/phase3/skins/common/upload.js
—	—	@@ -119,6 +119,13 @@
120	120	if (!document.getElementById) {
121	121	return;
122	122	}
	123	+ //remove any previously flagged errors
	124	+ var e = document.getElementById('mw-upload-permitted');
	125	+ if(e) e. className = '';
	126	+
	127	+ var e = document.getElementById('mw-upload-prohibited');
	128	+ if(e) e.className = '';
	129	+
123	130	var path = document.getElementById(id).value;
124	131	// Find trailing part
125	132	var slash = path.lastIndexOf('/');
—	—	@@ -131,7 +138,34 @@
132	139	} else {
133	140	fname = path.substring(backslash+1, 10000);
134	141	}
135		-
	142	+ //check for the wgFileExtensions and clear if not a valid fname extension
	143	+ if( wgFileExtensions ){
	144	+ var found = false;
	145	+ if( fname.lastIndexOf('.')!=-1 ){
	146	+ var ext = fname.substr( fname.lastIndexOf('.')+1 );
	147	+ for(var i=0; i < wgFileExtensions.length; i++){
	148	+ if( wgFileExtensions[i] == ext )
	149	+ found = true;
	150	+ }
	151	+ }
	152	+ if(!found){
	153	+ //clear the upload set mw-upload-permitted to error
	154	+ document.getElementById(id).value = '';
	155	+ var e = document.getElementById('mw-upload-permitted');
	156	+ if(e) e. className = 'error';
	157	+
	158	+ var e = document.getElementById('mw-upload-prohibited');
	159	+ if(e) e.className = 'error';
	160	+
	161	+ //clear the wpDestFile as well:
	162	+ var e = document.getElementById('wpDestFile')
	163	+ if(e) e.value = '';
	164	+
	165	+ //return false
	166	+ return false;
	167	+ }
	168	+ }
	169	+
136	170	// Capitalise first letter and replace spaces by underscores
137	171	fname = fname.charAt(0).toUpperCase().concat(fname.substring(1,10000)).replace(/ /g, '_');
138	172
Index: branches/new-upload/phase3/includes/Skin.php
—	—	@@ -384,6 +384,12 @@
385	385	'wgDigitTransformTable' => $compactDigitTransTable,
386	386	);
387	387
	388	+ //if on upload page output the extension list:
	389	+ if( SpecialPage::resolveAlias( $wgTitle->getDBkey() ) == "Upload" ){
	390	+ global $wgFileExtensions;
	391	+ $vars['wgFileExtensions'] = $wgFileExtensions;
	392	+ }
	393	+
388	394	if( $wgUseAjax && $wgEnableMWSuggest && !$wgUser->getOption( 'disablesuggest', false )){
389	395	$vars['wgMWSuggestTemplate'] = SearchEngine::getMWSuggestTemplate();
390	396	$vars['wgDBname'] = $wgDBname;

Status & tagging log

05:41, 2 June 2009 Tim Starling (talk | contribs) changed the status of r49470 [removed: new added: deferred]
19:46, 15 April 2009 Aaron Schulz (talk | contribs) changed the status of r49470 [removed: new added: deferred]