r80766 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r80765‎ \| r80766 \| r80767 >
Date:	20:33, 22 January 2011
Author:	btongminh
Status:	ok (Comments)
Tags:
Comment:	(bug 26809) Uploading files with multiple extensions where one of the extensions is blacklisted now gives the proper extension in the error message.
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/specials/SpecialUpload.php (modified) (history) /trunk/phase3/includes/upload/UploadBase.php (modified) (history) /trunk/phase3/languages/messages/MessagesEn.php (modified) (history) /trunk/phase3/languages/messages/MessagesQqq.php (modified) (history)

Diff [purge]

Index: trunk/phase3/languages/messages/MessagesQqq.php
—	—	@@ -1752,9 +1752,10 @@
1753	1753	'filetype-unwanted-type' => "* $1 is the extension of the file which cannot be uploaded
1754	1754	* $2 is the list of file extensions that can be uploaded (Example: ''png, gif, jpg, jpeg, ogg, pdf, svg.'')
1755	1755	* $3 is the number of allowed file formats (to be used for the PLURAL function)",
1756		~~-'filetype-banned-type' => "* $1 is the extension of the file which cannot be uploaded~~
	1756	+'filetype-banned-type' => "* $1 is the extension(s) of the file which cannot be uploaded
1757	1757	* $2 is the list of file extensions that can be uploaded (Example: ''png, gif, jpg, jpeg, ogg, pdf, svg.'')
1758		~~-* $3 is the number of allowed file formats (to be used for the PLURAL function)",~~
	1758	+* $3 is the number of allowed file formats (to be used for the PLURAL function)
	1759	+* $4 is the number of extensions that could not be uploaded (to be used for the PLURAL function)",
1759	1760	'filetype-missing' => 'Error when uploading a file with no extension',
1760	1761	'verification-error' => 'Error message shown when an uploaded file contents does not pass verification, i.e. the file is corrupted, it is not the type it claims to be etc.',
1761	1762	'large-file' => 'Variables $1 and $2 have appropriate unit symbols already. See for example [[Mediawiki:size-kilobytes]].',
Index: trunk/phase3/languages/messages/MessagesEn.php
—	—	@@ -2114,7 +2114,7 @@
2115	2115	'filetype-bad-ie-mime' => 'Cannot upload this file because Internet Explorer would detect it as "$1", which is a disallowed and potentially dangerous file type.',
2116	2116	'filetype-unwanted-type' => "'''\".\$1\"''' is an unwanted file type.
2117	2117	Preferred {{PLURAL:\$3\|file type is\|file types are}} \$2.",
2118		~~-'filetype-banned-type' => "'''\".\$1\"''' is not a permitted file type.~~
	2118	+'filetype-banned-type' => "'''\".\$1\"''' {{PLURAL:\$4\|is not a permitted file type\|are not permitted file types}}.
2119	2119	Permitted {{PLURAL:\$3\|file type is\|file types are}} \$2.",
2120	2120	'filetype-missing' => 'The file has no extension (like ".jpg").',
2121	2121	'empty-file' => 'The file you submitted was empty.',
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -103,6 +103,8 @@
104	104	and add a comment to the ini control file explaining what is going on.
105	105	* Trying to upload a file with no extension or with a disallowed MIME type now gives
106	106	the right message instead of complaining about a MIME/extension mismatch
	107	+* (bug 26809) Uploading files with multiple extensions where one of the extensions
	108	+ is blacklisted now gives the proper extension in the error message.
107	109
108	110	=== API changes in 1.18 ===
109	111	* (bug 26339) Throw warning when truncating an overlarge API result
Index: trunk/phase3/includes/specials/SpecialUpload.php
—	—	@@ -583,18 +583,26 @@
584	584	$this->showUploadError( wfMsgHtml( 'largefileserver' ) );
585	585	break;
586	586	case UploadBase::FILETYPE_BADTYPE:
587		~~- $finalExt = $details['finalExt'];~~
588		~~- $this->showUploadError(~~
589		~~- wfMsgExt( 'filetype-banned-type',~~
590		~~- array( 'parseinline' ),~~
591		~~- htmlspecialchars( $finalExt ),~~
592		~~- implode(~~
593		~~- wfMsgExt( 'comma-separator', array( 'escapenoentities' ) ),~~
594		~~- $wgFileExtensions~~
595		~~- ),~~
596		~~- $wgLang->formatNum( count( $wgFileExtensions ) )~~
597		~~- )~~
598		~~- );~~
	587	+ $msg = wfMessage( 'filetype-banned-type' );
	588	+ $sep = wfMsg( 'comma-separator' );
	589	+ if ( isset( $details['blacklistedExt'] ) ) {
	590	+ $msg->params( implode( $sep, $details['blacklistedExt'] ) );
	591	+ } else {
	592	+ $msg->params( $details['finalExt'] );
	593	+ }
	594	+ $msg->params( implode( $sep, $wgFileExtensions ),
	595	+ count( $wgFileExtensions ) );
	596	+
	597	+ // Add PLURAL support for the first parameter. This results
	598	+ // in a bit unlogical parameter sequence, but does not break
	599	+ // old translations
	600	+ if ( isset( $details['blacklistedExt'] ) ) {
	601	+ $msg->numParams( count( $details['blacklistedExt'] ) );
	602	+ } else {
	603	+ $msg->numParams( 1 );
	604	+ }
	605	+
	606	+ $this->showUploadError( $msg->parse() );
599	607	break;
600	608	case UploadBase::VERIFICATION_ERROR:
601	609	unset( $details['status'] );
Index: trunk/phase3/includes/upload/UploadBase.php
—	—	@@ -287,6 +287,9 @@
288	288	}
289	289	if ( $this->mTitleError == self::FILETYPE_BADTYPE ) {
290	290	$result['finalExt'] = $this->mFinalExtension;
	291	+ if ( count( $this->mBlackListedExtensions ) ) {
	292	+ $result['blacklistedExt'] = $this->mBlackListedExtensions;
	293	+ }
291	294	}
292	295	return $result;
293	296	}
—	—	@@ -566,12 +569,16 @@
567	570	/* Don't allow users to override the blacklist (check file extension) */
568	571	global $wgCheckFileExtensions, $wgStrictFileExtensions;
569	572	global $wgFileExtensions, $wgFileBlacklist;
	573	+
	574	+ $blackListedExtensions = $this->checkFileExtensionList( $ext, $wgFileBlacklist );
	575	+
570	576	if ( $this->mFinalExtension == '' ) {
571	577	$this->mTitleError = self::FILETYPE_MISSING;
572	578	return $this->mTitle = null;
573		~~- } elseif ( $this->checkFileExtensionList( $ext, $wgFileBlacklist ) \|\|~~
	579	+ } elseif ( $blackListedExtensions \|\|
574	580	( $wgCheckFileExtensions && $wgStrictFileExtensions &&
575	581	!$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) ) {
	582	+ $this->mBlackListedExtensions = $blackListedExtensions;
576	583	$this->mTitleError = self::FILETYPE_BADTYPE;
577	584	return $this->mTitle = null;
578	585	}
—	—	@@ -699,19 +706,14 @@
700	707
701	708	/**
702	709	* Perform case-insensitive match against a list of file extensions.
703		~~- * Returns true if any of the extensions are in the list.~~
	710	+ * Returns an array of matching extensions.
704	711	*
705	712	* @param $ext Array
706	713	* @param $list Array
707	714	* @return Boolean
708	715	*/
709	716	public static function checkFileExtensionList( $ext, $list ) {
710		~~- foreach( $ext as $e ) {~~
711		~~- if( in_array( strtolower( $e ), $list ) ) {~~
712		~~- return true;~~
713		~~- }~~
714		~~- }~~
715		~~- return false;~~
	717	+ return array_intersect( array_map( 'strtolower', $ext ), $list );
716	718	}
717	719
718	720	/**

Follow-up revisions

Revision	Commit summary	Author	Date
r81140	Remove empty statement (r80993) and unused global (r80766).	platonides	17:34, 28 January 2011

Comments

#Comment by Catrope (talk | contribs) 21:08, 15 July 2011

+					$msg->params( implode( $sep, $details['blacklistedExt'] ) );

Instead of imploding with the comma separator yourself, you should probably use $wgLang->commaList() where you duplicated part (but not all, there's a few differing details such as parsemag) of this logic from.

Looks good to me otherwise, marking OK.

Status & tagging log

21:08, 15 July 2011 Catrope (talk | contribs) changed the status of r80766 [removed: new added: ok]