diff options
| author | Brion Vibber <brion@users.mediawiki.org> | 2005-10-08 05:58:36 +0000 |
|---|---|---|
| committer | Brion Vibber <brion@users.mediawiki.org> | 2005-10-08 05:58:36 +0000 |
| commit | e879cebcdfb00f66718a4db9f776c0f6f211234e (patch) | |
| tree | aa044b39b87e2aaa95ba248bc432b5f020f73dc3 | |
| parent | 9a9f7f00d24e0b4dcf4d427f300425d765eaef61 (diff) | |
| download | mediawikicore-e879cebcdfb00f66718a4db9f776c0f6f211234e.tar.gz mediawikicore-e879cebcdfb00f66718a4db9f776c0f6f211234e.zip | |
Copy fixes to fix from head
Notes
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/11237
| -rw-r--r-- | includes/MimeMagic.php | 21 | ||||
| -rw-r--r-- | includes/SpecialUpload.php | 6 |
2 files changed, 24 insertions, 3 deletions
diff --git a/includes/MimeMagic.php b/includes/MimeMagic.php index 5be0ee602954..d72041256522 100644 --- a/includes/MimeMagic.php +++ b/includes/MimeMagic.php @@ -304,6 +304,27 @@ class MimeMagic { return in_array( $mime, $types ); } + /** + * Returns true if the extension represents a type which can + * be reliably detected from its content. Use this to determine + * whether strict content checks should be applied to reject + * invalid uploads; if we can't identify the type we won't + * be able to say if it's invalid. + * + * @todo Be more accurate when using fancy mime detector plugins; + * right now this is the bare minimum getimagesize() list. + * @return bool + */ + function isRecognizableExtension( $extension ) { + static $types = array( + 'gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', + 'bmp', 'tiff', 'tif', 'jpc', 'jp2', + 'jpx', 'jb2', 'swc', 'iff', 'wbmp', + 'xbm' + ); + return in_array( strtolower( $extension ), $types ); + } + /** mime type detection. This uses detectMimeType to detect the mim type of the file, * but applies additional checks to determine some well known file formats that may be missed diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php index b12067421f54..52d145b88e2e 100644 --- a/includes/SpecialUpload.php +++ b/includes/SpecialUpload.php @@ -701,11 +701,11 @@ class UploadForm { $magic =& wfGetMimeMagic(); if ( ! $mime || $mime == 'unknown' || $mime == 'unknown/unknown' ) - if ( ! $magic->getTypesForExtension( $extension ) ) { - wfDebug( "$fname: passing file with unknown mime type and unknown extension\n" ); + if ( ! $magic->isRecognizableExtension( $extension ) ) { + wfDebug( "$fname: passing file with unknown detected mime type; unrecognized extension '$extension', can't verify\n" ); return true; } else { - wfDebug( "$fname: rejecting file with unknown mime type but known extension\n" ); + wfDebug( "$fname: rejecting file with unknown detected mime type; recognized extension '$extension', so probably invalid file\n" ); return false; } |