update to MediaWiki 1.17.0

1 files changed, 397 insertions, 128 deletions

diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index 877f7cf6..940b693f 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -1,35 +1,28 @@
 <?php
 /**
  * Deal with importing all those nasssty globals and things
+ *
+ * Copyright © 2003 Brion Vibber <brion@pobox.com>
+ * http://www.mediawiki.org/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
  */
 
-# Copyright (C) 2003 Brion Vibber <brion@pobox.com>
-# http://www.mediawiki.org/
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along
-# with this program; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-# http://www.gnu.org/copyleft/gpl.html
-
-
-/**
- * Some entry points may use this file without first enabling the
- * autoloader.
- */
-if ( !function_exists( '__autoload' ) ) {
-	require_once( dirname(__FILE__) . '/normal/UtfNormal.php' );
-}
-
 /**
  * The WebRequest class encapsulates getting at data passed in the
  * URL or via a POSTed form, handling remove of "magic quotes" slashes,
@@ -44,7 +37,12 @@ if ( !function_exists( '__autoload' ) ) {
  */
 class WebRequest {
 	protected $data, $headers = array();
-	private $_response;
+
+	/**
+	 * Lazy-init response object
+	 * @var WebResponse
+	 */
+	private $response;
 
 	public function __construct() {
 		/// @todo Fixme: this preemptive de-quoting can interfere with other web libraries
@@ -67,6 +65,11 @@ class WebRequest {
 	public function interpolateTitle() {
 		global $wgUsePathInfo;
 
+		// bug 16019: title interpolation on API queries is useless and possible harmful
+		if ( defined( 'MW_API' ) ) {
+			return;
+		}
+
 		if ( $wgUsePathInfo ) {
 			// PATH_INFO is mangled due to http://bugs.php.net/bug.php?id=31892
 			// And also by Apache 2.x, double slashes are converted to single slashes.
@@ -160,6 +163,7 @@ class WebRequest {
 	/**
 	 * Recursively strips slashes from the given array;
 	 * used for undoing the evil that is magic_quotes_gpc.
+	 *
 	 * @param $arr array: will be modified
 	 * @return array the original array
 	 */
@@ -195,6 +199,7 @@ class WebRequest {
 
 	/**
 	 * Recursively normalizes UTF-8 strings in the given array.
+	 *
 	 * @param $data string or array
 	 * @return cleaned-up version of the given
 	 * @private
@@ -214,9 +219,9 @@ class WebRequest {
 	/**
 	 * Fetch a value from the given array or return $default if it's not set.
 	 *
-	 * @param $arr array
-	 * @param $name string
-	 * @param $default mixed
+	 * @param $arr Array
+	 * @param $name String
+	 * @param $default Mixed
 	 * @return mixed
 	 */
 	private function getGPCVal( $arr, $name, $default ) {
@@ -247,9 +252,9 @@ class WebRequest {
 	 * non-freeform text inputs (e.g. predefined internal text keys
 	 * selected by a drop-down menu). For freeform input, see getText().
 	 *
-	 * @param $name string
-	 * @param $default string: optional default (or NULL)
-	 * @return string
+	 * @param $name String
+	 * @param $default String: optional default (or NULL)
+	 * @return String
 	 */
 	public function getVal( $name, $default = null ) {
 		$val = $this->getGPCVal( $this->data, $name, $default );
@@ -265,9 +270,10 @@ class WebRequest {
 
 	/**
 	 * Set an aribtrary value into our get/post data.
-	 * @param $key string Key name to use
-	 * @param $value mixed Value to set
-	 * @return mixed old value if one was present, null otherwise
+	 *
+	 * @param $key String: key name to use
+	 * @param $value Mixed: value to set
+	 * @return Mixed: old value if one was present, null otherwise
 	 */
 	public function setVal( $key, $value ) {
 		$ret = isset( $this->data[$key] ) ? $this->data[$key] : null;
@@ -280,9 +286,9 @@ class WebRequest {
 	 * If source was scalar, will return an array with a single element.
 	 * If no source and no default, returns NULL.
 	 *
-	 * @param $name string
-	 * @param $default array: optional default (or NULL)
-	 * @return array
+	 * @param $name String
+	 * @param $default Array: optional default (or NULL)
+	 * @return Array
 	 */
 	public function getArray( $name, $default = null ) {
 		$val = $this->getGPCVal( $this->data, $name, $default );
@@ -299,9 +305,9 @@ class WebRequest {
 	 * If no source and no default, returns NULL.
 	 * If an array is returned, contents are guaranteed to be integers.
 	 *
-	 * @param $name string
-	 * @param $default array: option default (or NULL)
-	 * @return array of ints
+	 * @param $name String
+	 * @param $default Array: option default (or NULL)
+	 * @return Array of ints
 	 */
 	public function getIntArray( $name, $default = null ) {
 		$val = $this->getArray( $name, $default );
@@ -315,9 +321,10 @@ class WebRequest {
 	 * Fetch an integer value from the input or return $default if not set.
 	 * Guaranteed to return an integer; non-numeric input will typically
 	 * return 0.
-	 * @param $name string
-	 * @param $default int
-	 * @return int
+	 *
+	 * @param $name String
+	 * @param $default Integer
+	 * @return Integer
 	 */
 	public function getInt( $name, $default = 0 ) {
 		return intval( $this->getVal( $name, $default ) );
@@ -327,8 +334,9 @@ class WebRequest {
 	 * Fetch an integer value from the input or return null if empty.
 	 * Guaranteed to return an integer or null; non-numeric input will
 	 * typically return null.
-	 * @param $name string
-	 * @return int
+	 *
+	 * @param $name String
+	 * @return Integer
 	 */
 	public function getIntOrNull( $name ) {
 		$val = $this->getVal( $name );
@@ -341,20 +349,35 @@ class WebRequest {
 	 * Fetch a boolean value from the input or return $default if not set.
 	 * Guaranteed to return true or false, with normal PHP semantics for
 	 * boolean interpretation of strings.
-	 * @param $name string
-	 * @param $default bool
-	 * @return bool
+	 *
+	 * @param $name String
+	 * @param $default Boolean
+	 * @return Boolean
 	 */
 	public function getBool( $name, $default = false ) {
-		return $this->getVal( $name, $default ) ? true : false;
+		return (bool)$this->getVal( $name, $default );
+	}
+	
+	/**
+	 * Fetch a boolean value from the input or return $default if not set.
+	 * Unlike getBool, the string "false" will result in boolean false, which is
+	 * useful when interpreting information sent from JavaScript.
+	 *
+	 * @param $name String
+	 * @param $default Boolean
+	 * @return Boolean
+	 */
+	public function getFuzzyBool( $name, $default = false ) {
+		return $this->getBool( $name, $default ) && strcasecmp( $this->getVal( $name ), 'false' ) !== 0;
 	}
 
 	/**
 	 * Return true if the named value is set in the input, whatever that
 	 * value is (even "0"). Return false if the named value is not set.
 	 * Example use is checking for the presence of check boxes in forms.
-	 * @param $name string
-	 * @return bool
+	 *
+	 * @param $name String
+	 * @return Boolean
 	 */
 	public function getCheck( $name ) {
 		# Checkboxes and buttons are only present when clicked
@@ -365,15 +388,15 @@ class WebRequest {
 
 	/**
 	 * Fetch a text string from the given array or return $default if it's not
-	 * set. \r is stripped from the text, and with some language modules there
-	 * is an input transliteration applied. This should generally be used for
-	 * form <textarea> and <input> fields. Used for user-supplied freeform text
-	 * input (for which input transformations may be required - e.g. Esperanto
-	 * x-coding).
+	 * set. Carriage returns are stripped from the text, and with some language
+	 * modules there is an input transliteration applied. This should generally
+	 * be used for form <textarea> and <input> fields. Used for user-supplied
+	 * freeform text input (for which input transformations may be required - e.g.
+	 * Esperanto x-coding).
 	 *
-	 * @param $name string
-	 * @param $default string: optional
-	 * @return string
+	 * @param $name String
+	 * @param $default String: optional
+	 * @return String
 	 */
 	public function getText( $name, $default = '' ) {
 		global $wgContLang;
@@ -410,7 +433,7 @@ class WebRequest {
 	 * Note that values retrieved by the object may come from the
 	 * GET URL etc even on a POST request.
 	 *
-	 * @return bool
+	 * @return Boolean
 	 */
 	public function wasPosted() {
 		return $_SERVER['REQUEST_METHOD'] == 'POST';
@@ -425,15 +448,32 @@ class WebRequest {
 	 * during the current request (in which case the cookie will
 	 * be sent back to the client at the end of the script run).
 	 *
-	 * @return bool
+	 * @return Boolean
 	 */
 	public function checkSessionCookie() {
-		return isset( $_COOKIE[session_name()] );
+		return isset( $_COOKIE[ session_name() ] );
+	}
+
+	/**
+	 * Get a cookie from the $_COOKIE jar
+	 *
+	 * @param $key String: the name of the cookie
+	 * @param $prefix String: a prefix to use for the cookie name, if not $wgCookiePrefix
+	 * @param $default Mixed: what to return if the value isn't found
+	 * @return Mixed: cookie value or $default if the cookie not set
+	 */
+	public function getCookie( $key, $prefix = null, $default = null ) {
+		if( $prefix === null ) {
+			global $wgCookiePrefix;
+			$prefix = $wgCookiePrefix;
+		}
+		return $this->getGPCVal( $_COOKIE, $prefix . $key , $default );
 	}
 
 	/**
 	 * Return the path portion of the request URI.
-	 * @return string
+	 *
+	 * @return String
 	 */
 	public function getRequestURL() {
 		if( isset( $_SERVER['REQUEST_URI']) && strlen($_SERVER['REQUEST_URI']) ) {
@@ -468,7 +508,8 @@ class WebRequest {
 
 	/**
 	 * Return the request URI with the canonical service and hostname.
-	 * @return string
+	 *
+	 * @return String
 	 */
 	public function getFullRequestURL() {
 		global $wgServer;
@@ -478,7 +519,8 @@ class WebRequest {
 	/**
 	 * Take an arbitrary query and rewrite the present URL to include it
 	 * @param $query String: query string fragment; do not include initial '?'
-	 * @return string
+	 *
+	 * @return String
 	 */
 	public function appendQuery( $query ) {
 		global $wgTitle;
@@ -502,8 +544,9 @@ class WebRequest {
 
 	/**
 	 * HTML-safe version of appendQuery().
+	 *
 	 * @param $query String: query string fragment; do not include initial '?'
-	 * @return string
+	 * @return String
 	 */
 	public function escapeAppendQuery( $query ) {
 		return htmlspecialchars( $this->appendQuery( $query ) );
@@ -515,10 +558,11 @@ class WebRequest {
 
 	/**
 	 * Appends or replaces value of query variables.
+	 *
 	 * @param $array Array of values to replace/add to query
 	 * @param $onlyquery Bool: whether to only return the query string and not
 	 *                   the complete URL
-	 * @return string
+	 * @return String
 	 */
 	public function appendQueryArray( $array, $onlyquery = false ) {
 		global $wgTitle;
@@ -542,53 +586,59 @@ class WebRequest {
 		global $wgUser;
 
 		$limit = $this->getInt( 'limit', 0 );
-		if( $limit < 0 ) $limit = 0;
+		if( $limit < 0 ) {
+			$limit = 0;
+		}
 		if( ( $limit == 0 ) && ( $optionname != '' ) ) {
 			$limit = (int)$wgUser->getOption( $optionname );
 		}
-		if( $limit <= 0 ) $limit = $deflimit;
-		if( $limit > 5000 ) $limit = 5000; # We have *some* limits...
+		if( $limit <= 0 ) {
+			$limit = $deflimit;
+		}
+		if( $limit > 5000 ) {
+			$limit = 5000; # We have *some* limits...
+		}
 
 		$offset = $this->getInt( 'offset', 0 );
-		if( $offset < 0 ) $offset = 0;
+		if( $offset < 0 ) {
+			$offset = 0;
+		}
 
 		return array( $limit, $offset );
 	}
 
 	/**
 	 * Return the path to the temporary file where PHP has stored the upload.
+	 *
 	 * @param $key String:
 	 * @return string or NULL if no such file.
 	 */
 	public function getFileTempname( $key ) {
-		if( !isset( $_FILES[$key] ) ) {
-			return null;
-		}
-		return $_FILES[$key]['tmp_name'];
+		$file = new WebRequestUpload( $this, $key );
+		return $file->getTempName();
 	}
 
 	/**
 	 * Return the size of the upload, or 0.
+	 *
+	 * @deprecated
 	 * @param $key String:
 	 * @return integer
 	 */
 	public function getFileSize( $key ) {
-		if( !isset( $_FILES[$key] ) ) {
-			return 0;
-		}
-		return $_FILES[$key]['size'];
+		$file = new WebRequestUpload( $this, $key );
+		return $file->getSize();
 	}
 
 	/**
 	 * Return the upload error or 0
+	 *
 	 * @param $key String:
 	 * @return integer
 	 */
 	public function getUploadError( $key ) {
-		if( !isset( $_FILES[$key] ) || !isset( $_FILES[$key]['error'] ) ) {
-			return 0/*UPLOAD_ERR_OK*/;
-		}
-		return $_FILES[$key]['error'];
+		$file = new WebRequestUpload( $this, $key );
+		return $file->getError();
 	}
 
 	/**
@@ -603,31 +653,33 @@ class WebRequest {
 	 * @return string or NULL if no such file.
 	 */
 	public function getFileName( $key ) {
-		global $wgContLang;
-		if( !isset( $_FILES[$key] ) ) {
-			return null;
-		}
-		$name = $_FILES[$key]['name'];
+		$file = new WebRequestUpload( $this, $key );
+		return $file->getName();
+	}
 
-		# Safari sends filenames in HTML-encoded Unicode form D...
-		# Horrid and evil! Let's try to make some kind of sense of it.
-		$name = Sanitizer::decodeCharReferences( $name );
-		$name = $wgContLang->normalize( $name );
-		wfDebug( "WebRequest::getFileName() '" . $_FILES[$key]['name'] . "' normalized to '$name'\n" );
-		return $name;
+	/**
+	 * Return a WebRequestUpload object corresponding to the key
+	 *
+	 * @param @key string
+	 * @return WebRequestUpload
+	 */
+	public function getUpload( $key ) {
+		return new WebRequestUpload( $this, $key );
 	}
 
 	/**
 	 * Return a handle to WebResponse style object, for setting cookies,
 	 * headers and other stuff, for Request being worked on.
+	 *
+	 * @return WebResponse
 	 */
 	public function response() {
 		/* Lazy initialization of response object for this request */
-		if ( !is_object( $this->_response ) ) {
+		if ( !is_object( $this->response ) ) {
 			$class = ( $this instanceof FauxRequest ) ? 'FauxResponse' : 'WebResponse';
-			$this->_response = new $class();
+			$this->response = new $class();
 		}
-		return $this->_response;
+		return $this->response;
 	}
 
 	/**
@@ -649,6 +701,9 @@ class WebRequest {
 			}
 		} else {
 			$name = 'HTTP_' . str_replace( '-', '_', $name );
+			if ( $name === 'HTTP_CONTENT_LENGTH' && !isset( $_SERVER[$name] ) ) {
+				$name = 'CONTENT_LENGTH';
+			}
 			if ( isset( $_SERVER[$name] ) ) {
 				return $_SERVER[$name];
 			} else {
@@ -657,27 +712,86 @@ class WebRequest {
 		}
 	}
 
-	/*
+	/**
 	 * Get data from $_SESSION
-	 * @param $key String Name of key in $_SESSION
-	 * @return mixed
+	 *
+	 * @param $key String: name of key in $_SESSION
+	 * @return Mixed
 	 */
 	public function getSessionData( $key ) {
-		if( !isset( $_SESSION[$key] ) )
+		if( !isset( $_SESSION[$key] ) ) {
 			return null;
+		}
 		return $_SESSION[$key];
 	}
 
 	/**
 	 * Set session data
-	 * @param $key String Name of key in $_SESSION
-	 * @param $data mixed
+	 *
+	 * @param $key String: name of key in $_SESSION
+	 * @param $data Mixed
 	 */
 	public function setSessionData( $key, $data ) {
 		$_SESSION[$key] = $data;
 	}
 
 	/**
+	 * Check if Internet Explorer will detect an incorrect cache extension in 
+	 * PATH_INFO or QUERY_STRING. If the request can't be allowed, show an error
+	 * message or redirect to a safer URL. Returns true if the URL is OK, and
+	 * false if an error message has been shown and the request should be aborted.
+	 */
+	public function checkUrlExtension( $extWhitelist = array() ) {
+		global $wgScriptExtension;
+		$extWhitelist[] = ltrim( $wgScriptExtension, '.' );
+		if ( IEUrlExtension::areServerVarsBad( $_SERVER, $extWhitelist ) ) {
+			if ( !$this->wasPosted() ) {
+				$newUrl = IEUrlExtension::fixUrlForIE6(
+					$this->getFullRequestURL(), $extWhitelist );
+				if ( $newUrl !== false ) {
+					$this->doSecurityRedirect( $newUrl );
+					return false;
+				}
+			}
+			wfHttpError( 403, 'Forbidden',
+				'Invalid file extension found in the path info or query string.' );
+			
+			return false;
+		}
+		return true;
+	}
+
+	/**
+	 * Attempt to redirect to a URL with a QUERY_STRING that's not dangerous in 
+	 * IE 6. Returns true if it was successful, false otherwise.
+	 */
+	protected function doSecurityRedirect( $url ) {
+		header( 'Location: ' . $url );
+		header( 'Content-Type: text/html' );
+		$encUrl = htmlspecialchars( $url );
+		echo <<<HTML
+<html>
+<head>
+<title>Security redirect</title>
+</head>
+<body>
+<h1>Security redirect</h1>
+<p>
+We can't serve non-HTML content from the URL you have requested, because 
+Internet Explorer would interpret it as an incorrect and potentially dangerous
+content type.</p>
+<p>Instead, please use <a href="$encUrl">this URL</a>, which is the same as the URL you have requested, except that 
+"&amp;*" is appended. This prevents Internet Explorer from seeing a bogus file 
+extension.
+</p>
+</body>
+</html>
+HTML;
+		echo "\n";
+		return true;
+	}
+
+	/**
 	 * Returns true if the PATH_INFO ends with an extension other than a script
 	 * extension. This could confuse IE for scripts that send arbitrary data which
 	 * is not HTML but may be detected as such.
@@ -695,30 +809,163 @@ class WebRequest {
 	 */
 	public function isPathInfoBad() {
 		global $wgScriptExtension;
+		$extWhitelist[] = ltrim( $wgScriptExtension, '.' );
+		return IEUrlExtension::areServerVarsBad( $_SERVER, $extWhitelist );
+	}
+
+	/**
+	 * Parse the Accept-Language header sent by the client into an array
+	 * @return array( languageCode => q-value ) sorted by q-value in descending order
+	 * May contain the "language" '*', which applies to languages other than those explicitly listed.
+	 * This is aligned with rfc2616 section 14.4
+	 */
+	public function getAcceptLang() {
+		// Modified version of code found at http://www.thefutureoftheweb.com/blog/use-accept-language-header
+		$acceptLang = $this->getHeader( 'Accept-Language' );
+		if ( !$acceptLang ) {
+			return array();
+		}
+
+		// Return the language codes in lower case
+		$acceptLang = strtolower( $acceptLang );
+
+		// Break up string into pieces (languages and q factors)
+		$lang_parse = null;
+		preg_match_all( '/([a-z]{1,8}(-[a-z]{1,8})?|\*)\s*(;\s*q\s*=\s*(1|0(\.[0-9]+)?)?)?/',
+			$acceptLang, $lang_parse );
 
-		if ( isset( $_SERVER['QUERY_STRING'] ) 
-			&& preg_match( '/\.[^\\/:*?"<>|%]+(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
-		{
-			// Bug 28235
-			// Block only Internet Explorer, and requests with missing UA 
-			// headers that could be IE users behind a privacy proxy.
-			if ( !isset( $_SERVER['HTTP_USER_AGENT'] ) 
-				|| preg_match( '/; *MSIE/', $_SERVER['HTTP_USER_AGENT'] ) )
-			{
-				return true;
+		if ( !count( $lang_parse[1] ) ) {
+			return array();
+		}
+
+		// Create a list like "en" => 0.8
+		$langs = array_combine( $lang_parse[1], $lang_parse[4] );
+		// Set default q factor to 1
+		foreach ( $langs as $lang => $val ) {
+			if ( $val === '' ) {
+				$langs[$lang] = 1;
+			} else if ( $val == 0 ) {
+				unset($langs[$lang]);
 			}
 		}
 
-		if ( !isset( $_SERVER['PATH_INFO'] ) ) {
-			return false;
+		// Sort list
+		arsort( $langs, SORT_NUMERIC );
+		return $langs;
+	}
+}
+
+/**
+ * Object to access the $_FILES array
+ */
+class WebRequestUpload {
+	protected $request;
+	protected $doesExist;
+	protected $fileInfo;
+
+	/**
+	 * Constructor. Should only be called by WebRequest
+	 *
+	 * @param $request WebRequest The associated request
+	 * @param $key string Key in $_FILES array (name of form field)
+	 */
+	public function __construct( $request, $key ) {
+		$this->request = $request;
+		$this->doesExist = isset( $_FILES[$key] );
+		if ( $this->doesExist ) {
+			$this->fileInfo = $_FILES[$key];
 		}
-		$pi = $_SERVER['PATH_INFO'];
-		$dotPos = strrpos( $pi, '.' );
-		if ( $dotPos === false ) {
-			return false;
+	}
+
+	/**
+	 * Return whether a file with this name was uploaded.
+	 *
+	 * @return bool
+	 */
+	public function exists() {
+		return $this->doesExist;
+	}
+
+	/**
+	 * Return the original filename of the uploaded file
+	 *
+	 * @return mixed Filename or null if non-existent
+	 */
+	public function getName() {
+		if ( !$this->exists() ) {
+			return null;
+		}
+
+		global $wgContLang;
+		$name = $this->fileInfo['name'];
+
+		# Safari sends filenames in HTML-encoded Unicode form D...
+		# Horrid and evil! Let's try to make some kind of sense of it.
+		$name = Sanitizer::decodeCharReferences( $name );
+		$name = $wgContLang->normalize( $name );
+		wfDebug( __METHOD__ . ": {$this->fileInfo['name']} normalized to '$name'\n" );
+		return $name;
+	}
+
+	/**
+	 * Return the file size of the uploaded file
+	 *
+	 * @return int File size or zero if non-existent
+	 */
+	public function getSize() {
+		if ( !$this->exists() ) {
+			return 0;
+		}
+
+		return $this->fileInfo['size'];
+	}
+
+	/**
+	 * Return the path to the temporary file
+	 *
+	 * @return mixed Path or null if non-existent
+	 */
+	public function getTempName() {
+		if ( !$this->exists() ) {
+			return null;
+		}
+
+		return $this->fileInfo['tmp_name'];
+	}
+
+	/**
+	 * Return the upload error. See link for explanation
+	 * http://www.php.net/manual/en/features.file-upload.errors.php
+	 *
+	 * @return int One of the UPLOAD_ constants, 0 if non-existent
+	 */
+	public function getError() {
+		if ( !$this->exists() ) {
+			return 0; # UPLOAD_ERR_OK
 		}
-		$ext = substr( $pi, $dotPos );
-		return !in_array( $ext, array( $wgScriptExtension, '.php', '.php5' ) );
+
+		return $this->fileInfo['error'];
+	}
+
+	/**
+	 * Returns whether this upload failed because of overflow of a maximum set
+	 * in php.ini
+	 *
+	 * @return bool
+	 */
+	public function isIniSizeOverflow() {
+		if ( $this->getError() == UPLOAD_ERR_INI_SIZE ) {
+			# PHP indicated that upload_max_filesize is exceeded
+			return true;
+		}
+
+		$contentLength = $this->request->getHeader( 'CONTENT_LENGTH' );
+		if ( $contentLength > wfShorthandToInteger( ini_get( 'post_max_size' ) ) ) {
+			# post_max_size is exceeded
+			return true;
+		}
+
+		return false;
 	}
 }
 
@@ -730,12 +977,12 @@ class WebRequest {
 class FauxRequest extends WebRequest {
 	private $wasPosted = false;
 	private $session = array();
-	private $response;
 
 	/**
 	 * @param $data Array of *non*-urlencoded key => value pairs, the
 	 *   fake GET/POST values
 	 * @param $wasPosted Bool: whether to treat the data as POST
+	 * @param $session Mixed: session array or null
 	 */
 	public function __construct( $data, $wasPosted = false, $session = null ) {
 		if( is_array( $data ) ) {
@@ -774,7 +1021,25 @@ class FauxRequest extends WebRequest {
 	}
 
 	public function appendQuery( $query ) {
-		$this->notImplemented( __METHOD__ );
+		global $wgTitle;
+		$basequery = '';
+		foreach( $this->data as $var => $val ) {
+			if ( $var == 'title' ) {
+				continue;
+			}
+			if ( is_array( $val ) ) {
+				/* This will happen given a request like
+				 * http://en.wikipedia.org/w/index.php?title[]=Special:Userlogin&returnto[]=Main_Page
+				 */
+				continue;
+			}
+			$basequery .= '&' . urlencode( $var ) . '=' . urlencode( $val );
+		}
+		$basequery .= '&' . $query;
+
+		# Trim the extra &
+		$basequery = substr( $basequery, 1 );
+		return $wgTitle->getLocalURL( $basequery );
 	}
 
 	public function getHeader( $name ) {
@@ -791,10 +1056,14 @@ class FauxRequest extends WebRequest {
 	}
 
 	public function setSessionData( $key, $data ) {
-		$this->notImplemented( __METHOD__ );
+		$this->session[$key] = $data;
 	}
 
-	public function isPathInfoBad() {
+	public function isPathInfoBad( $extWhitelist = array() ) {
 		return false;
 	}
+
+	public function checkUrlExtension( $extWhitelist = array() ) {
+		return true;
+	}
 }