diff options
Diffstat (limited to 'includes/upload/UploadStash.php')
| -rw-r--r-- | includes/upload/UploadStash.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/includes/upload/UploadStash.php b/includes/upload/UploadStash.php index c7fd23a9..53a90582 100644 --- a/includes/upload/UploadStash.php +++ b/includes/upload/UploadStash.php @@ -422,6 +422,7 @@ class UploadStash { * @return string */ public static function getExtensionForPath( $path ) { + global $wgFileBlacklist; // Does this have an extension? $n = strrpos( $path, '.' ); $extension = null; @@ -441,7 +442,15 @@ class UploadStash { throw new UploadStashFileException( "extension is null" ); } - return File::normalizeExtension( $extension ); + $extension = File::normalizeExtension( $extension ); + if ( in_array( $extension, $wgFileBlacklist ) ) { + // The file should already be checked for being evil. + // However, if somehow we got here, we definitely + // don't want to give it an extension of .php and + // put it in a web accesible directory. + return ''; + } + return $extension; } /** |