From 393e0d71f4c5478bea53ff62ff818aebbabb3e40 Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Wed, 22 May 2013 00:45:21 +0200 Subject: Update to MediaWiki 1.20.6 --- includes/upload/UploadBase.php | 75 +++++++++++++++++++++++++++++------------- 1 file changed, 52 insertions(+), 23 deletions(-) (limited to 'includes/upload/UploadBase.php') diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index 3a5733ca..0848780f 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -345,6 +345,8 @@ abstract class UploadBase { /** * Verify the mime type * + * @note Only checks that it is not an evil mime. The does it have + * correct extension given its mime type check is in verifyFile. * @param $mime string representing the mime * @return mixed true if the file is verified, an array otherwise */ @@ -359,12 +361,6 @@ abstract class UploadBase { return array( 'filetype-badmime', $mime ); } - # XXX: Missing extension will be caught by validateName() via getTitle() - if ( $this->mFinalExtension != '' && !$this->verifyExtension( $mime, $this->mFinalExtension ) ) { - wfProfileOut( __METHOD__ ); - return array( 'filetype-mime-mismatch', $this->mFinalExtension, $mime ); - } - # Check IE type $fp = fopen( $this->mTempPath, 'rb' ); $chunk = fread( $fp, 256 ); @@ -391,6 +387,56 @@ abstract class UploadBase { * @return mixed true of the file is verified, array otherwise. */ protected function verifyFile() { + global $wgVerifyMimeType; + wfProfileIn( __METHOD__ ); + + $status = $this->verifyPartialFile(); + if ( $status !== true ) { + wfProfileOut( __METHOD__ ); + return $status; + } + + if ( $wgVerifyMimeType ) { + $this->mFileProps = FSFile::getPropsFromPath( $this->mTempPath, $this->mFinalExtension ); + $mime = $this->mFileProps['file-mime']; + + # XXX: Missing extension will be caught by validateName() via getTitle() + if ( $this->mFinalExtension != '' && !$this->verifyExtension( $mime, $this->mFinalExtension ) ) { + wfProfileOut( __METHOD__ ); + return array( 'filetype-mime-mismatch', $this->mFinalExtension, $mime ); + } + } + + $handler = MediaHandler::getHandler( $mime ); + if ( $handler ) { + $handlerStatus = $handler->verifyUpload( $this->mTempPath ); + if ( !$handlerStatus->isOK() ) { + $errors = $handlerStatus->getErrorsArray(); + wfProfileOut( __METHOD__ ); + return reset( $errors ); + } + } + + wfRunHooks( 'UploadVerifyFile', array( $this, $mime, &$status ) ); + if ( $status !== true ) { + wfProfileOut( __METHOD__ ); + return $status; + } + + wfDebug( __METHOD__ . ": all clear; passing.\n" ); + wfProfileOut( __METHOD__ ); + return true; + } + + /** + * A verification routine suitable for partial files + * + * Runs the blacklist checks, but not any checks that may + * assume the entire file is present. + * + * @return Mixed true for valid or array with error message key. + */ + protected function verifyPartialFile() { global $wgAllowJavaUploads, $wgDisableUploadScriptChecks; wfProfileIn( __METHOD__ ); @@ -449,23 +495,6 @@ abstract class UploadBase { return array( 'uploadvirus', $virus ); } - $handler = MediaHandler::getHandler( $mime ); - if ( $handler ) { - $handlerStatus = $handler->verifyUpload( $this->mTempPath ); - if ( !$handlerStatus->isOK() ) { - $errors = $handlerStatus->getErrorsArray(); - wfProfileOut( __METHOD__ ); - return reset( $errors ); - } - } - - wfRunHooks( 'UploadVerifyFile', array( $this, $mime, &$status ) ); - if ( $status !== true ) { - wfProfileOut( __METHOD__ ); - return $status; - } - - wfDebug( __METHOD__ . ": all clear; passing.\n" ); wfProfileOut( __METHOD__ ); return true; } -- cgit v1.2.2