Last modified: 2010-05-15 15:28:04 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 1681 - File extension is improperly parsed when filename contains a dot
File extension is improperly parsed when filename contains a dot
Product: MediaWiki
Classification: Unclassified
File management (Other open bugs)
All All
: Normal normal with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
: patch
: 3836 (view as bug list)
Depends on:
  Show dependency treegraph
Reported: 2005-03-10 17:39 UTC by Nick Purvis
Modified: 2010-05-15 15:28 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

SpecialUpload.php (against HEAD and REL1_4) (577 bytes, patch)
2005-03-10 20:34 UTC, Ævar Arnfjörð Bjarmason

Description Nick Purvis 2005-03-10 17:39:35 UTC
When uploading a file which contains a . in the filename, the file extension is improperly reported 
from implode(). For example, when uploading "ADFVersion1.0.doc", the file extension is determined 
as "0.doc"
Comment 1 Ævar Arnfjörð Bjarmason 2005-03-10 20:34:05 UTC
Created attachment 363 [details]
SpecialUpload.php (against HEAD and REL1_4)

A patch against HEAD and REL1_4 which fixes the issue.
Comment 2 Brion Vibber 2005-03-10 22:21:14 UTC
Multiple extensions are checked to protect against multiple extension attacks, such 
as uploading "Hack.php.ogg" which would in older versions be passed as OGG but 
on some web server configurations would be interpreted as executable PHP.
Comment 3 lɛʁi לערי ריינהארט 2005-10-30 21:54:14 UTC
*** Bug 3836 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.