Last modified: 2013-09-04 11:49:39 UTC
STEPS 1. Set $wgCheckFileExtensions to true (the default is already true). 2. Set $wgStrictFileExtensions to false (the default is true). 3. Make sure $wgFileExtensions is not empty (by default it's not empty) 4. Attempt to upload a file with an extension not in the preferred $wgFileExtensions list (and not blacklisted) such as "foo.xyz" for example. RESULT The upload form does not accept any files with extensions other than those in the $wgFileExtensions array. EXPECTED When $wgStrictFileExtensions is set to false, all uploads that are not blacklisted should be accepted. VERSIONS Affects 1.16 release. The trunk version also appears to be affected. Patches are attached for both REL1_16 and trunk.
Created attachment 7651 [details] REL1_16 patch
Created attachment 7652 [details] trunk patch
it works if you disable JS right ? This is because the JS code of the upload page is blocking the upload ? I believe we have another bug on that issue, but i can't find it right now.
Yes, upload.js is causing the problem, but it's not getting enough information to do it correctly.
Same problem in MediaWiki 1.16.0. The patch in comment 1 fixes it for me.
Comment on attachment 7651 [details] REL1_16 patch >+ if( $wgCheckFileExtensions && $wgStrictFileExtensions ) { >+ global $wgFileExtensions, $wgAjaxUploadInterface; >+ $vars['wgFileExtensions'] = $wgFileExtensions; >+ } if wgFileExtensions is not defined in JavaScript, it prevents the rest from working like pre-filling the "destination filename" field. You should set wgFileExtensions to NULL when wgCheckFileExtensions or wgStrictFileExtensions are false. else { $vars['wgFileExtensions'] = NULL; }
Giving this to Trevor since it involves JS
The patch works for 1.16.5, just tested.
Is this the same bug as #24022 - and therefor fixed in r68848 ?
Sounds very similar. r68848 and r68849 probably fix it. I'll verify and close once 1.17 is released.
*** Bug 27128 has been marked as a duplicate of this bug. ***
mackyle, did you have time to verify the fix? 1.17.0 is now out.
Finally I just went ahead and installed a new, separate, fresh installation of 1.17.0. It's still broken in 1.17.0 (and I've changed the version of this bug to reflect that). The steps are still the same. When bringing up the upload file page (with $wgStrictFileExtensions set to false), the page shows: Preferred file types: png, gif, jpg, jpeg. Prohibited file types: html, htm, js, jsb, mhtml, mht, xhtml, xht, php, phtml, php3, php4, php5, phps, shtml, jhtml, pl, py, cgi, exe, scr, dll, msi, vbs, bat, com, pif, cmd, vxd, cpl. I can successfully upload a .png/.jpg file with no problem. However, attempting to upload a .pdf file (notice it's not in the prohibited list) produces this output: ".pdf" is an unwanted file type. Preferred file types are $2. Please modify the file description below and try again. Yes, it really shows "$2" instead of an actual list of preferred types -- that's another bug. Also version 1.17.0 has changed enough that the previously provided patches no longer work to fix the problem and I haven't poked around enough to figure out a new patch for 1.17.0.
Never mind. You can just hit the big "Ignore warning and save file anyway" button down at the bottom of the dialog and continue on to save the file. Marking this resolved in 1.17.0.
Hold on, isn't that just a work-around? Should it not be not producing the message at all?
