Last modified: 2010-05-15 15:28:04 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T3681, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 1681 - File extension is improperly parsed when filename contains a dot
File extension is improperly parsed when filename contains a dot
Status: RESOLVED INVALID
Product: MediaWiki
Classification: Unclassified
File management (Other open bugs)
1.3.x
All All
: Normal normal with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
: patch
: 3836 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-10 17:39 UTC by Nick Purvis
Modified: 2010-05-15 15:28 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
SpecialUpload.php (against HEAD and REL1_4) (577 bytes, patch)
2005-03-10 20:34 UTC, Ævar Arnfjörð Bjarmason 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Nick Purvis 2005-03-10 17:39:35 UTC 
When uploading a file which contains a . in the filename, the file extension is improperly reported 
from implode(). For example, when uploading "ADFVersion1.0.doc", the file extension is determined 
as "0.doc"
Comment 1 Ævar Arnfjörð Bjarmason 2005-03-10 20:34:05 UTC 
Created attachment 363 [details]
SpecialUpload.php (against HEAD and REL1_4)

A patch against HEAD and REL1_4 which fixes the issue.
Comment 2 Brion Vibber 2005-03-10 22:21:14 UTC 
Multiple extensions are checked to protect against multiple extension attacks, such 
as uploading "Hack.php.ogg" which would in older versions be passed as OGG but 
on some web server configurations would be interpreted as executable PHP.
Comment 3 lɛʁi לערי ריינהארט 2005-10-30 21:54:14 UTC 
*** Bug 3836 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links