Page MenuHomePhabricator
Create Task
Maniphest T18876

cleanupImages.php should enforce same file naming rules as UploadBase
Open, LowPublicFeature
Actions

Description

Currently, the maintenance/cleanupImages.php script will happily move files to names that would not be permitted for new uploads. Most glaringly, the current implementation of ImageCleanup::buildSafeTitle() may deliberately insert backslashes into file names, even though wfBaseName(), as called from UploadBase::getTitle() via wfStripIllegalFilenameChars(), explicitly says that "we don't want \s in our [...] paths".

Version: 1.24rc
Severity: enhancement

Details

Reference
bz16876

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 10:29 PM
bzimport added a project: MediaWiki-Maintenance-system.
bzimport set Reference to bz16876.
bzimport added a subscriber: Unknown Object (MLST).
Ilmari_Karonen created this task.Jan 4 2009, 2:44 AM
Aklapper added a comment.Aug 22 2014, 12:32 PM

Confirming that ./includes/upload/UploadBase.php calls wfStripIllegalFilenameChars while ./maintenance/cleanupImages.php does not.

Aklapper changed the subtype of this task from "Task" to "Feature Request".Feb 4 2022, 11:01 AM
Aklapper removed a subscriber: wikibugs-l-list.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL