Page MenuHomePhabricator
Create Task
Maniphest T3681

File extension is improperly parsed when filename contains a dot
Closed, InvalidPublic
Actions

Description

Author: nep

Description:
When uploading a file which contains a . in the filename, the file extension is improperly reported
from implode(). For example, when uploading "ADFVersion1.0.doc", the file extension is determined
as "0.doc"

Version: 1.3.x
Severity: normal

Details

Reference
bz1681

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 8:16 PM
bzimport added a project: MediaWiki-File-management.
bzimport set Reference to bz1681.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Mar 10 2005, 5:39 PM
bzimport added a comment.Mar 10 2005, 8:34 PM

avarab wrote:

SpecialUpload.php (against HEAD and REL1_4)

A patch against HEAD and REL1_4 which fixes the issue.

Attached:

SpecialUpload.php.patch577 BDownload

brion added a comment.Mar 10 2005, 10:21 PM

Multiple extensions are checked to protect against multiple extension attacks, such
as uploading "Hack.php.ogg" which would in older versions be passed as OGG but
on some web server configurations would be interpreted as executable PHP.

bzimport added a comment.Oct 30 2005, 9:54 PM

gangleri wrote:

*** Bug 3836 has been marked as a duplicate of this bug. ***

Gilles added a project: Multimedia.Dec 4 2014, 10:46 AM
Gilles moved this task from Untriaged to Done on the Multimedia board.Dec 4 2014, 10:48 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL