* Bryan Tong Minh <bryan.tongminh(a)gmail.com> [Wed, 3 Nov 2010 11:22:26
+0100]:
On Wed, Nov 3, 2010 at 11:14 AM, Dmitriy Sintsov
<questpc(a)rambler.ru>
wrote:
In ideal
world, there probably should be no direct access to $_FILES[] and
usage
of is_uploaded_file(), but all of these calls
should be encapsulated
into WebRequest class, imo.
As off r70037 and follow-ups, this has been possible.
http://www.mediawiki.org/wiki/Special:Code/MediaWiki/70037
Ah, I didn't knew that. The customers still mostly run 1.15.x so I am
not checking the trunk very often. I should take a look at that new
class. Btw, I don't see is_uploaded_file() check against "$_FILES[]
injection" in the code, is that secure? Or, perhaps it already was
somewhere else. But, FauxRequest would not require it, of course.
Dmitriy