On Thu, Mar 27, 2008 at 2:34 PM, raymond@svn.wikimedia.org wrote:

•           $val = trim( ini_get( 'upload_max_filesize' ) );
  

•           $last = ( substr( $val, -1 ) );
  

•           switch( $last ) {
  

switch is case-sensitive, the suffix in the config file is not. Don't you need a strtoupper() on $last?

•                   case 'G':
  

•                           $val2 = substr( $val, 0, -1 ) * 1024 * 1024 * 1024;
  

•                           break;
  

•                   case 'M':
  

•                           $val2 = substr( $val, 0, -1 ) * 1024 * 1024;
  

•                           break;
  

•                   case 'K':
  

•                           $val2 = substr( $val, 0, -1 ) * 1024;
  

•                           break;
  

•                   default:
  

•                           $val2 = $val;
  

•           }
  

•           $val2 = $wgAllowCopyUploads ? min( $wgMaxUploadSize, $val2 ) : $val2;
  

•           $maxUploadSize = wfMsgExt( 'upload-maxfilesize', 'parseinline', $wgLang->formatSize( $val2 ) );
  

You seem to be assuming that nobody is setting upload_max_filesize to an invalid value, or that if they do, PHP will somehow sanitize it so that it fits one of those cases. Is that the case? What happens if you set upload_max_filesize to "jagdajgadk" or '<span onload="alert(\'Evil!\')"></span>' or something? If this does work, you should add a comment that testing indicates that PHP seems to guarantee that a value in this form is passed.