From 9eb7a173a2e751779f382738e1b2012771b1e003 Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Fri, 12 Jun 2020 16:42:28 +0100
Subject: [PATCH] Issue #3151087 by rik-dev, dww, alexpott, Matroskeen: Replace
 use of whitelist/blacklist in file_munge_filename() and its tests

---
 core/includes/file.inc                               |  4 ++--
 .../Drupal/KernelTests/Core/File/NameMungingTest.php | 12 ++++++------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/core/includes/file.inc b/core/includes/file.inc
index 286c2202cfaa..c40851dedb90 100644
--- a/core/includes/file.inc
+++ b/core/includes/file.inc
@@ -185,7 +185,7 @@ function file_munge_filename($filename, $extensions, $alerts = TRUE) {
     // http://php.net/manual/security.filesystem.nullbytes.php
     $filename = str_replace(chr(0), '', $filename);
 
-    $whitelist = array_unique(explode(' ', strtolower(trim($extensions))));
+    $allowed_extensions = array_unique(explode(' ', strtolower(trim($extensions))));
 
     // Split the filename up by periods. The first part becomes the basename
     // the last part the final extension.
@@ -200,7 +200,7 @@ function file_munge_filename($filename, $extensions, $alerts = TRUE) {
     // of allowed extensions.
     foreach ($filename_parts as $filename_part) {
       $new_filename .= '.' . $filename_part;
-      if (!in_array(strtolower($filename_part), $whitelist) && preg_match("/^[a-zA-Z]{2,5}\d?$/", $filename_part)) {
+      if (!in_array(strtolower($filename_part), $allowed_extensions) && preg_match("/^[a-zA-Z]{2,5}\d?$/", $filename_part)) {
         $new_filename .= '_';
       }
     }
diff --git a/core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php b/core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php
index 6e1becc6f575..1e97b7a805a0 100644
--- a/core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php
+++ b/core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php
@@ -66,16 +66,16 @@ public function testMungeIgnoreInsecure() {
   }
 
   /**
-   * White listed extensions are ignored by file_munge_filename().
+   * Tests that allowed extensions are ignored by file_munge_filename().
    */
-  public function testMungeIgnoreWhitelisted() {
-    // Declare our extension as whitelisted. The declared extensions should
-    // be case insensitive so test using one with a different case.
+  public function testMungeIgnoreAllowedExtensions() {
+    // Declare that our extension is allowed. The declared extensions should be
+    // case insensitive, so test using one with a different case.
     $munged_name = file_munge_filename($this->nameWithUcExt, $this->badExtension);
-    $this->assertSame($munged_name, $this->nameWithUcExt, new FormattableMarkup('The new filename (%munged) matches the original (%original) once the extension has been whitelisted.', ['%munged' => $munged_name, '%original' => $this->nameWithUcExt]));
+    $this->assertSame($munged_name, $this->nameWithUcExt);
     // The allowed extensions should also be normalized.
     $munged_name = file_munge_filename($this->name, strtoupper($this->badExtension));
-    $this->assertSame($munged_name, $this->name, new FormattableMarkup('The new filename (%munged) matches the original (%original) also when the whitelisted extension is in uppercase.', ['%munged' => $munged_name, '%original' => $this->name]));
+    $this->assertSame($munged_name, $this->name);
   }
 
   /**
-- 
GitLab