dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
* (bug 32341) Add upload by URL domain limitation.
[lhc/web/wiklou.git] / includes / upload / UploadFromUrl.php
1 <?php
2 /**
3 * Implements uploading from a HTTP resource.
4 *
5 * @file
6 * @ingroup upload
7 * @author Bryan Tong Minh
8 * @author Michael Dale
9 */
10 class UploadFromUrl extends UploadBase {
11 protected $mAsync, $mUrl;
12 protected $mIgnoreWarnings = true;
13
14 protected $mTempPath, $mTmpHandle;
15
16 /**
17 * Checks if the user is allowed to use the upload-by-URL feature. If the
18 * user is allowed, pass on permissions checking to the parent.
19 *
20 * @param $user User
21 *
22 * @return bool
23 */
24 public static function isAllowed( $user ) {
25 if ( !$user->isAllowed( 'upload_by_url' ) ) {
26 return 'upload_by_url';
27 }
28 return parent::isAllowed( $user );
29 }
30
31 /**
32 * Checks if the upload from URL feature is enabled
33 * @return bool
34 */
35 public static function isEnabled() {
36 global $wgAllowCopyUploads;
37 return $wgAllowCopyUploads && parent::isEnabled();
38 }
39
40 /**
41 * Checks whether the URL is for an allowed host
42 *
43 * @param $url string
44 * @return bool
45 */
46 public static function isAllowedHost( $url ) {
47 global $wgCopyUploadsDomains;
48 if ( !count( $wgCopyUploadsDomains ) ) {
49 return true;
50 }
51 $valid = false;
52 foreach( $wgCopyUploadsDomains as $domain ) {
53 if ( strpos( $url, $domain ) !== false ) {
54 $valid = true;
55 break;
56 }
57 }
58 return $valid;
59 }
60
61 /**
62 * Entry point for API upload
63 *
64 * @param $name string
65 * @param $url string
66 * @param $async mixed Whether the download should be performed
67 * asynchronous. False for synchronous, async or async-leavemessage for
68 * asynchronous download.
69 */
70 public function initialize( $name, $url, $async = false ) {
71 global $wgAllowAsyncCopyUploads;
72
73 $this->mUrl = $url;
74 $this->mAsync = $wgAllowAsyncCopyUploads ? $async : false;
75 if ( $async ) {
76 throw new MWException( 'Asynchronous copy uploads are no longer possible as of r81612.' );
77 }
78
79 $tempPath = $this->mAsync ? null : $this->makeTemporaryFile();
80 # File size and removeTempFile will be filled in later
81 $this->initializePathInfo( $name, $tempPath, 0, false );
82 }
83
84 /**
85 * Entry point for SpecialUpload
86 * @param $request WebRequest object
87 */
88 public function initializeFromRequest( &$request ) {
89 $desiredDestName = $request->getText( 'wpDestFile' );
90 if ( !$desiredDestName ) {
91 $desiredDestName = $request->getText( 'wpUploadFileURL' );
92 }
93 return $this->initialize(
94 $desiredDestName,
95 trim( $request->getVal( 'wpUploadFileURL' ) ),
96 false
97 );
98 }
99
100 /**
101 * @param $request WebRequest object
102 * @return bool
103 */
104 public static function isValidRequest( $request ) {
105 global $wgUser;
106
107 $url = $request->getVal( 'wpUploadFileURL' );
108 return !empty( $url )
109 && Http::isValidURI( $url )
110 && $wgUser->isAllowed( 'upload_by_url' );
111 }
112
113 /**
114 * @return string
115 */
116 public function getSourceType() { return 'url'; }
117
118 /**
119 * @return Status
120 */
121 public function fetchFile() {
122 if ( !Http::isValidURI( $this->mUrl ) ) {
123 return Status::newFatal( 'http-invalid-url' );
124 }
125
126 if( !self::isAllowedHost( $this->mUrl ) ) {
127 return Status::newFatal( 'upload-copy-upload-invalid-domain' );
128 }
129 if ( !$this->mAsync ) {
130 return $this->reallyFetchFile();
131 }
132 return Status::newGood();
133 }
134 /**
135 * Create a new temporary file in the URL subdirectory of wfTempDir().
136 *
137 * @return string Path to the file
138 */
139 protected function makeTemporaryFile() {
140 return tempnam( wfTempDir(), 'URL' );
141 }
142
143 /**
144 * Callback: save a chunk of the result of a HTTP request to the temporary file
145 *
146 * @param $req mixed
147 * @param $buffer string
148 * @return int number of bytes handled
149 */
150 public function saveTempFileChunk( $req, $buffer ) {
151 $nbytes = fwrite( $this->mTmpHandle, $buffer );
152
153 if ( $nbytes == strlen( $buffer ) ) {
154 $this->mFileSize += $nbytes;
155 } else {
156 // Well... that's not good!
157 fclose( $this->mTmpHandle );
158 $this->mTmpHandle = false;
159 }
160
161 return $nbytes;
162 }
163
164 /**
165 * Download the file, save it to the temporary file and update the file
166 * size and set $mRemoveTempFile to true.
167 * @return Status
168 */
169 protected function reallyFetchFile() {
170 if ( $this->mTempPath === false ) {
171 return Status::newFatal( 'tmp-create-error' );
172 }
173
174 // Note the temporary file should already be created by makeTemporaryFile()
175 $this->mTmpHandle = fopen( $this->mTempPath, 'wb' );
176 if ( !$this->mTmpHandle ) {
177 return Status::newFatal( 'tmp-create-error' );
178 }
179
180 $this->mRemoveTempFile = true;
181 $this->mFileSize = 0;
182
183 $req = MWHttpRequest::factory( $this->mUrl, array(
184 'followRedirects' => true
185 ) );
186 $req->setCallback( array( $this, 'saveTempFileChunk' ) );
187 $status = $req->execute();
188
189 if ( $this->mTmpHandle ) {
190 // File got written ok...
191 fclose( $this->mTmpHandle );
192 $this->mTmpHandle = null;
193 } else {
194 // We encountered a write error during the download...
195 return Status::newFatal( 'tmp-write-error' );
196 }
197
198 if ( !$status->isOk() ) {
199 return $status;
200 }
201
202 return $status;
203 }
204
205 /**
206 * Wrapper around the parent function in order to defer verifying the
207 * upload until the file really has been fetched.
208 */
209 public function verifyUpload() {
210 if ( $this->mAsync ) {
211 return array( 'status' => UploadBase::OK );
212 }
213 return parent::verifyUpload();
214 }
215
216 /**
217 * Wrapper around the parent function in order to defer checking warnings
218 * until the file really has been fetched.
219 */
220 public function checkWarnings() {
221 if ( $this->mAsync ) {
222 $this->mIgnoreWarnings = false;
223 return array();
224 }
225 return parent::checkWarnings();
226 }
227
228 /**
229 * Wrapper around the parent function in order to defer checking protection
230 * until we are sure that the file can actually be uploaded
231 */
232 public function verifyTitlePermissions( $user ) {
233 if ( $this->mAsync ) {
234 return true;
235 }
236 return parent::verifyTitlePermissions( $user );
237 }
238
239 /**
240 * Wrapper around the parent function in order to defer uploading to the
241 * job queue for asynchronous uploads
242 */
243 public function performUpload( $comment, $pageText, $watch, $user ) {
244 if ( $this->mAsync ) {
245 $sessionKey = $this->insertJob( $comment, $pageText, $watch, $user );
246
247 return Status::newFatal( 'async', $sessionKey );
248 }
249
250 return parent::performUpload( $comment, $pageText, $watch, $user );
251 }
252
253 /**
254 * @param $comment
255 * @param $pageText
256 * @param $watch
257 * @param $user User
258 * @return
259 */
260 protected function insertJob( $comment, $pageText, $watch, $user ) {
261 $sessionKey = $this->stashSession();
262 $job = new UploadFromUrlJob( $this->getTitle(), array(
263 'url' => $this->mUrl,
264 'comment' => $comment,
265 'pageText' => $pageText,
266 'watch' => $watch,
267 'userName' => $user->getName(),
268 'leaveMessage' => $this->mAsync == 'async-leavemessage',
269 'ignoreWarnings' => $this->mIgnoreWarnings,
270 'sessionId' => session_id(),
271 'sessionKey' => $sessionKey,
272 ) );
273 $job->initializeSessionData();
274 $job->insert();
275 return $sessionKey;
276 }
277
278 }
Wiklou, le Wiki du Wiklou