From: nischayn22 Date: Thu, 23 May 2013 10:16:38 +0000 (+0530) Subject: hook to intercept upload_by_url X-Git-Tag: 1.31.0-rc.0~19131 X-Git-Url: http://git.cyclocoop.org/%24action?a=commitdiff_plain;h=50ca5a7d173329f71dd8a981e080b4eae51c4787;p=lhc%2Fweb%2Fwiklou.git hook to intercept upload_by_url This is planned to be used for intercepting by UW for Flickr blacklisting. Bug: 42307 Change-Id: Ia3daaeba1ce5e69e751ffc2ae5afd5e449cf4aa7 --- diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22 index f6c304e852..0b4a6c5b1a 100644 --- a/RELEASE-NOTES-1.22 +++ b/RELEASE-NOTES-1.22 @@ -149,6 +149,8 @@ production. right?" check is used to avoid more expensive checks. * Display "(No difference)" instead of an empty diff (when comparing revisions in the history or when previewing changes while editing). +* New hook 'IsUploadAllowedFromUrl' is added which can be used to intercept uploads by + URL, useful for blacklisting specific URLs === Bug fixes in 1.22 === * Disable Special:PasswordReset when $wgEnableEmail is false. Previously one diff --git a/docs/hooks.txt b/docs/hooks.txt index 99676669b2..84cc820c30 100644 --- a/docs/hooks.txt +++ b/docs/hooks.txt @@ -1360,6 +1360,10 @@ $article: article (object) being checked $ip: IP being check $result: Change this value to override the result of wfIsTrustedProxy() +'IsUploadAllowedFromUrl': Override the result of UploadFromUrl::isAllowedUrl() +$url: URL used to upload from +&$allowed: Boolean indicating if uploading is allowed for given URL + 'isValidEmailAddr': Override the result of User::isValidEmailAddr(), for instance to return false if the domain name doesn't match your organization. $addr: The e-mail address entered by the user diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index 8f5185a415..2e6846d508 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -1404,6 +1404,7 @@ abstract class ApiBase extends ContextSource { 'uploaddisabled' => array( 'code' => 'uploaddisabled', 'info' => 'Uploads are not enabled. Make sure $wgEnableUploads is set to true in LocalSettings.php and the PHP ini setting file_uploads is true' ), 'copyuploaddisabled' => array( 'code' => 'copyuploaddisabled', 'info' => 'Uploads by URL is not enabled. Make sure $wgAllowCopyUploads is set to true in LocalSettings.php.' ), 'copyuploadbaddomain' => array( 'code' => 'copyuploadbaddomain', 'info' => 'Uploads by URL are not allowed from this domain.' ), + 'copyuploadbadurl' => array( 'code' => 'copyuploadbadurl', 'info' => 'Upload not allowed from this URL.' ), 'filename-tooshort' => array( 'code' => 'filename-tooshort', 'info' => 'The filename is too short' ), 'filename-toolong' => array( 'code' => 'filename-toolong', 'info' => 'The filename is too long' ), diff --git a/includes/api/ApiUpload.php b/includes/api/ApiUpload.php index 34741b553b..b903a62811 100644 --- a/includes/api/ApiUpload.php +++ b/includes/api/ApiUpload.php @@ -410,6 +410,10 @@ class ApiUpload extends ApiBase { $this->dieUsageMsg( 'copyuploadbaddomain' ); } + if ( !UploadFromUrl::isAllowedUrl( $this->mParams['url'] ) ) { + $this->dieUsageMsg( 'copyuploadbadurl' ); + } + $async = false; if ( $this->mParams['asyncdownload'] ) { $this->checkAsyncDownloadEnabled(); diff --git a/includes/upload/UploadFromUrl.php b/includes/upload/UploadFromUrl.php index c99feefd51..a4374f3f68 100644 --- a/includes/upload/UploadFromUrl.php +++ b/includes/upload/UploadFromUrl.php @@ -34,6 +34,8 @@ class UploadFromUrl extends UploadBase { protected $mTempPath, $mTmpHandle; + protected static $allowedUrls = array(); + /** * Checks if the user is allowed to use the upload-by-URL feature. If the * user is not allowed, return the name of the user right as a string. If @@ -104,6 +106,21 @@ class UploadFromUrl extends UploadBase { return $valid; } + /** + * Checks whether the URL is not allowed. + * + * @param $url string + * @return bool + */ + public static function isAllowedUrl( $url ) { + if ( !isset( self::$allowedUrls[$url] ) ) { + $allowed = true; + wfRunHooks( 'IsUploadAllowedFromUrl', array( $url, &$allowed ) ); + self::$allowedUrls[$url] = $allowed; + } + return self::$allowedUrls[$url]; + } + /** * Entry point for API upload * @@ -175,6 +192,9 @@ class UploadFromUrl extends UploadBase { if ( !self::isAllowedHost( $this->mUrl ) ) { return Status::newFatal( 'upload-copy-upload-invalid-domain' ); } + if ( !self::isAllowedUrl( $this->mUrl ) ) { + return Status::newFatal( 'upload-copy-upload-invalid-url' ); + } if ( !$this->mAsync ) { return $this->reallyFetchFile(); }