From: Tim Starling Date: Mon, 1 Sep 2008 08:09:16 +0000 (+0000) Subject: Rename UploadFromBase to UploadBase. It's best to use English rather than inventing... X-Git-Tag: 1.31.0-rc.0~45534 X-Git-Url: http://git.cyclocoop.org/%24action?a=commitdiff_plain;h=c39da5210af13b8870556bb9b01704986a2b72b4;p=lhc%2Fweb%2Fwiklou.git Rename UploadFromBase to UploadBase. It's best to use English rather than inventing our own language. --- diff --git a/includes/AutoLoader.php b/includes/AutoLoader.php index 50e9276879..6ae1045a97 100644 --- a/includes/AutoLoader.php +++ b/includes/AutoLoader.php @@ -188,7 +188,7 @@ $wgAutoloadLocalClasses = array( 'TransformParameterError' => 'includes/MediaTransformOutput.php', 'TurckBagOStuff' => 'includes/BagOStuff.php', 'UnlistedSpecialPage' => 'includes/SpecialPage.php', - 'UploadFromBase' => 'includes/UploadFromBase.php', + 'UploadBase' => 'includes/UploadBase.php', 'UploadFromStash' => 'includes/UploadFromStash.php', 'UploadFromUpload' => 'includes/UploadFromUpload.php', 'UploadFromUrl' => 'includes/UploadFromUrl.php', diff --git a/includes/UploadBase.php b/includes/UploadBase.php new file mode 100644 index 0000000000..58f78cc171 --- /dev/null +++ b/includes/UploadBase.php @@ -0,0 +1,813 @@ +isAllowed( 'upload' ) ) + return 'upload'; + return true; + } + + function __construct( $name ) { + $this->mDesiredDestName = $name; + } + + + function verifyUpload( &$resultDetails ) { + global $wgUser; + + /** + * If there was no filename or a zero size given, give up quick. + */ + if( empty( $this->mFileSize ) ) { + return self::EMPTY_FILE; + } + + $nt = $this->getTitle(); + if( is_null( $nt ) ) { + if( $this->mTitleError == self::ILLEGAL_FILENAME ) + $resultDetails = array( 'filtered' => $this->mFilteredName ); + if ( $this->mTitleError == self::FILETYPE_BADTYPE ) + $resultDetails = array( 'finalExt' => $this->mFinalExtension ); + return $this->mTitleError; + } + $this->mLocalFile = wfLocalFile( $nt ); + $this->mDestName = $this->mLocalFile->getName(); + + /** + * In some cases we may forbid overwriting of existing files. + */ + $overwrite = $this->checkOverwrite( $this->mDestName ); + if( $overwrite !== true ) { + $resultDetails = array( 'overwrite' => $overwrite ); + return self::OVERWRITE_EXISTING_FILE; + } + + /** + * Look at the contents of the file; if we can recognize the + * type but it's corrupt or data of the wrong type, we should + * probably not accept it. + */ + $veri = $this->verifyFile( $this->mTempPath ); + + if( $veri !== true ) { + if( !is_array( $veri ) ) + $veri = array( $veri ); + $resultDetails = array( 'veri' => $veri ); + return self::VERIFICATION_ERROR; + } + + $error = ''; + if( !wfRunHooks( 'UploadVerification', + array( $this->mDestName, $this->mTempPath, &$error ) ) ) { + $resultDetails = array( 'error' => $error ); + return self::UPLOAD_VERIFICATION_ERROR; + } + + return self::OK; + } + + /** + * Verifies that it's ok to include the uploaded file + * + * @param string $tmpfile the full path of the temporary file to verify + * @param string $extension The filename extension that the file is to be served with + * @return mixed true of the file is verified, a WikiError object otherwise. + */ + protected function verifyFile( $tmpfile ) { + $this->mFileProps = File::getPropsFromPath( $this->mTempPath, + $this->mFinalExtension ); + $this->checkMacBinary(); + + #magically determine mime type + $magic = MimeMagic::singleton(); + $mime = $magic->guessMimeType( $tmpfile, false ); + + #check mime type, if desired + global $wgVerifyMimeType; + if ( $wgVerifyMimeType ) { + + wfDebug ( "\n\nmime: <$mime> extension: <{$this->mFinalExtension}>\n\n"); + #check mime type against file extension + if( !self::verifyExtension( $mime, $this->mFinalExtension ) ) { + return 'uploadcorrupt'; + } + + #check mime type blacklist + global $wgMimeTypeBlacklist; + if( isset($wgMimeTypeBlacklist) && !is_null($wgMimeTypeBlacklist) + && $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) { + return array( 'filetype-badmime', $mime ); + } + } + + #check for htmlish code and javascript + if( $this->detectScript ( $tmpfile, $mime, $this->mFinalExtension ) ) { + return 'uploadscripted'; + } + + /** + * Scan the uploaded file for viruses + */ + $virus = $this->detectVirus($tmpfile); + if ( $virus ) { + return array( 'uploadvirus', $virus ); + } + + wfDebug( __METHOD__.": all clear; passing.\n" ); + return true; + } + + function verifyPermissions( $user ) { + /** + * If the image is protected, non-sysop users won't be able + * to modify it by uploading a new revision. + */ + $nt = $this->getTitle(); + if( is_null( $nt ) ) + return true; + $permErrors = $nt->getUserPermissionsErrors( 'edit', $user ); + $permErrorsUpload = $nt->getUserPermissionsErrors( 'upload', $user ); + $permErrorsCreate = ( $nt->exists() ? array() : $nt->getUserPermissionsErrors( 'create', $user ) ); + if( $permErrors || $permErrorsUpload || $permErrorsCreate ) { + $permErrors = array_merge( $permErrors, wfArrayDiff2( $permErrorsUpload, $permErrors ) ); + $permErrors = array_merge( $permErrors, wfArrayDiff2( $permErrorsCreate, $permErrors ) ); + return $permErrors; + } + return true; + } + + function checkWarnings() { + $warning = array(); + + $filename = $this->mLocalFile->getName(); + $n = strrpos( $filename, '.' ); + $partname = $n ? substr( $filename, 0, $n ) : $filename; + + global $wgCapitalLinks; + if( $this->mDesiredDestName != $filename ) + // Use mFilteredName so that we don't have to bother about spaces + $warning['badfilename'] = $filename; + + global $wgCheckFileExtensions, $wgFileExtensions; + if ( $wgCheckFileExtensions ) { + if ( !$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) + $warning['filetype-unwanted-type'] = $this->mFinalExtension; + } + + global $wgUploadSizeWarning; + if ( $wgUploadSizeWarning && ( $this->mFileSize > $wgUploadSizeWarning ) ) + $warning['large-file'] = $wgUploadSizeWarning; + + if ( $this->mFileSize == 0 ) + $warning['emptyfile'] = true; + + $exists = self::getExistsWarning( $this->mLocalFile ); + if( $exists !== false ) + $warning['exists'] = $exists; + + + if( $exists !== false && $exists[0] != 'thumb' + && self::isThumbName( $this->mLocalFile->getName() ) ) + $warning['file-thumbnail-no'] = substr( $filename , 0, + strpos( $nt->getText() , '-' ) +1 ); + + $hash = File::sha1Base36( $this->mTempPath ); + $dupes = RepoGroup::singleton()->findBySha1( $hash ); + if( $dupes ) + $warning['duplicate'] = $dupes; + + $filenamePrefixBlacklist = self::getFilenamePrefixBlacklist(); + foreach( $filenamePrefixBlacklist as $prefix ) { + if ( substr( $partname, 0, strlen( $prefix ) ) == $prefix ) { + $warning['filename-bad-prefix'] = $prefix; + break; + } + } + + # If the file existed before and was deleted, warn the user of this + # Don't bother doing so if the file exists now, however + if( $this->mLocalFile->wasDeleted() && !$this->mLocalFile->exists() ) + $warning['filewasdeleted'] = $this->mLocalFile->getTitle(); + + return $warning; + } + + function performUpload( $comment, $pageText, $watch, $user ) { + $status = $this->mLocalFile->upload( $this->mTempPath, $comment, $pageText, + File::DELETE_SOURCE, $this->mFileProps, false, $user ); + + if( $status->isGood() && $watch ) { + $user->addWatch( $this->mLocalFile->getTitle() ); + } + + if( $status->isGood() ) + wfRunHooks( 'UploadComplete', array( &$this ) ); + + return $status; + } + + /** + * Returns a title or null + */ + function getTitle() { + if ( $this->mTitle !== false ) + return $this->mTitle; + + /** + * Chop off any directories in the given filename. Then + * filter out illegal characters, and try to make a legible name + * out of it. We'll strip some silently that Title would die on. + */ + + $basename = $this->mDesiredDestName; + + $this->mFilteredName = wfStripIllegalFilenameChars( $basename ); + + /** + * We'll want to blacklist against *any* 'extension', and use + * only the final one for the whitelist. + */ + list( $partname, $ext ) = $this->splitExtensions( $this->mFilteredName ); + + if( count( $ext ) ) { + $this->mFinalExtension = $ext[count( $ext ) - 1]; + } else { + $this->mFinalExtension = ''; + } + + /* Don't allow users to override the blacklist (check file extension) */ + global $wgCheckFileExtensions, $wgStrictFileExtensions; + global $wgFileExtensions, $wgFileBlacklist; + if ( $this->mFinalExtension == '' ) { + $this->mTitleError = self::FILETYPE_MISSING; + return $this->mTitle = null; + } elseif ( $this->checkFileExtensionList( $ext, $wgFileBlacklist ) || + ( $wgCheckFileExtensions && $wgStrictFileExtensions && + !$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) ) { + $this->mTitleError = self::FILETYPE_BADTYPE; + return $this->mTitle = null; + } + + # If there was more than one "extension", reassemble the base + # filename to prevent bogus complaints about length + if( count( $ext ) > 1 ) { + for( $i = 0; $i < count( $ext ) - 1; $i++ ) + $partname .= '.' . $ext[$i]; + } + + if( strlen( $partname ) < 1 ) { + $this->mTitleError = self::MIN_LENGTH_PARTNAME; + return $this->mTitle = null; + } + + $nt = Title::makeTitleSafe( NS_IMAGE, $this->mFilteredName ); + if( is_null( $nt ) ) { + $this->mTitleError = self::ILLEGAL_FILENAME; + return $this->mTitle = null; + } + return $this->mTitle = $nt; + } + + function getLocalFile() { + if( is_null( $this->mLocalFile ) ) { + $nt = $this->getTitle(); + $this->mLocalFile = is_null( $nt ) ? null : wfLocalFile( $nt ); + } + return $this->mLocalFile; + } + + /** + * Stash a file in a temporary directory for later processing + * after the user has confirmed it. + * + * If the user doesn't explicitly cancel or accept, these files + * can accumulate in the temp directory. + * + * @param string $saveName - the destination filename + * @param string $tempName - the source temporary file to save + * @return string - full path the stashed file, or false on failure + * @access private + */ + function saveTempUploadedFile( $saveName, $tempName ) { + global $wgOut; + $repo = RepoGroup::singleton()->getLocalRepo(); + $status = $repo->storeTemp( $saveName, $tempName ); + if ( !$status->isGood() ) { + $this->showError( $status->getWikiText() ); + return false; + } else { + return $status->value; + } + } + + /** + * Stash a file in a temporary directory for later processing, + * and save the necessary descriptive info into the session. + * Returns a key value which will be passed through a form + * to pick up the path info on a later invocation. + * + * @return int + * @access private + */ + function stashSession() { + $stash = $this->saveTempUploadedFile( $this->mDestName, $this->mTempPath ); + + if( !$stash ) { + # Couldn't save the file. + return false; + } + + $key = mt_rand( 0, 0x7fffffff ); + $_SESSION['wsUploadData'][$key] = array( + 'mTempPath' => $stash, + 'mFileSize' => $this->mFileSize, + 'mSrcName' => $this->mSrcName, + 'mFileProps' => $this->mFileProps, + 'version' => self::SESSION_VERSION, + ); + return $key; + } + + /** + * Remove a temporarily kept file stashed by saveTempUploadedFile(). + * @return success + */ + function unsaveUploadedFile() { + $repo = RepoGroup::singleton()->getLocalRepo(); + $success = $repo->freeTemp( $this->mTempPath ); + return $success; + } + + /** + * If we've modified the upload file we need to manually remove it + * on exit to clean up. + * @access private + */ + function cleanupTempFile() { + if ( $this->mRemoveTempFile && file_exists( $this->mTempPath ) ) { + wfDebug( __METHOD__.": Removing temporary file {$this->mTempPath}\n" ); + unlink( $this->mTempPath ); + } + } + + function getTempPath() { + return $this->mTempPath; + } + + + /** + * Split a file into a base name and all dot-delimited 'extensions' + * on the end. Some web server configurations will fall back to + * earlier pseudo-'extensions' to determine type and execute + * scripts, so the blacklist needs to check them all. + * + * @return array + */ + function splitExtensions( $filename ) { + $bits = explode( '.', $filename ); + $basename = array_shift( $bits ); + return array( $basename, $bits ); + } + + /** + * Perform case-insensitive match against a list of file extensions. + * Returns true if the extension is in the list. + * + * @param string $ext + * @param array $list + * @return bool + */ + function checkFileExtension( $ext, $list ) { + return in_array( strtolower( $ext ), $list ); + } + + /** + * Perform case-insensitive match against a list of file extensions. + * Returns true if any of the extensions are in the list. + * + * @param array $ext + * @param array $list + * @return bool + */ + function checkFileExtensionList( $ext, $list ) { + foreach( $ext as $e ) { + if( in_array( strtolower( $e ), $list ) ) { + return true; + } + } + return false; + } + + + /** + * Checks if the mime type of the uploaded file matches the file extension. + * + * @param string $mime the mime type of the uploaded file + * @param string $extension The filename extension that the file is to be served with + * @return bool + */ + public static function verifyExtension( $mime, $extension ) { + $magic = MimeMagic::singleton(); + + if ( ! $mime || $mime == 'unknown' || $mime == 'unknown/unknown' ) + if ( ! $magic->isRecognizableExtension( $extension ) ) { + wfDebug( __METHOD__.": passing file with unknown detected mime type; " . + "unrecognized extension '$extension', can't verify\n" ); + return true; + } else { + wfDebug( __METHOD__.": rejecting file with unknown detected mime type; ". + "recognized extension '$extension', so probably invalid file\n" ); + return false; + } + + $match= $magic->isMatchingExtension($extension,$mime); + + if ($match===NULL) { + wfDebug( __METHOD__.": no file extension known for mime type $mime, passing file\n" ); + return true; + } elseif ($match===true) { + wfDebug( __METHOD__.": mime type $mime matches extension $extension, passing file\n" ); + + #TODO: if it's a bitmap, make sure PHP or ImageMagic resp. can handle it! + return true; + + } else { + wfDebug( __METHOD__.": mime type $mime mismatches file extension $extension, rejecting file\n" ); + return false; + } + } + + /** + * Heuristic for detecting files that *could* contain JavaScript instructions or + * things that may look like HTML to a browser and are thus + * potentially harmful. The present implementation will produce false positives in some situations. + * + * @param string $file Pathname to the temporary upload file + * @param string $mime The mime type of the file + * @param string $extension The extension of the file + * @return bool true if the file contains something looking like embedded scripts + */ + function detectScript($file, $mime, $extension) { + global $wgAllowTitlesInSVG; + + #ugly hack: for text files, always look at the entire file. + #For binary field, just check the first K. + + if (strpos($mime,'text/')===0) $chunk = file_get_contents( $file ); + else { + $fp = fopen( $file, 'rb' ); + $chunk = fread( $fp, 1024 ); + fclose( $fp ); + } + + $chunk= strtolower( $chunk ); + + if (!$chunk) return false; + + #decode from UTF-16 if needed (could be used for obfuscation). + if (substr($chunk,0,2)=="\xfe\xff") $enc= "UTF-16BE"; + elseif (substr($chunk,0,2)=="\xff\xfe") $enc= "UTF-16LE"; + else $enc= NULL; + + if ($enc) $chunk= iconv($enc,"ASCII//IGNORE",$chunk); + + $chunk= trim($chunk); + + #FIXME: convert from UTF-16 if necessarry! + + wfDebug("SpecialUpload::detectScript: checking for embedded scripts and HTML stuff\n"); + + #check for HTML doctype + if (eregi("wrapWikiMsg( '
$1
', array( 'virus-badscanner', $wgAntivirus ) ); + return wfMsg('virus-unknownscanner') . " $wgAntivirus"; + } + + # look up scanner configuration + $command = $wgAntivirusSetup[$wgAntivirus]["command"]; + $exitCodeMap = $wgAntivirusSetup[$wgAntivirus]["codemap"]; + $msgPattern = isset( $wgAntivirusSetup[$wgAntivirus]["messagepattern"] ) ? + $wgAntivirusSetup[$wgAntivirus]["messagepattern"] : null; + + if ( strpos( $command,"%f" ) === false ) { + # simple pattern: append file to scan + $command .= " " . wfEscapeShellArg( $file ); + } else { + # complex pattern: replace "%f" with file to scan + $command = str_replace( "%f", wfEscapeShellArg( $file ), $command ); + } + + wfDebug( __METHOD__.": running virus scan: $command \n" ); + + # execute virus scanner + $exitCode = false; + + #NOTE: there's a 50 line workaround to make stderr redirection work on windows, too. + # that does not seem to be worth the pain. + # Ask me (Duesentrieb) about it if it's ever needed. + $output = array(); + if ( wfIsWindows() ) { + exec( "$command", $output, $exitCode ); + } else { + exec( "$command 2>&1", $output, $exitCode ); + } + + # map exit code to AV_xxx constants. + $mappedCode = $exitCode; + if ( $exitCodeMap ) { + if ( isset( $exitCodeMap[$exitCode] ) ) { + $mappedCode = $exitCodeMap[$exitCode]; + } elseif ( isset( $exitCodeMap["*"] ) ) { + $mappedCode = $exitCodeMap["*"]; + } + } + + if ( $mappedCode === AV_SCAN_FAILED ) { + # scan failed (code was mapped to false by $exitCodeMap) + wfDebug( __METHOD__.": failed to scan $file (code $exitCode).\n" ); + + if ( $wgAntivirusRequired ) { + return wfMsg('virus-scanfailed', array( $exitCode ) ); + } else { + return NULL; + } + } else if ( $mappedCode === AV_SCAN_ABORTED ) { + # scan failed because filetype is unknown (probably imune) + wfDebug( __METHOD__.": unsupported file type $file (code $exitCode).\n" ); + return NULL; + } else if ( $mappedCode === AV_NO_VIRUS ) { + # no virus found + wfDebug( __METHOD__.": file passed virus scan.\n" ); + return false; + } else { + $output = join( "\n", $output ); + $output = trim( $output ); + + if ( !$output ) { + $output = true; #if there's no output, return true + } elseif ( $msgPattern ) { + $groups = array(); + if ( preg_match( $msgPattern, $output, $groups ) ) { + if ( $groups[1] ) { + $output = $groups[1]; + } + } + } + + wfDebug( __METHOD__.": FOUND VIRUS! scanner feedback: $output" ); + return $output; + } + } + + /** + * Check if the temporary file is MacBinary-encoded, as some uploads + * from Internet Explorer on Mac OS Classic and Mac OS X will be. + * If so, the data fork will be extracted to a second temporary file, + * which will then be checked for validity and either kept or discarded. + * + * @access private + */ + function checkMacBinary() { + $macbin = new MacBinary( $this->mTempPath ); + if( $macbin->isValid() ) { + $dataFile = tempnam( wfTempDir(), "WikiMacBinary" ); + $dataHandle = fopen( $dataFile, 'wb' ); + + wfDebug( "SpecialUpload::checkMacBinary: Extracting MacBinary data fork to $dataFile\n" ); + $macbin->extractData( $dataHandle ); + + $this->mTempPath = $dataFile; + $this->mFileSize = $macbin->dataForkLength(); + + // We'll have to manually remove the new file if it's not kept. + $this->mRemoveTempFile = true; + } + $macbin->close(); + } + + /** + * Check if there's an overwrite conflict and, if so, if restrictions + * forbid this user from performing the upload. + * + * @return mixed true on success, WikiError on failure + * @access private + */ + function checkOverwrite() { + global $wgUser; + // First check whether the local file can be overwritten + if( $this->mLocalFile->exists() ) + if( !self::userCanReUpload( $wgUser, $this->mLocalFile ) ) + return 'fileexists-forbidden'; + + // Check shared conflicts + $file = wfFindFile( $this->mLocalFile->getName() ); + if ( $file && ( !$wgUser->isAllowed( 'reupload' ) || + !$wgUser->isAllowed( 'reupload-shared' ) ) ) + return 'fileexists-shared-forbidden'; + + return true; + + } + + /** + * Check if a user is the last uploader + * + * @param User $user + * @param string $img, image name + * @return bool + */ + public static function userCanReUpload( User $user, $img ) { + if( $user->isAllowed( 'reupload' ) ) + return true; // non-conditional + if( !$user->isAllowed( 'reupload-own' ) ) + return false; + if( is_string( $img ) ) + $img = wfLocalFile( $img ); + if ( !( $img instanceof LocalFile ) ) + return false; + + return $user->getId() == $img->getUser( 'id' ); + } + + public static function getExistsWarning( $file ) { + if( $file->exists() ) + return array( 'exists', $file ); + + if( $file->getTitle()->getArticleID() ) + return array( 'page-exists', $file ); + + if( strpos( $file->getName(), '.' ) == false ) { + $partname = $file->getName(); + $rawExtension = ''; + } else { + $n = strrpos( $file->getName(), '.' ); + $rawExtension = substr( $file->getName(), $n + 1 ); + $partname = substr( $file->getName(), 0, $n ); + } + + if ( $rawExtension != $file->getExtension() ) { + // We're not using the normalized form of the extension. + // Normal form is lowercase, using most common of alternate + // extensions (eg 'jpg' rather than 'JPEG'). + // + // Check for another file using the normalized form... + $nt_lc = Title::makeTitle( NS_IMAGE, $partname . '.' . $file->getExtension() ); + $file_lc = wfLocalFile( $nt_lc ); + + if( $file_lc->exists() ) + return array( 'exists-normalized', $file_lc ); + } + + if ( self::isThumbName( $file->getName() ) ) { + # Check for filenames like 50px- or 180px-, these are mostly thumbnails + $nt_thb = Title::newFromText( substr( $partname , strpos( $partname , '-' ) +1 ) . '.' . $rawExtension ); + $file_thb = wfLocalFile( $nt_thb ); + if( $file_thb->exists() ) + return array( 'thumb', $file_thb ); + } + + return false; + } + + public static function isThumbName( $filename ) { + $n = strrpos( $filename, '.' ); + $partname = $n ? substr( $filename, 0, $n ) : $filename; + return ( + substr( $partname , 3, 3 ) == 'px-' || + substr( $partname , 2, 3 ) == 'px-' + ) && + ereg( "[0-9]{2}" , substr( $partname , 0, 2) ); + } + + /** + * Get a list of blacklisted filename prefixes from [[MediaWiki:filename-prefix-blacklist]] + * + * @return array list of prefixes + */ + public static function getFilenamePrefixBlacklist() { + $blacklist = array(); + $message = wfMsgForContent( 'filename-prefix-blacklist' ); + if( $message && !( wfEmptyMsg( 'filename-prefix-blacklist', $message ) || $message == '-' ) ) { + $lines = explode( "\n", $message ); + foreach( $lines as $line ) { + // Remove comment lines + $comment = substr( trim( $line ), 0, 1 ); + if ( $comment == '#' || $comment == '' ) { + continue; + } + // Remove additional comments after a prefix + $comment = strpos( $line, '#' ); + if ( $comment > 0 ) { + $line = substr( $line, 0, $comment-1 ); + } + $blacklist[] = trim( $line ); + } + } + return $blacklist; + } + + +} diff --git a/includes/UploadFromBase.php b/includes/UploadFromBase.php deleted file mode 100644 index b0fa6cb9ad..0000000000 --- a/includes/UploadFromBase.php +++ /dev/null @@ -1,813 +0,0 @@ -isAllowed( 'upload' ) ) - return 'upload'; - return true; - } - - function __construct( $name ) { - $this->mDesiredDestName = $name; - } - - - function verifyUpload( &$resultDetails ) { - global $wgUser; - - /** - * If there was no filename or a zero size given, give up quick. - */ - if( empty( $this->mFileSize ) ) { - return self::EMPTY_FILE; - } - - $nt = $this->getTitle(); - if( is_null( $nt ) ) { - if( $this->mTitleError == self::ILLEGAL_FILENAME ) - $resultDetails = array( 'filtered' => $this->mFilteredName ); - if ( $this->mTitleError == self::FILETYPE_BADTYPE ) - $resultDetails = array( 'finalExt' => $this->mFinalExtension ); - return $this->mTitleError; - } - $this->mLocalFile = wfLocalFile( $nt ); - $this->mDestName = $this->mLocalFile->getName(); - - /** - * In some cases we may forbid overwriting of existing files. - */ - $overwrite = $this->checkOverwrite( $this->mDestName ); - if( $overwrite !== true ) { - $resultDetails = array( 'overwrite' => $overwrite ); - return self::OVERWRITE_EXISTING_FILE; - } - - /** - * Look at the contents of the file; if we can recognize the - * type but it's corrupt or data of the wrong type, we should - * probably not accept it. - */ - $veri = $this->verifyFile( $this->mTempPath ); - - if( $veri !== true ) { - if( !is_array( $veri ) ) - $veri = array( $veri ); - $resultDetails = array( 'veri' => $veri ); - return self::VERIFICATION_ERROR; - } - - $error = ''; - if( !wfRunHooks( 'UploadVerification', - array( $this->mDestName, $this->mTempPath, &$error ) ) ) { - $resultDetails = array( 'error' => $error ); - return self::UPLOAD_VERIFICATION_ERROR; - } - - return self::OK; - } - - /** - * Verifies that it's ok to include the uploaded file - * - * @param string $tmpfile the full path of the temporary file to verify - * @param string $extension The filename extension that the file is to be served with - * @return mixed true of the file is verified, a WikiError object otherwise. - */ - protected function verifyFile( $tmpfile ) { - $this->mFileProps = File::getPropsFromPath( $this->mTempPath, - $this->mFinalExtension ); - $this->checkMacBinary(); - - #magically determine mime type - $magic = MimeMagic::singleton(); - $mime = $magic->guessMimeType( $tmpfile, false ); - - #check mime type, if desired - global $wgVerifyMimeType; - if ( $wgVerifyMimeType ) { - - wfDebug ( "\n\nmime: <$mime> extension: <{$this->mFinalExtension}>\n\n"); - #check mime type against file extension - if( !self::verifyExtension( $mime, $this->mFinalExtension ) ) { - return 'uploadcorrupt'; - } - - #check mime type blacklist - global $wgMimeTypeBlacklist; - if( isset($wgMimeTypeBlacklist) && !is_null($wgMimeTypeBlacklist) - && $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) { - return array( 'filetype-badmime', $mime ); - } - } - - #check for htmlish code and javascript - if( $this->detectScript ( $tmpfile, $mime, $this->mFinalExtension ) ) { - return 'uploadscripted'; - } - - /** - * Scan the uploaded file for viruses - */ - $virus = $this->detectVirus($tmpfile); - if ( $virus ) { - return array( 'uploadvirus', $virus ); - } - - wfDebug( __METHOD__.": all clear; passing.\n" ); - return true; - } - - function verifyPermissions( $user ) { - /** - * If the image is protected, non-sysop users won't be able - * to modify it by uploading a new revision. - */ - $nt = $this->getTitle(); - if( is_null( $nt ) ) - return true; - $permErrors = $nt->getUserPermissionsErrors( 'edit', $user ); - $permErrorsUpload = $nt->getUserPermissionsErrors( 'upload', $user ); - $permErrorsCreate = ( $nt->exists() ? array() : $nt->getUserPermissionsErrors( 'create', $user ) ); - if( $permErrors || $permErrorsUpload || $permErrorsCreate ) { - $permErrors = array_merge( $permErrors, wfArrayDiff2( $permErrorsUpload, $permErrors ) ); - $permErrors = array_merge( $permErrors, wfArrayDiff2( $permErrorsCreate, $permErrors ) ); - return $permErrors; - } - return true; - } - - function checkWarnings() { - $warning = array(); - - $filename = $this->mLocalFile->getName(); - $n = strrpos( $filename, '.' ); - $partname = $n ? substr( $filename, 0, $n ) : $filename; - - global $wgCapitalLinks; - if( $this->mDesiredDestName != $filename ) - // Use mFilteredName so that we don't have to bother about spaces - $warning['badfilename'] = $filename; - - global $wgCheckFileExtensions, $wgFileExtensions; - if ( $wgCheckFileExtensions ) { - if ( !$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) - $warning['filetype-unwanted-type'] = $this->mFinalExtension; - } - - global $wgUploadSizeWarning; - if ( $wgUploadSizeWarning && ( $this->mFileSize > $wgUploadSizeWarning ) ) - $warning['large-file'] = $wgUploadSizeWarning; - - if ( $this->mFileSize == 0 ) - $warning['emptyfile'] = true; - - $exists = self::getExistsWarning( $this->mLocalFile ); - if( $exists !== false ) - $warning['exists'] = $exists; - - - if( $exists !== false && $exists[0] != 'thumb' - && self::isThumbName( $this->mLocalFile->getName() ) ) - $warning['file-thumbnail-no'] = substr( $filename , 0, - strpos( $nt->getText() , '-' ) +1 ); - - $hash = File::sha1Base36( $this->mTempPath ); - $dupes = RepoGroup::singleton()->findBySha1( $hash ); - if( $dupes ) - $warning['duplicate'] = $dupes; - - $filenamePrefixBlacklist = self::getFilenamePrefixBlacklist(); - foreach( $filenamePrefixBlacklist as $prefix ) { - if ( substr( $partname, 0, strlen( $prefix ) ) == $prefix ) { - $warning['filename-bad-prefix'] = $prefix; - break; - } - } - - # If the file existed before and was deleted, warn the user of this - # Don't bother doing so if the file exists now, however - if( $this->mLocalFile->wasDeleted() && !$this->mLocalFile->exists() ) - $warning['filewasdeleted'] = $this->mLocalFile->getTitle(); - - return $warning; - } - - function performUpload( $comment, $pageText, $watch, $user ) { - $status = $this->mLocalFile->upload( $this->mTempPath, $comment, $pageText, - File::DELETE_SOURCE, $this->mFileProps, false, $user ); - - if( $status->isGood() && $watch ) { - $user->addWatch( $this->mLocalFile->getTitle() ); - } - - if( $status->isGood() ) - wfRunHooks( 'UploadComplete', array( &$this ) ); - - return $status; - } - - /** - * Returns a title or null - */ - function getTitle() { - if ( $this->mTitle !== false ) - return $this->mTitle; - - /** - * Chop off any directories in the given filename. Then - * filter out illegal characters, and try to make a legible name - * out of it. We'll strip some silently that Title would die on. - */ - - $basename = $this->mDesiredDestName; - - $this->mFilteredName = wfStripIllegalFilenameChars( $basename ); - - /** - * We'll want to blacklist against *any* 'extension', and use - * only the final one for the whitelist. - */ - list( $partname, $ext ) = $this->splitExtensions( $this->mFilteredName ); - - if( count( $ext ) ) { - $this->mFinalExtension = $ext[count( $ext ) - 1]; - } else { - $this->mFinalExtension = ''; - } - - /* Don't allow users to override the blacklist (check file extension) */ - global $wgCheckFileExtensions, $wgStrictFileExtensions; - global $wgFileExtensions, $wgFileBlacklist; - if ( $this->mFinalExtension == '' ) { - $this->mTitleError = self::FILETYPE_MISSING; - return $this->mTitle = null; - } elseif ( $this->checkFileExtensionList( $ext, $wgFileBlacklist ) || - ( $wgCheckFileExtensions && $wgStrictFileExtensions && - !$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) ) { - $this->mTitleError = self::FILETYPE_BADTYPE; - return $this->mTitle = null; - } - - # If there was more than one "extension", reassemble the base - # filename to prevent bogus complaints about length - if( count( $ext ) > 1 ) { - for( $i = 0; $i < count( $ext ) - 1; $i++ ) - $partname .= '.' . $ext[$i]; - } - - if( strlen( $partname ) < 1 ) { - $this->mTitleError = self::MIN_LENGTH_PARTNAME; - return $this->mTitle = null; - } - - $nt = Title::makeTitleSafe( NS_IMAGE, $this->mFilteredName ); - if( is_null( $nt ) ) { - $this->mTitleError = self::ILLEGAL_FILENAME; - return $this->mTitle = null; - } - return $this->mTitle = $nt; - } - - function getLocalFile() { - if( is_null( $this->mLocalFile ) ) { - $nt = $this->getTitle(); - $this->mLocalFile = is_null( $nt ) ? null : wfLocalFile( $nt ); - } - return $this->mLocalFile; - } - - /** - * Stash a file in a temporary directory for later processing - * after the user has confirmed it. - * - * If the user doesn't explicitly cancel or accept, these files - * can accumulate in the temp directory. - * - * @param string $saveName - the destination filename - * @param string $tempName - the source temporary file to save - * @return string - full path the stashed file, or false on failure - * @access private - */ - function saveTempUploadedFile( $saveName, $tempName ) { - global $wgOut; - $repo = RepoGroup::singleton()->getLocalRepo(); - $status = $repo->storeTemp( $saveName, $tempName ); - if ( !$status->isGood() ) { - $this->showError( $status->getWikiText() ); - return false; - } else { - return $status->value; - } - } - - /** - * Stash a file in a temporary directory for later processing, - * and save the necessary descriptive info into the session. - * Returns a key value which will be passed through a form - * to pick up the path info on a later invocation. - * - * @return int - * @access private - */ - function stashSession() { - $stash = $this->saveTempUploadedFile( $this->mDestName, $this->mTempPath ); - - if( !$stash ) { - # Couldn't save the file. - return false; - } - - $key = mt_rand( 0, 0x7fffffff ); - $_SESSION['wsUploadData'][$key] = array( - 'mTempPath' => $stash, - 'mFileSize' => $this->mFileSize, - 'mSrcName' => $this->mSrcName, - 'mFileProps' => $this->mFileProps, - 'version' => self::SESSION_VERSION, - ); - return $key; - } - - /** - * Remove a temporarily kept file stashed by saveTempUploadedFile(). - * @return success - */ - function unsaveUploadedFile() { - $repo = RepoGroup::singleton()->getLocalRepo(); - $success = $repo->freeTemp( $this->mTempPath ); - return $success; - } - - /** - * If we've modified the upload file we need to manually remove it - * on exit to clean up. - * @access private - */ - function cleanupTempFile() { - if ( $this->mRemoveTempFile && file_exists( $this->mTempPath ) ) { - wfDebug( __METHOD__.": Removing temporary file {$this->mTempPath}\n" ); - unlink( $this->mTempPath ); - } - } - - function getTempPath() { - return $this->mTempPath; - } - - - /** - * Split a file into a base name and all dot-delimited 'extensions' - * on the end. Some web server configurations will fall back to - * earlier pseudo-'extensions' to determine type and execute - * scripts, so the blacklist needs to check them all. - * - * @return array - */ - function splitExtensions( $filename ) { - $bits = explode( '.', $filename ); - $basename = array_shift( $bits ); - return array( $basename, $bits ); - } - - /** - * Perform case-insensitive match against a list of file extensions. - * Returns true if the extension is in the list. - * - * @param string $ext - * @param array $list - * @return bool - */ - function checkFileExtension( $ext, $list ) { - return in_array( strtolower( $ext ), $list ); - } - - /** - * Perform case-insensitive match against a list of file extensions. - * Returns true if any of the extensions are in the list. - * - * @param array $ext - * @param array $list - * @return bool - */ - function checkFileExtensionList( $ext, $list ) { - foreach( $ext as $e ) { - if( in_array( strtolower( $e ), $list ) ) { - return true; - } - } - return false; - } - - - /** - * Checks if the mime type of the uploaded file matches the file extension. - * - * @param string $mime the mime type of the uploaded file - * @param string $extension The filename extension that the file is to be served with - * @return bool - */ - public static function verifyExtension( $mime, $extension ) { - $magic = MimeMagic::singleton(); - - if ( ! $mime || $mime == 'unknown' || $mime == 'unknown/unknown' ) - if ( ! $magic->isRecognizableExtension( $extension ) ) { - wfDebug( __METHOD__.": passing file with unknown detected mime type; " . - "unrecognized extension '$extension', can't verify\n" ); - return true; - } else { - wfDebug( __METHOD__.": rejecting file with unknown detected mime type; ". - "recognized extension '$extension', so probably invalid file\n" ); - return false; - } - - $match= $magic->isMatchingExtension($extension,$mime); - - if ($match===NULL) { - wfDebug( __METHOD__.": no file extension known for mime type $mime, passing file\n" ); - return true; - } elseif ($match===true) { - wfDebug( __METHOD__.": mime type $mime matches extension $extension, passing file\n" ); - - #TODO: if it's a bitmap, make sure PHP or ImageMagic resp. can handle it! - return true; - - } else { - wfDebug( __METHOD__.": mime type $mime mismatches file extension $extension, rejecting file\n" ); - return false; - } - } - - /** - * Heuristic for detecting files that *could* contain JavaScript instructions or - * things that may look like HTML to a browser and are thus - * potentially harmful. The present implementation will produce false positives in some situations. - * - * @param string $file Pathname to the temporary upload file - * @param string $mime The mime type of the file - * @param string $extension The extension of the file - * @return bool true if the file contains something looking like embedded scripts - */ - function detectScript($file, $mime, $extension) { - global $wgAllowTitlesInSVG; - - #ugly hack: for text files, always look at the entire file. - #For binary field, just check the first K. - - if (strpos($mime,'text/')===0) $chunk = file_get_contents( $file ); - else { - $fp = fopen( $file, 'rb' ); - $chunk = fread( $fp, 1024 ); - fclose( $fp ); - } - - $chunk= strtolower( $chunk ); - - if (!$chunk) return false; - - #decode from UTF-16 if needed (could be used for obfuscation). - if (substr($chunk,0,2)=="\xfe\xff") $enc= "UTF-16BE"; - elseif (substr($chunk,0,2)=="\xff\xfe") $enc= "UTF-16LE"; - else $enc= NULL; - - if ($enc) $chunk= iconv($enc,"ASCII//IGNORE",$chunk); - - $chunk= trim($chunk); - - #FIXME: convert from UTF-16 if necessarry! - - wfDebug("SpecialUpload::detectScript: checking for embedded scripts and HTML stuff\n"); - - #check for HTML doctype - if (eregi("wrapWikiMsg( '
$1
', array( 'virus-badscanner', $wgAntivirus ) ); - return wfMsg('virus-unknownscanner') . " $wgAntivirus"; - } - - # look up scanner configuration - $command = $wgAntivirusSetup[$wgAntivirus]["command"]; - $exitCodeMap = $wgAntivirusSetup[$wgAntivirus]["codemap"]; - $msgPattern = isset( $wgAntivirusSetup[$wgAntivirus]["messagepattern"] ) ? - $wgAntivirusSetup[$wgAntivirus]["messagepattern"] : null; - - if ( strpos( $command,"%f" ) === false ) { - # simple pattern: append file to scan - $command .= " " . wfEscapeShellArg( $file ); - } else { - # complex pattern: replace "%f" with file to scan - $command = str_replace( "%f", wfEscapeShellArg( $file ), $command ); - } - - wfDebug( __METHOD__.": running virus scan: $command \n" ); - - # execute virus scanner - $exitCode = false; - - #NOTE: there's a 50 line workaround to make stderr redirection work on windows, too. - # that does not seem to be worth the pain. - # Ask me (Duesentrieb) about it if it's ever needed. - $output = array(); - if ( wfIsWindows() ) { - exec( "$command", $output, $exitCode ); - } else { - exec( "$command 2>&1", $output, $exitCode ); - } - - # map exit code to AV_xxx constants. - $mappedCode = $exitCode; - if ( $exitCodeMap ) { - if ( isset( $exitCodeMap[$exitCode] ) ) { - $mappedCode = $exitCodeMap[$exitCode]; - } elseif ( isset( $exitCodeMap["*"] ) ) { - $mappedCode = $exitCodeMap["*"]; - } - } - - if ( $mappedCode === AV_SCAN_FAILED ) { - # scan failed (code was mapped to false by $exitCodeMap) - wfDebug( __METHOD__.": failed to scan $file (code $exitCode).\n" ); - - if ( $wgAntivirusRequired ) { - return wfMsg('virus-scanfailed', array( $exitCode ) ); - } else { - return NULL; - } - } else if ( $mappedCode === AV_SCAN_ABORTED ) { - # scan failed because filetype is unknown (probably imune) - wfDebug( __METHOD__.": unsupported file type $file (code $exitCode).\n" ); - return NULL; - } else if ( $mappedCode === AV_NO_VIRUS ) { - # no virus found - wfDebug( __METHOD__.": file passed virus scan.\n" ); - return false; - } else { - $output = join( "\n", $output ); - $output = trim( $output ); - - if ( !$output ) { - $output = true; #if there's no output, return true - } elseif ( $msgPattern ) { - $groups = array(); - if ( preg_match( $msgPattern, $output, $groups ) ) { - if ( $groups[1] ) { - $output = $groups[1]; - } - } - } - - wfDebug( __METHOD__.": FOUND VIRUS! scanner feedback: $output" ); - return $output; - } - } - - /** - * Check if the temporary file is MacBinary-encoded, as some uploads - * from Internet Explorer on Mac OS Classic and Mac OS X will be. - * If so, the data fork will be extracted to a second temporary file, - * which will then be checked for validity and either kept or discarded. - * - * @access private - */ - function checkMacBinary() { - $macbin = new MacBinary( $this->mTempPath ); - if( $macbin->isValid() ) { - $dataFile = tempnam( wfTempDir(), "WikiMacBinary" ); - $dataHandle = fopen( $dataFile, 'wb' ); - - wfDebug( "SpecialUpload::checkMacBinary: Extracting MacBinary data fork to $dataFile\n" ); - $macbin->extractData( $dataHandle ); - - $this->mTempPath = $dataFile; - $this->mFileSize = $macbin->dataForkLength(); - - // We'll have to manually remove the new file if it's not kept. - $this->mRemoveTempFile = true; - } - $macbin->close(); - } - - /** - * Check if there's an overwrite conflict and, if so, if restrictions - * forbid this user from performing the upload. - * - * @return mixed true on success, WikiError on failure - * @access private - */ - function checkOverwrite() { - global $wgUser; - // First check whether the local file can be overwritten - if( $this->mLocalFile->exists() ) - if( !self::userCanReUpload( $wgUser, $this->mLocalFile ) ) - return 'fileexists-forbidden'; - - // Check shared conflicts - $file = wfFindFile( $this->mLocalFile->getName() ); - if ( $file && ( !$wgUser->isAllowed( 'reupload' ) || - !$wgUser->isAllowed( 'reupload-shared' ) ) ) - return 'fileexists-shared-forbidden'; - - return true; - - } - - /** - * Check if a user is the last uploader - * - * @param User $user - * @param string $img, image name - * @return bool - */ - public static function userCanReUpload( User $user, $img ) { - if( $user->isAllowed( 'reupload' ) ) - return true; // non-conditional - if( !$user->isAllowed( 'reupload-own' ) ) - return false; - if( is_string( $img ) ) - $img = wfLocalFile( $img ); - if ( !( $img instanceof LocalFile ) ) - return false; - - return $user->getId() == $img->getUser( 'id' ); - } - - public static function getExistsWarning( $file ) { - if( $file->exists() ) - return array( 'exists', $file ); - - if( $file->getTitle()->getArticleID() ) - return array( 'page-exists', $file ); - - if( strpos( $file->getName(), '.' ) == false ) { - $partname = $file->getName(); - $rawExtension = ''; - } else { - $n = strrpos( $file->getName(), '.' ); - $rawExtension = substr( $file->getName(), $n + 1 ); - $partname = substr( $file->getName(), 0, $n ); - } - - if ( $rawExtension != $file->getExtension() ) { - // We're not using the normalized form of the extension. - // Normal form is lowercase, using most common of alternate - // extensions (eg 'jpg' rather than 'JPEG'). - // - // Check for another file using the normalized form... - $nt_lc = Title::makeTitle( NS_IMAGE, $partname . '.' . $file->getExtension() ); - $file_lc = wfLocalFile( $nt_lc ); - - if( $file_lc->exists() ) - return array( 'exists-normalized', $file_lc ); - } - - if ( self::isThumbName( $file->getName() ) ) { - # Check for filenames like 50px- or 180px-, these are mostly thumbnails - $nt_thb = Title::newFromText( substr( $partname , strpos( $partname , '-' ) +1 ) . '.' . $rawExtension ); - $file_thb = wfLocalFile( $nt_thb ); - if( $file_thb->exists() ) - return array( 'thumb', $file_thb ); - } - - return false; - } - - public static function isThumbName( $filename ) { - $n = strrpos( $filename, '.' ); - $partname = $n ? substr( $filename, 0, $n ) : $filename; - return ( - substr( $partname , 3, 3 ) == 'px-' || - substr( $partname , 2, 3 ) == 'px-' - ) && - ereg( "[0-9]{2}" , substr( $partname , 0, 2) ); - } - - /** - * Get a list of blacklisted filename prefixes from [[MediaWiki:filename-prefix-blacklist]] - * - * @return array list of prefixes - */ - public static function getFilenamePrefixBlacklist() { - $blacklist = array(); - $message = wfMsgForContent( 'filename-prefix-blacklist' ); - if( $message && !( wfEmptyMsg( 'filename-prefix-blacklist', $message ) || $message == '-' ) ) { - $lines = explode( "\n", $message ); - foreach( $lines as $line ) { - // Remove comment lines - $comment = substr( trim( $line ), 0, 1 ); - if ( $comment == '#' || $comment == '' ) { - continue; - } - // Remove additional comments after a prefix - $comment = strpos( $line, '#' ); - if ( $comment > 0 ) { - $line = substr( $line, 0, $comment-1 ); - } - $blacklist[] = trim( $line ); - } - } - return $blacklist; - } - - -} diff --git a/includes/UploadFromStash.php b/includes/UploadFromStash.php index 34f1fbfe9c..34173f37f1 100644 --- a/includes/UploadFromStash.php +++ b/includes/UploadFromStash.php @@ -1,6 +1,6 @@ mTempPath = $tempPath; $this->mFileSize = $fileSize; diff --git a/includes/UploadFromUrl.php b/includes/UploadFromUrl.php index fc40d3a37e..dd9010dd95 100644 --- a/includes/UploadFromUrl.php +++ b/includes/UploadFromUrl.php @@ -1,7 +1,7 @@ isAllowed( 'upload_by_url' ) ) return 'upload_by_url'; diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php index c5769acaec..44fa6a3ae6 100644 --- a/includes/specials/SpecialUpload.php +++ b/includes/specials/SpecialUpload.php @@ -27,7 +27,7 @@ class UploadForm { var $mDestWarningAck; var $mLocalFile; - var $mUpload; // Instance of UploadFromBase or derivative + var $mUpload; // Instance of UploadBase or derivative # Placeholders for text injection by hooks (must be HTML) # extensions should take care to _append_ to the present value @@ -76,7 +76,7 @@ class UploadForm { if( !empty( $this->mSessionKey ) && isset( $_SESSION['wsUploadData'][$this->mSessionKey]['version'] ) && $_SESSION['wsUploadData'][$this->mSessionKey]['version'] == - UploadFromBase::SESSION_VERSION ) { + UploadBase::SESSION_VERSION ) { /** * Confirming a temporarily stashed upload. * We don't want path names to be forged, so we keep @@ -116,7 +116,7 @@ class UploadForm { global $wgUser, $wgOut; # Check uploading enabled - if( !UploadFromBase::isEnabled() ) { + if( !UploadBase::isEnabled() ) { $wgOut->showErrorPage( 'uploaddisabled', 'uploaddisabledtext', array( $this->mDesiredDestName ) ); return; } @@ -182,45 +182,45 @@ class UploadForm { $value = $this->internalProcessUpload( $details ); switch($value) { - case UploadFromBase::SUCCESS: + case UploadBase::SUCCESS: $wgOut->redirect( $this->mLocalFile->getTitle()->getFullURL() ); break; - case UploadFromBase::BEFORE_PROCESSING: + case UploadBase::BEFORE_PROCESSING: // Do... nothing? Why? break; - case UploadFromBase::LARGE_FILE_SERVER: + case UploadBase::LARGE_FILE_SERVER: $this->mainUploadForm( wfMsgHtml( 'largefileserver' ) ); break; - case UploadFromBase::EMPTY_FILE: + case UploadBase::EMPTY_FILE: $this->mainUploadForm( wfMsgHtml( 'emptyfile' ) ); break; - case UploadFromBase::MIN_LENGTH_PARTNAME: + case UploadBase::MIN_LENGTH_PARTNAME: $this->mainUploadForm( wfMsgHtml( 'minlength1' ) ); break; - case UploadFromBase::ILLEGAL_FILENAME: + case UploadBase::ILLEGAL_FILENAME: $this->uploadError( wfMsgExt( 'illegalfilename', 'parseinline', $details['filtered'] ) ); break; - case UploadFromBase::PROTECTED_PAGE: + case UploadBase::PROTECTED_PAGE: $wgOut->showPermissionsErrorPage( $details['permissionserrors'] ); break; - case UploadFromBase::OVERWRITE_EXISTING_FILE: + case UploadBase::OVERWRITE_EXISTING_FILE: $this->uploadError( wfMsgExt( $details['overwrite'], 'parseinline' ) ); break; - case UploadFromBase::FILETYPE_MISSING: + case UploadBase::FILETYPE_MISSING: $this->uploadError( wfMsgExt( 'filetype-missing', array ( 'parseinline' ) ) ); break; - case UploadFromBase::FILETYPE_BADTYPE: + case UploadBase::FILETYPE_BADTYPE: $finalExt = $details['finalExt']; $this->uploadError( wfMsgExt( 'filetype-banned-type', @@ -235,23 +235,23 @@ class UploadForm { ); break; - case UploadFromBase::VERIFICATION_ERROR: + case UploadBase::VERIFICATION_ERROR: $args = $details['veri']; $code = array_shift( $args ); $this->uploadError( wfMsgExt( $code, 'parseinline', $args ) ); break; - case UploadFromBase::UPLOAD_VERIFICATION_ERROR: + case UploadBase::UPLOAD_VERIFICATION_ERROR: $error = $details['error']; $this->uploadError( wfMsgExt( $error, 'parseinline' ) ); break; - case UploadFromBase::UPLOAD_WARNING: + case UploadBase::UPLOAD_WARNING: $warning = $details['warning']; $this->uploadWarning( $warning ); break; - case UploadFromBase::INTERNAL_ERROR: + case UploadBase::INTERNAL_ERROR: $status = $details['internal']; $this->showError( $wgOut->parse( $status->getWikiText() ) ); break; @@ -275,7 +275,7 @@ class UploadForm { if( !wfRunHooks( 'UploadForm:BeforeProcessing', array( &$this ) ) ) { wfDebug( "Hook 'UploadForm:BeforeProcessing' broke processing the file." ); - return UploadFromBase::BEFORE_PROCESSING; + return UploadBase::BEFORE_PROCESSING; } /** @@ -285,12 +285,12 @@ class UploadForm { $permErrors = $this->mUpload->verifyPermissions( $wgUser ); if( $permErrors !== true ) { $resultDetails = array( 'permissionserrors' => $permErrors ); - return UploadFromBase::PROTECTED_PAGE; + return UploadBase::PROTECTED_PAGE; } // Check whether this is a sane upload $result = $this->mUpload->verifyUpload( $resultDetails ); - if( $result != UploadFromBase::OK ) + if( $result != UploadBase::OK ) return $result; $this->mLocalFile = $this->mUpload->getLocalFile(); @@ -300,7 +300,7 @@ class UploadForm { if( count( $warnings ) ) { $resultDetails = array( 'warning' => $warnings ); - return UploadFromBase::UPLOAD_WARNING; + return UploadBase::UPLOAD_WARNING; } } @@ -316,13 +316,13 @@ class UploadForm { if ( !$status->isGood() ) { $resultDetails = array( 'internal' => $status ); - return UploadFromBase::INTERNAL_ERROR; + return UploadBase::INTERNAL_ERROR; } else { // Success, redirect to description page // WTF WTF WTF? $img = null; // @todo: added to avoid passing a ref to null - should this be defined somewhere? wfRunHooks( 'SpecialUploadComplete', array( &$this ) ); - return UploadFromBase::SUCCESS; + return UploadBase::SUCCESS; } } @@ -420,7 +420,7 @@ class UploadForm { } $s = ' '; if ( $file ) { - $exists = UploadFromBase::getExistsWarning( $file ); + $exists = UploadBase::getExistsWarning( $file ); $warning = self::getExistsWarning( $exists ); // FIXME: We probably also want the prefix blacklist and the wasdeleted check here if ( $warning !== '' ) { @@ -921,7 +921,7 @@ wgUploadAutoFill = {$autofill}; * @param User $user * @param string $img, image name * @return bool - * @deprecated Use UploadFromBase::userCanReUpload + * @deprecated Use UploadBase::userCanReUpload */ public static function userCanReUpload( User $user, $img ) { wfDeprecated( __METHOD__ );