From c8508a60ee25729ccc86a83c206632072b2b8f3a Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 6 Sep 2005 04:53:59 +0000 Subject: [PATCH] * Add UploadVerification hook for custom file upload validation/security checks --- RELEASE-NOTES | 1 + docs/hooks.txt | 5 +++++ includes/SpecialUpload.php | 9 +++++++++ 3 files changed, 15 insertions(+) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 5fe5bce2f5..b4f6c5823d 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -86,6 +86,7 @@ fully support the editing toolbar, but was found to be too confusing. overwriting existing files; default is the old behavior (allowed). * Use strval() to make sure we don't accidentally get null on bad revision text loads or other fields mucking up XML export output +* Add UploadVerification hook for custom file upload validation/security checks === Caveats === diff --git a/docs/hooks.txt b/docs/hooks.txt index 6bb5fe2103..54507d529b 100644 --- a/docs/hooks.txt +++ b/docs/hooks.txt @@ -331,6 +331,11 @@ $article: article object to be removed $user: user that was watching $article: article object removed +'UploadVerification': additional chances to reject an uploaded file +string $saveName: destination file name +string $tempName: filesystem path to the temporary file for checks +string &$error: output: HTML error to show if upload canceled by returning false + 'UserLoginComplete': after a user has logged in $user: the user object that was created on login diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php index 185700f6c0..3eda0f3afa 100644 --- a/includes/SpecialUpload.php +++ b/includes/SpecialUpload.php @@ -232,6 +232,15 @@ class UploadForm { return $this->uploadError( $veri->toString() ); } } + + /** + * Provide an opportunity for extensions to add futher checks + */ + $error = ''; + if( !wfRunHooks( 'UploadVerification', + array( $this->mUploadSaveName, $this->mUploadTempName, &$error ) ) ) { + return $this->uploadError( $error ); + } /** * Check for non-fatal conditions -- 2.20.1