* (bug 29309) allow CSS class per tooltip (tipsy)
* (bug 33565) Add accesskey/tooltip to submit buttons on Special:EditWatchlist.
* (bug 17959) Inline rendering/thumbnailing for Gimp XCF images
+* (bug 32341) Add upload by URL domain limitation.
=== Bug fixes in 1.19 ===
* $wgUploadNavigationUrl should be used for file redlinks if.
* This feature is experimental and broken as of r81612.
*/
$wgAllowAsyncCopyUploads = false;
+/**
+ * A list of domains copy uploads can come from
+ */
+$wgCopyUploadsDomains = array();
/**
* Max size for uploads, in bytes. If not set to an array, applies to all
* Generate a new request object
* @param $url String: url to use
* @param $options Array: (optional) extra params to pass (see Http::request())
- * @return \CurlHttpRequest|\PhpHttpRequest
+ * @return CurlHttpRequest|PhpHttpRequest
* @see MWHttpRequest::__construct
*/
public static function factory( $url, $options = null ) {
'nouploadmodule' => array( 'code' => 'nouploadmodule', 'info' => 'No upload module set' ),
'uploaddisabled' => array( 'code' => 'uploaddisabled', 'info' => 'Uploads are not enabled. Make sure $wgEnableUploads is set to true in LocalSettings.php and the PHP ini setting file_uploads is true' ),
'copyuploaddisabled' => array( 'code' => 'copyuploaddisabled', 'info' => 'Uploads by URL is not enabled. Make sure $wgAllowCopyUploads is set to true in LocalSettings.php.' ),
+ 'copyuploadbaddomain' => array( 'code' => 'copyuploadbaddomain', 'info' => 'Uploads by URL are not allowed from this domain.' ),
'filename-tooshort' => array( 'code' => 'filename-tooshort', 'info' => 'The filename is too short' ),
'filename-toolong' => array( 'code' => 'filename-toolong', 'info' => 'The filename is too long' ),
$this->dieUsageMsg( 'copyuploaddisabled' );
}
+ if ( !UploadFromUrl::isAllowedHost( $this->mParams['url'] ) ) {
+ $this->dieUsageMsg( 'copyuploadbaddomain' );
+ }
+
$async = false;
if ( $this->mParams['asyncdownload'] ) {
$this->checkAsyncDownloadEnabled();
$this->mUpload = new UploadFromUrl;
$this->mUpload->initialize( $this->mParams['filename'],
$this->mParams['url'], $async );
-
}
return true;
if (
$this->mTokenOk && !$this->mCancelUpload &&
( $this->mUpload && $this->mUploadClicked )
- )
- {
+ ) {
$this->processUpload();
} else {
# Backwards compatibility hook
wfDebug( "Hook 'UploadForm:initial' broke output of the upload form" );
return;
}
-
-
$this->showUploadForm( $this->getUploadForm() );
}
);
}
- $canUploadByUrl = UploadFromUrl::isEnabled() && $this->getUser()->isAllowed( 'upload_by_url' );
+ $canUploadByUrl = UploadFromUrl::isEnabled() && UploadFromUrl::isAllowed( $this->getUser() );
$radio = $canUploadByUrl;
$selectedSourceType = strtolower( $this->getRequest()->getText( 'wpSourceType', 'File' ) );
return $wgAllowCopyUploads && parent::isEnabled();
}
+ /**
+ * Checks whether the URL is for an allowed host
+ *
+ * @param $url string
+ * @return bool
+ */
+ public static function isAllowedHost( $url ) {
+ global $wgCopyUploadsDomains;
+ if ( !count( $wgCopyUploadsDomains ) ) {
+ return true;
+ }
+ $valid = false;
+ foreach( $wgCopyUploadsDomains as $domain ) {
+ if ( strpos( $url, $domain ) !== false ) {
+ $valid = true;
+ break;
+ }
+ }
+ return $valid;
+ }
+
/**
* Entry point for API upload
*
*/
public function initializeFromRequest( &$request ) {
$desiredDestName = $request->getText( 'wpDestFile' );
- if ( !$desiredDestName )
+ if ( !$desiredDestName ) {
$desiredDestName = $request->getText( 'wpUploadFileURL' );
+ }
return $this->initialize(
$desiredDestName,
trim( $request->getVal( 'wpUploadFileURL' ) ),
return Status::newFatal( 'http-invalid-url' );
}
+ if( !self::isAllowedHost( $this->mUrl ) ) {
+ return Status::newFatal( 'upload-copy-upload-invalid-domain' );
+ }
if ( !$this->mAsync ) {
return $this->reallyFetchFile();
}
if ( $this->mAsync ) {
$sessionKey = $this->insertJob( $comment, $pageText, $watch, $user );
- $status = new Status;
- $status->error( 'async', $sessionKey );
- return $status;
+ return Status::newFatal( 'async', $sessionKey );
}
return parent::performUpload( $comment, $pageText, $watch, $user );
'upload-too-many-redirects' => 'The URL contained too many redirects',
'upload-unknown-size' => 'Unknown size',
'upload-http-error' => 'An HTTP error occured: $1',
+'upload-copy-upload-invalid-domain' => 'Copy uploads are not available from this domain.',
# File backend
'backend-fail-stream' => 'Could not stream file $1.',