/**
* Create a form of UploadBase depending on wpSourceType and initializes it
*
- * @param WebRequest $request
+ * @param WebRequest &$request
* @param string|null $type
* @return null|UploadBase
*/
/**
* Initialize from a WebRequest. Override this in a subclass.
*
- * @param WebRequest $request
+ * @param WebRequest &$request
*/
abstract public function initializeFromRequest( &$request );
/**
* @param string $tempPath File system path to temporary file containing the upload
- * @param integer $fileSize
+ * @param int $fileSize
*/
protected function setTempFile( $tempPath, $fileSize = null ) {
$this->mTempPath = $tempPath;
$chunk = fread( $fp, 256 );
fclose( $fp );
- $magic = MimeMagic::singleton();
+ $magic = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer();
$extMime = $magic->guessTypesForExtension( $this->mFinalExtension );
$ieTypes = $magic->getIEMimeTypes( $this->mTempPath, $chunk, $extMime );
foreach ( $ieTypes as $ieType ) {
return $status;
}
- $mwProps = new MWFileProps( MimeMagic::singleton() );
+ $mwProps = new MWFileProps( MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer() );
$this->mFileProps = $mwProps->getPropsFromPath( $this->mTempPath, $this->mFinalExtension );
$mime = $this->mFileProps['mime'];
# getTitle() sets some internal parameters like $this->mFinalExtension
$this->getTitle();
- $mwProps = new MWFileProps( MimeMagic::singleton() );
+ $mwProps = new MWFileProps( MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer() );
$this->mFileProps = $mwProps->getPropsFromPath( $this->mTempPath, $this->mFinalExtension );
# check MIME type, if desired
$warnings['was-deleted'] = $filename;
}
- $dupes = $this->checkAgainstExistingDupes( $hash );
+ // If a file with the same name exists locally then the local file has already been tested
+ // for duplication of content
+ $ignoreLocalDupes = isset( $warnings[ 'exists '] );
+ $dupes = $this->checkAgainstExistingDupes( $hash, $ignoreLocalDupes );
if ( $dupes ) {
$warnings['duplicate'] = $dupes;
}
/**
* @param string $hash sha1 hash of the file to check
+ * @param bool $ignoreLocalDupes True to ignore local duplicates
*
* @return File[] Duplicate files, if found.
*/
- private function checkAgainstExistingDupes( $hash ) {
+ private function checkAgainstExistingDupes( $hash, $ignoreLocalDupes ) {
$dupes = RepoGroup::singleton()->findBySha1( $hash );
$title = $this->getTitle();
- // Remove all matches against self
foreach ( $dupes as $key => $dupe ) {
- if ( $title->equals( $dupe->getTitle() ) ) {
+ if (
+ ( $dupe instanceof LocalFile ) &&
+ $ignoreLocalDupes &&
+ $title->equals( $dupe->getTitle() )
+ ) {
unset( $dupes[$key] );
}
}
if ( !is_array( $error ) ) {
$error = [ $error ];
}
- return call_user_func_array( 'Status::newFatal', $error );
+ return Status::newFatal( ...$error );
}
$status = $this->getLocalFile()->upload(
$this->mFinalExtension = '';
# No extension, try guessing one
- $magic = MimeMagic::singleton();
+ $magic = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer();
$mime = $magic->guessMimeType( $this->mTempPath );
if ( $mime !== 'unknown/unknown' ) {
# Get a space separated list of extensions
if ( !$isPartial ) {
$error = $this->runUploadStashFileHook( $user );
if ( $error ) {
- return call_user_func_array( 'Status::newFatal', $error );
+ return Status::newFatal( ...$error );
}
}
try {
* @return bool
*/
public static function verifyExtension( $mime, $extension ) {
- $magic = MimeMagic::singleton();
+ $magic = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer();
if ( !$mime || $mime == 'unknown' || $mime == 'unknown/unknown' ) {
if ( !$magic->isRecognizableExtension( $extension ) ) {
*/
public static function checkXMLEncodingMissmatch( $file ) {
global $wgSVGMetadataCutoff;
- $contents = file_get_contents( $file, false, null, -1, $wgSVGMetadataCutoff );
+ $contents = file_get_contents( $file, false, null, 0, $wgSVGMetadataCutoff );
$encodingRegex = '!encoding[ \t\n\r]*=[ \t\n\r]*[\'"](.*?)[\'"]!si';
if ( preg_match( "!<\?xml\b(.*?)\?>!si", $contents, $matches ) ) {
// detect the encoding in case is specifies an encoding not whitelisted in self::$safeXmlEncodings
$attemptEncodings = [ 'UTF-16', 'UTF-16BE', 'UTF-32', 'UTF-32BE' ];
foreach ( $attemptEncodings as $encoding ) {
- MediaWiki\suppressWarnings();
+ Wikimedia\suppressWarnings();
$str = iconv( $encoding, 'UTF-8', $contents );
- MediaWiki\restoreWarnings();
+ Wikimedia\restoreWarnings();
if ( $str != '' && preg_match( "!<\?xml\b(.*?)\?>!si", $str, $matches ) ) {
if ( preg_match( $encodingRegex, $matches[1], $encMatch )
&& !in_array( strtoupper( $encMatch[1] ), self::$safeXmlEncodings )
* @param string $type PUBLIC or SYSTEM
* @param string $publicId The well-known public identifier for the dtd
* @param string $systemId The url for the external dtd
+ * @return bool|array
*/
public static function checkSvgExternalDTD( $type, $publicId, $systemId ) {
// This doesn't include the XHTML+MathML+SVG doctype since we don't
* @todo Replace this with a whitelist filter!
* @param string $element
* @param array $attribs
+ * @param array $data
* @return bool
*/
public function checkSvgScriptCallback( $element, $attribs, $data = null ) {
# image/svg, text/xml, application/xml, and text/html, which can contain scripts
if ( $stripped == 'href' && strncasecmp( 'data:', $value, 5 ) === 0 ) {
// rfc2397 parameters. This is only slightly slower than (;[\w;]+)*.
- // @codingStandardsIgnoreStart Generic.Files.LineLength
+ // phpcs:ignore Generic.Files.LineLength
$parameters = '(?>;[a-zA-Z0-9\!#$&\'*+.^_`{|}~-]+=(?>[a-zA-Z0-9\!#$&\'*+.^_`{|}~-]+|"(?>[\0-\x0c\x0e-\x21\x23-\x5b\x5d-\x7f]+|\\\\[\0-\x7f])*"))*(?:;base64)?';
- // @codingStandardsIgnoreEnd
if ( !preg_match( "!^data:\s*image/(gif|jpeg|jpg|png)$parameters,!i", $value ) ) {
wfDebug( __METHOD__ . ": Found href to unwhitelisted data: uri "
# look up scanner configuration
$command = $wgAntivirusSetup[$wgAntivirus]['command'];
$exitCodeMap = $wgAntivirusSetup[$wgAntivirus]['codemap'];
- $msgPattern = isset( $wgAntivirusSetup[$wgAntivirus]['messagepattern'] ) ?
- $wgAntivirusSetup[$wgAntivirus]['messagepattern'] : null;
+ $msgPattern = $wgAntivirusSetup[$wgAntivirus]['messagepattern'] ?? null;
if ( strpos( $command, "%f" ) === false ) {
# simple pattern: append file to scan