'ISO-8859-1',
'ISO-8859-2',
'UTF-16',
- 'UTF-32'
+ 'UTF-32',
+ 'WINDOWS-1250',
+ 'WINDOWS-1251',
+ 'WINDOWS-1252',
+ 'WINDOWS-1253',
+ 'WINDOWS-1254',
+ 'WINDOWS-1255',
+ 'WINDOWS-1256',
+ 'WINDOWS-1257',
+ 'WINDOWS-1258',
];
const SUCCESS = 0;
$error = '';
if ( !Hooks::run( 'UploadVerification',
- [ $this->mDestName, $this->mTempPath, &$error ] )
+ [ $this->mDestName, $this->mTempPath, &$error ], '1.28' )
) {
return [ 'status' => self::HOOK_ABORTED, 'error' => $error ];
}
}
}
- Hooks::run( 'UploadVerifyFile', [ $this, $mime, &$status ] );
- if ( $status !== true ) {
- return $status;
+ $error = true;
+ Hooks::run( 'UploadVerifyFile', [ $this, $mime, &$error ] );
+ if ( $error !== true ) {
+ if ( !is_array( $error ) ) {
+ $error = [ $error ];
+ }
+ return $error;
}
wfDebug( __METHOD__ . ": all clear; passing.\n" );
*/
public function performUpload( $comment, $pageText, $watch, $user, $tags = [] ) {
$this->getLocalFile()->load( File::READ_LATEST );
+ $props = $this->mFileProps;
+
+ $error = null;
+ Hooks::run( 'UploadVerifyUpload', [ $this, $user, $props, $comment, $pageText, &$error ] );
+ if ( $error ) {
+ if ( !is_array( $error ) ) {
+ $error = [ $error ];
+ }
+ return call_user_func_array( 'Status::newFatal', $error );
+ }
$status = $this->getLocalFile()->upload(
$this->mTempPath,
$comment,
$pageText,
File::DELETE_SOURCE,
- $this->mFileProps,
+ $props,
false,
$user,
$tags
return $this->mLocalFile;
}
+ /**
+ * Like stashFile(), but respects extensions' wishes to prevent the stashing.
+ *
+ * Upload stash exceptions are also caught and converted to an error status.
+ *
+ * @since 1.28
+ * @param User $user
+ * @return Status If successful, value is an UploadStashFile instance
+ */
+ public function tryStashFile( User $user ) {
+ $props = $this->mFileProps;
+ $error = null;
+ Hooks::run( 'UploadStashFile', [ $this, $user, $props, &$error ] );
+ if ( $error ) {
+ if ( !is_array( $error ) ) {
+ $error = [ $error ];
+ }
+ return call_user_func_array( 'Status::newFatal', $error );
+ }
+ try {
+ $file = $this->doStashFile( $user );
+ return Status::newGood( $file );
+ } catch ( UploadStashException $e ) {
+ return Status::newFatal( 'uploadstash-exception', get_class( $e ), $e->getMessage() );
+ }
+ }
+
/**
* If the user does not supply all necessary information in the first upload
* form submission (either by accident or by design) then we may want to
* which can be passed through a form or API request to find this stashed
* file again.
*
+ * @deprecated since 1.28 Use tryStashFile() instead
* @param User $user
* @return UploadStashFile Stashed file
+ * @throws UploadStashBadPathException
+ * @throws UploadStashFileException
+ * @throws UploadStashNotLoggedInException
*/
public function stashFile( User $user = null ) {
- // was stashSessionFile
+ return $this->doStashFile( $user );
+ }
+ /**
+ * Implementation for stashFile() and tryStashFile().
+ *
+ * @param User $user
+ * @return UploadStashFile Stashed file
+ */
+ protected function doStashFile( User $user = null ) {
$stash = RepoGroup::singleton()->getLocalRepo()->getUploadStash( $user );
$file = $stash->stashFile( $this->mTempPath, $this->getSourceType() );
$this->mLocalFile = $file;
* Stash a file in a temporary directory, returning a key which can be used
* to find the file again. See stashFile().
*
+ * @deprecated since 1.28
* @return string File key
*/
public function stashFileGetKey() {
- return $this->stashFile()->getFileKey();
+ wfDeprecated( __METHOD__, '1.28' );
+ return $this->doStashFile()->getFileKey();
}
/**
* alias for stashFileGetKey, for backwards compatibility
*
+ * @deprecated since 1.28
* @return string File key
*/
public function stashSession() {
- return $this->stashFileGetKey();
+ wfDeprecated( __METHOD__, '1.28' );
+ return $this->doStashFile()->getFileKey();
}
/**
return [ 'uploaded-event-handler-on-svg', $attrib, $value ];
}
- # href with non-local target (don't allow http://, javascript:, etc)
+ # Do not allow relative links, or unsafe url schemas.
+ # For <a> tags, only data:, http: and https: and same-document
+ # fragment links are allowed. For all other tags, only data:
+ # and fragment are allowed.
if ( $stripped == 'href'
&& strpos( $value, 'data:' ) !== 0
&& strpos( $value, '#' ) !== 0