dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Properly check permissions.
[lhc/web/wiklou.git] / includes / specials / SpecialUpload.php
1 <?php
2 /**
3 * @file
4 * @ingroup SpecialPage
5 */
6
7
8 /**
9 * Entry point
10 */
11 function wfSpecialUpload() {
12 global $wgRequest;
13 $form = new UploadForm( $wgRequest );
14 $form->execute();
15 }
16
17 /**
18 * implements Special:Upload
19 * @ingroup SpecialPage
20 */
21 class UploadForm {
22 /**#@+
23 * @access private
24 */
25 var $mComment, $mLicense, $mIgnoreWarning;
26 var $mCopyrightStatus, $mCopyrightSource, $mReUpload, $mAction, $mUploadClicked;
27 var $mDestWarningAck;
28 var $mLocalFile;
29
30 var $mUpload; // Instance of UploadFromBase or derivative
31
32 # Placeholders for text injection by hooks (must be HTML)
33 # extensions should take care to _append_ to the present value
34 var $uploadFormTextTop;
35 var $uploadFormTextAfterSummary;
36
37 /**#@-*/
38
39 /**
40 * Constructor : initialise object
41 * Get data POSTed through the form and assign them to the object
42 * @param $request Data posted.
43 */
44 function __construct( &$request ) {
45 $this->mDesiredDestName = $request->getText( 'wpDestFile' );
46 $this->mIgnoreWarning = $request->getCheck( 'wpIgnoreWarning' );
47 $this->mComment = $request->getText( 'wpUploadDescription' );
48
49 if( !$request->wasPosted() ) {
50 # GET requests just give the main form; no data except destination
51 # filename and description
52 return;
53 }
54
55 # Placeholders for text injection by hooks (empty per default)
56 $this->uploadFormTextTop = "";
57 $this->uploadFormTextAfterSummary = "";
58
59 $this->mReUpload = $request->getCheck( 'wpReUpload' );
60 $this->mUploadClicked = $request->getCheck( 'wpUpload' );
61
62 $this->mLicense = $request->getText( 'wpLicense' );
63 $this->mCopyrightStatus = $request->getText( 'wpUploadCopyStatus' );
64 $this->mCopyrightSource = $request->getText( 'wpUploadSource' );
65 $this->mWatchthis = $request->getBool( 'wpWatchthis' );
66 $this->mSourceType = $request->getText( 'wpSourceType' );
67 $this->mDestWarningAck = $request->getText( 'wpDestFileWarningAck' );
68
69 $this->mAction = $request->getVal( 'action' );
70
71 $desiredDestName = $request->getText( 'wpDestFile' );
72 if( !$desiredDestName )
73 $desiredDestName = $request->getText( 'wpUploadFile' );
74
75 $this->mSessionKey = $request->getInt( 'wpSessionKey' );
76 if( !empty( $this->mSessionKey ) &&
77 isset( $_SESSION['wsUploadData'][$this->mSessionKey]['version'] ) &&
78 $_SESSION['wsUploadData'][$this->mSessionKey]['version'] ==
79 UploadFromBase::SESSION_VERSION ) {
80 /**
81 * Confirming a temporarily stashed upload.
82 * We don't want path names to be forged, so we keep
83 * them in the session on the server and just give
84 * an opaque key to the user agent.
85 */
86
87 $this->mUpload = new UploadFromStash( $desiredDestName );
88 $data = $_SESSION['wsUploadData'][$this->mSessionKey];
89 $this->mUpload->initialize( $data );
90
91 } else {
92 /**
93 *Check for a newly uploaded file.
94 */
95 if( UploadFromUrl::isEnabled() && $this->mSourceType == 'web' ) {
96 $this->mUpload = new UploadFromUrl( $desiredDestName );
97 $this->mUpload->initialize( $request->getText( 'wpUploadFileURL' ) );
98 } else {
99 $this->mUpload = new UploadFromUpload( $desiredDestName );
100 $this->mUpload->initialize(
101 $request->getFileTempName( 'wpUploadFile' ),
102 $request->getFileSize( 'wpUploadFile' ),
103 $request->getFileName( 'wpUploadFile' )
104 );
105 }
106 }
107 }
108
109
110
111 /**
112 * Start doing stuff
113 * @access public
114 */
115 function execute() {
116 global $wgUser, $wgOut;
117
118 # Check uploading enabled
119 if( !UploadFromBase::isEnabled() ) {
120 $wgOut->showErrorPage( 'uploaddisabled', 'uploaddisabledtext', array( $this->mDesiredDestName ) );
121 return;
122 }
123
124 # Check permissions
125 $permission = $this->mUpload->isAllowed( $wgUser );
126 if( $permission !== true ) {
127 if( !$wgUser->isLoggedIn() ) {
128 $wgOut->showErrorPage( 'uploadnologin', 'uploadnologintext' );
129 } else {
130 $wgOut->permissionRequired( $permission );
131 }
132 return;
133 }
134
135 # Check blocks
136 if( $wgUser->isBlocked() ) {
137 $wgOut->blockedPage();
138 return;
139 }
140
141 if( wfReadOnly() ) {
142 $wgOut->readOnlyPage();
143 return;
144 }
145
146 if( $this->mReUpload ) {
147 // User did not choose to ignore warnings
148 if( !$this->mUpload->unsaveUploadedFile() ) {
149 return;
150 }
151 # Because it is probably checked and shouldn't be
152 $this->mIgnoreWarning = false;
153
154 $this->mainUploadForm();
155 } elseif( $this->mUpload && (
156 'submit' == $this->mAction ||
157 $this->mUploadClicked
158 ) ) {
159 $this->processUpload();
160 } else {
161 $this->mainUploadForm();
162 }
163
164 if( $this->mUpload )
165 $this->mUpload->cleanupTempFile();
166 }
167
168 /**
169 * Do the upload
170 * Checks are made in SpecialUpload::execute()
171 *
172 * @access private
173 */
174 function processUpload(){
175 global $wgUser, $wgOut, $wgFileExtensions, $wgLang;
176 $details = null;
177 $value = null;
178 $value = $this->internalProcessUpload( $details );
179
180 switch($value) {
181 case UploadFromBase::SUCCESS:
182 $wgOut->redirect( $this->mLocalFile->getTitle()->getFullURL() );
183 break;
184
185 case UploadFromBase::BEFORE_PROCESSING:
186 // Do... nothing? Why?
187 break;
188
189 case UploadFromBase::LARGE_FILE_SERVER:
190 $this->mainUploadForm( wfMsgHtml( 'largefileserver' ) );
191 break;
192
193 case UploadFromBase::EMPTY_FILE:
194 $this->mainUploadForm( wfMsgHtml( 'emptyfile' ) );
195 break;
196
197 case UploadFromBase::MIN_LENGHT_PARTNAME:
198 $this->mainUploadForm( wfMsgHtml( 'minlength1' ) );
199 break;
200
201 case UploadFromBase::ILLEGAL_FILENAME:
202 $this->uploadError( wfMsgExt( 'illegalfilename',
203 'parseinline', $details['filtered'] ) );
204 break;
205
206 case UploadFromBase::PROTECTED_PAGE:
207 $wgOut->showPermissionsErrorPage( $details['permissionserrors'] );
208 break;
209
210 case UploadFromBase::OVERWRITE_EXISTING_FILE:
211 $this->uploadError( wfMsgExt( $details['overwrite'],
212 'parseinline' ) );
213 break;
214
215 case UploadFromBase::FILETYPE_MISSING:
216 $this->uploadError( wfMsgExt( 'filetype-missing', array ( 'parseinline' ) ) );
217 break;
218
219 case UploadFromBase::FILETYPE_BADTYPE:
220 $finalExt = $details['finalExt'];
221 $this->uploadError(
222 wfMsgExt( 'filetype-banned-type',
223 array( 'parseinline' ),
224 htmlspecialchars( $finalExt ),
225 implode(
226 wfMsgExt( 'comma-separator', array( 'escapenoentities' ) ),
227 $wgFileExtensions
228 ),
229 $wgLang->formatNum( count( $wgFileExtensions ) )
230 )
231 );
232 break;
233
234 case UploadFromBase::VERIFICATION_ERROR:
235 $args = $details['veri'];
236 $code = array_shift( $args );
237 $this->uploadError( wfMsgExt( $code, 'parseinline', $args ) );
238 break;
239
240 case UploadFromBase::UPLOAD_VERIFICATION_ERROR:
241 $error = $details['error'];
242 $this->uploadError( wfMsgExt( $error, 'parseinline' ) );
243 break;
244
245 case UploadFromBase::UPLOAD_WARNING:
246 $warning = $details['warning'];
247 $this->uploadWarning( $warning );
248 break;
249
250 case UploadFromBase::INTERNAL_ERROR:
251 $status = $details['internal'];
252 $this->showError( $wgOut->parse( $status->getWikiText() ) );
253 break;
254
255 default:
256 throw new MWException( __METHOD__ . ": Unknown value `{$value}`" );
257 }
258 }
259
260 /**
261 * Really do the upload
262 * Checks are made in SpecialUpload::execute()
263 *
264 * @param array $resultDetails contains result-specific dict of additional values
265 *
266 * @access private
267 */
268 function internalProcessUpload( &$resultDetails ) {
269 global $wgUser;
270
271 if( !wfRunHooks( 'UploadForm:BeforeProcessing', array( &$this ) ) )
272 {
273 wfDebug( "Hook 'UploadForm:BeforeProcessing' broke processing the file." );
274 return UploadFromBase::BEFORE_PROCESSING;
275 }
276
277 /**
278 * If the image is protected, non-sysop users won't be able
279 * to modify it by uploading a new revision.
280 */
281 $permErrors = $this->mUpload->verifyPermissions( $wgUser );
282 if( $permErrors !== true ) {
283 $resultDetails = array( 'permissionserrors' => $permErrors );
284 return UploadFromBase::PROTECTED_PAGE;
285 }
286
287 // Check whether this is a sane upload
288 $result = $this->mUpload->verifyUpload( $resultDetails );
289 if( $result != UploadFromBase::OK )
290 return $result;
291
292 $this->mLocalFile = $this->mUpload->getLocalFile();
293
294 if( !$this->mIgnoreWarning ) {
295 $warnings = $this->mUpload->checkWarnings();
296
297 if( count( $warnings ) ) {
298 $resultDetails = array( 'warning' => $warnings );
299 return UploadFromBase::UPLOAD_WARNING;
300 }
301 }
302
303
304 /**
305 * Try actually saving the thing...
306 * It will show an error form on failure. No it will not.
307 */
308 $pageText = self::getInitialPageText( $this->mComment, $this->mLicense,
309 $this->mCopyrightStatus, $this->mCopyrightSource );
310
311 $status = $this->mUpload->performUpload( $this->mComment, $pageText, $this->mWatchthis, $wgUser );
312
313 if ( !$status->isGood() ) {
314 $resultDetails = array( 'internal' => $status );
315 return UploadFromBase::INTERNAL_ERROR;
316 } else {
317 // Success, redirect to description page
318 // WTF WTF WTF?
319 $img = null; // @todo: added to avoid passing a ref to null - should this be defined somewhere?
320 wfRunHooks( 'SpecialUploadComplete', array( &$this ) );
321 return UploadFromBase::SUCCESS;
322 }
323 }
324
325 /**
326 * Do existence checks on a file and produce a warning
327 * This check is static and can be done pre-upload via AJAX
328 * Returns an HTML fragment consisting of one or more LI elements if there is a warning
329 * Returns an empty string if there is no warning
330 */
331 static function getExistsWarning( $exists ) {
332 global $wgUser, $wgContLang;
333
334 if( $exists === false )
335 return '';
336
337 $warning = '';
338 $align = $wgContLang->isRtl() ? 'left' : 'right';
339
340 list( $existsType, $file ) = $exists;
341
342 $sk = $wgUser->getSkin();
343
344 if( $existsType == 'exists' ) {
345 // Exact match
346 $dlink = $sk->makeKnownLinkObj( $file->getTitle() );
347 if ( $file->allowInlineDisplay() ) {
348 $dlink2 = $sk->makeImageLinkObj( $file->getTitle(), wfMsgExt( 'fileexists-thumb', 'parseinline' ),
349 $file->getName(), $align, array(), false, true );
350 } elseif ( !$file->allowInlineDisplay() && $file->isSafeFile() ) {
351 $icon = $file->iconThumb();
352 $dlink2 = '<div style="float:' . $align . '" id="mw-media-icon">' .
353 $icon->toHtml( array( 'desc-link' => true ) ) . '<br />' . $dlink . '</div>';
354 } else {
355 $dlink2 = '';
356 }
357
358 $warning .= '<li>' . wfMsgExt( 'fileexists', array('parseinline','replaceafter'), $dlink ) . '</li>' . $dlink2;
359
360 } elseif( $existsType == 'page-exists' ) {
361 $lnk = $sk->makeKnownLinkObj( $file->getTitle(), '', 'redirect=no' );
362 $warning .= '<li>' . wfMsgExt( 'filepageexists', array( 'parseinline', 'replaceafter' ), $lnk ) . '</li>';
363 } elseif ( $existsType == 'exists-normalized' ) {
364 # Check if image with lowercase extension exists.
365 # It's not forbidden but in 99% it makes no sense to upload the same filename with uppercase extension
366 $dlink = $sk->makeKnownLinkObj( $file->getTitle() );
367 if ( $file->allowInlineDisplay() ) {
368 $dlink2 = $sk->makeImageLinkObj( $file->getTitle(), wfMsgExt( 'fileexists-thumb', 'parseinline' ),
369 $file->getTitle()->getText(), $align, array(), false, true );
370 } elseif ( !$file->allowInlineDisplay() && $file->isSafeFile() ) {
371 $icon = $file->iconThumb();
372 $dlink2 = '<div style="float:' . $align . '" id="mw-media-icon">' .
373 $icon->toHtml( array( 'desc-link' => true ) ) . '<br />' . $dlink . '</div>';
374 } else {
375 $dlink2 = '';
376 }
377
378 $warning .= '<li>' .
379 wfMsgExt( 'fileexists-extension', 'parsemag',
380 $file->getTitle()->getPrefixedText(), $dlink ) .
381 '</li>' . $dlink2;
382
383 } elseif ( $existsType == 'thumb' ) {
384 # Check if an image without leading '180px-' (or similiar) exists
385 $dlink = $sk->makeKnownLinkObj( $file->getTitle() );
386 if ( $file->allowInlineDisplay() ) {
387 $dlink2 = $sk->makeImageLinkObj( $file->getTitle(),
388 wfMsgExt( 'fileexists-thumb', 'parseinline' ),
389 $file->getTitle()->getText(), $align, array(), false, true );
390 } elseif ( !$file->allowInlineDisplay() && $file->isSafeFile() ) {
391 $icon = $file->iconThumb();
392 $dlink2 = '<div style="float:' . $align . '" id="mw-media-icon">' .
393 $icon->toHtml( array( 'desc-link' => true ) ) . '<br />' .
394 $dlink . '</div>';
395 } else {
396 $dlink2 = '';
397 }
398 $warning .= '<li>' . wfMsgExt( 'fileexists-thumbnail-yes', 'parsemag', $dlink ) .
399 '</li>' . $dlink2;
400 }
401 return $warning;
402 }
403
404 /**
405 * Get a list of warnings
406 *
407 * @param string local filename, e.g. 'file exists', 'non-descriptive filename'
408 * @return array list of warning messages
409 */
410 static function ajaxGetExistsWarning( $filename ) {
411 $file = wfFindFile( $filename );
412 if( !$file ) {
413 // Force local file so we have an object to do further checks against
414 // if there isn't an exact match...
415 $file = wfLocalFile( $filename );
416 }
417 $s = '&nbsp;';
418 if ( $file ) {
419 $exists = UploadFromBase::getExistsWarning( $file );
420 $warning = self::getExistsWarning( $exists );
421 // FIXME: We probably also want the prefix blacklist and the wasdeleted check here
422 if ( $warning !== '' ) {
423 $s = "<ul>$warning</ul>";
424 }
425 }
426 return $s;
427 }
428
429 /**
430 * Render a preview of a given license for the AJAX preview on upload
431 *
432 * @param string $license
433 * @return string
434 */
435 public static function ajaxGetLicensePreview( $license ) {
436 global $wgParser, $wgUser;
437 $text = '{{' . $license . '}}';
438 $title = Title::makeTitle( NS_IMAGE, 'Sample.jpg' );
439 $options = ParserOptions::newFromUser( $wgUser );
440
441 // Expand subst: first, then live templates...
442 $text = $wgParser->preSaveTransform( $text, $title, $wgUser, $options );
443 $output = $wgParser->parse( $text, $title, $options );
444
445 return $output->getText();
446 }
447
448 /**
449 * Check for duplicate files and throw up a warning before the upload
450 * completes.
451 */
452 public static function getDupeWarning( $dupes ) {
453 if( $dupes ) {
454 global $wgOut;
455 $msg = "<gallery>";
456 foreach( $dupes as $file ) {
457 $title = $file->getTitle();
458 $msg .= $title->getPrefixedText() .
459 "|" . $title->getText() . "\n";
460 }
461 $msg .= "</gallery>";
462 return "<li>" .
463 wfMsgExt( "file-exists-duplicate", array( "parse" ), count( $dupes ) ) .
464 $wgOut->parse( $msg ) .
465 "</li>\n";
466 } else {
467 return '';
468 }
469 }
470
471 /**
472 * Remove a temporarily kept file stashed by saveTempUploadedFile().
473 * @access private
474 * @return success
475 */
476 function unsaveUploadedFile() {
477 global $wgOut;
478 $success = $this->mUpload->unsaveUploadedFile();
479 if ( ! $success ) {
480 $wgOut->showFileDeleteError( $this->mUpload->getTempPath() );
481 return false;
482 } else {
483 return true;
484 }
485 }
486
487 /* -------------------------------------------------------------- */
488
489 /**
490 * @param string $error as HTML
491 * @access private
492 */
493 function uploadError( $error ) {
494 global $wgOut;
495 $wgOut->addHTML( '<h2>' . wfMsgHtml( 'uploadwarning' ) . "</h2>\n" );
496 $wgOut->addHTML( '<span class="error">' . $error . '</span>' );
497 }
498
499 /**
500 * There's something wrong with this file, not enough to reject it
501 * totally but we require manual intervention to save it for real.
502 * Stash it away, then present a form asking to confirm or cancel.
503 *
504 * @param string $warning as HTML
505 * @access private
506 */
507 function uploadWarning( $warnings ) {
508 global $wgOut;
509 global $wgUseCopyrightUpload;
510
511 $this->mSessionKey = $this->mUpload->stashSession();
512 if( !$this->mSessionKey ) {
513 # Couldn't save file; an error has been displayed so let's go.
514 return;
515 }
516
517 $wgOut->addHTML( '<h2>' . wfMsgHtml( 'uploadwarning' ) . "</h2>\n" );
518 $wgOut->addHTML( '<ul class="warning">' );
519 foreach( $warnings as $warning => $args ) {
520 $msg = null;
521 if( $warning == 'exists' ) {
522 if ( !$this->mDestWarningAck )
523 $msg = self::getExistsWarning( $args );
524 } elseif( $warning == 'duplicate' ) {
525 $msg = $this->getDupeWarning( $args );
526 } elseif( $warning == 'filewasdeleted' ) {
527 $ltitle = SpecialPage::getTitleFor( 'Log' );
528 $llink = $sk->makeKnownLinkObj( $ltitle, wfMsgHtml( 'deletionlog' ),
529 'type=delete&page=' . $file->getTitle()->getPrefixedUrl() );
530 $msg = "\t<li>" . wfMsgWikiHtml( 'filewasdeleted', $llink ) . "</li>\n";
531 } else {
532 if( is_bool( $args ) )
533 $args = array();
534 elseif( !is_array( $args ) )
535 $args = array( $args );
536 $msg = "\t<li>" . wfMsgExt( $warning, 'parseinline', $args ) . "</li>\n";
537 }
538 if( $msg )
539 $wgOut->addHTML( $msg );
540 }
541
542 $titleObj = SpecialPage::getTitleFor( 'Upload' );
543
544 if ( $wgUseCopyrightUpload ) {
545 $copyright = Xml::hidden( 'wpUploadCopyStatus', $this->mCopyrightStatus ) . "\n" .
546 Xml::hidden( 'wpUploadSource', $this->mCopyrightSource ) . "\n";
547 } else {
548 $copyright = '';
549 }
550
551 $wgOut->addHTML(
552 Xml::openElement( 'form', array( 'method' => 'post', 'action' => $titleObj->getLocalURL( 'action=submit' ),
553 'enctype' => 'multipart/form-data', 'id' => 'uploadwarning' ) ) . "\n" .
554 Xml::hidden( 'wpIgnoreWarning', '1' ) . "\n" .
555 Xml::hidden( 'wpSessionKey', $this->mSessionKey ) . "\n" .
556 Xml::hidden( 'wpUploadDescription', $this->mComment ) . "\n" .
557 Xml::hidden( 'wpLicense', $this->mLicense ) . "\n" .
558 Xml::hidden( 'wpDestFile', $this->mDesiredDestName ) . "\n" .
559 Xml::hidden( 'wpWatchthis', $this->mWatchthis ) . "\n" .
560 "{$copyright}<br />" .
561 Xml::submitButton( wfMsg( 'ignorewarning' ), array ( 'name' => 'wpUpload', 'id' => 'wpUpload', 'checked' => 'checked' ) ) . ' ' .
562 Xml::submitButton( wfMsg( 'reuploaddesc' ), array ( 'name' => 'wpReUpload', 'id' => 'wpReUpload' ) ) .
563 Xml::closeElement( 'form' ) . "\n"
564 );
565 }
566
567 /**
568 * Displays the main upload form, optionally with a highlighted
569 * error message up at the top.
570 *
571 * @param string $msg as HTML
572 * @access private
573 */
574 function mainUploadForm( $msg='' ) {
575 global $wgOut, $wgUser, $wgLang, $wgMaxUploadSize;
576 global $wgUseCopyrightUpload, $wgUseAjax, $wgAjaxUploadDestCheck, $wgAjaxLicensePreview;
577 global $wgRequest;
578 global $wgStylePath, $wgStyleVersion;
579
580 $useAjaxDestCheck = $wgUseAjax && $wgAjaxUploadDestCheck;
581 $useAjaxLicensePreview = $wgUseAjax && $wgAjaxLicensePreview;
582
583 $adc = wfBoolToStr( $useAjaxDestCheck );
584 $alp = wfBoolToStr( $useAjaxLicensePreview );
585 $autofill = wfBoolToStr( $this->mDesiredDestName == '' );
586
587 $wgOut->addScript( "<script type=\"text/javascript\">
588 wgAjaxUploadDestCheck = {$adc};
589 wgAjaxLicensePreview = {$alp};
590 wgUploadAutoFill = {$autofill};
591 </script>" );
592 $wgOut->addScriptFile( 'upload.js' );
593 $wgOut->addScriptFile( 'edit.js' ); // For <charinsert> support
594
595 if( !wfRunHooks( 'UploadForm:initial', array( &$this ) ) )
596 {
597 wfDebug( "Hook 'UploadForm:initial' broke output of the upload form" );
598 return false;
599 }
600
601 if( $this->mDesiredDestName ) {
602 $title = Title::makeTitleSafe( NS_IMAGE, $this->mDesiredDestName );
603 // Show a subtitle link to deleted revisions (to sysops et al only)
604 if( $title instanceof Title && ( $count = $title->isDeleted() ) > 0 && $wgUser->isAllowed( 'deletedhistory' ) ) {
605 $link = wfMsgExt(
606 $wgUser->isAllowed( 'delete' ) ? 'thisisdeleted' : 'viewdeleted',
607 array( 'parse', 'replaceafter' ),
608 $wgUser->getSkin()->makeKnownLinkObj(
609 SpecialPage::getTitleFor( 'Undelete', $title->getPrefixedText() ),
610 wfMsgExt( 'restorelink', array( 'parsemag', 'escape' ), $count )
611 )
612 );
613 $wgOut->addHtml( "<div id=\"contentSub2\">{$link}</div>" );
614 }
615
616 // Show the relevant lines from deletion log (for still deleted files only)
617 if( $title instanceof Title && $title->isDeleted() > 0 && !$title->exists() ) {
618 $this->showDeletionLog( $wgOut, $title->getPrefixedText() );
619 }
620 }
621
622 $cols = intval($wgUser->getOption( 'cols' ));
623
624 if( $wgUser->getOption( 'editwidth' ) ) {
625 $width = " style=\"width:100%\"";
626 } else {
627 $width = '';
628 }
629
630 if ( '' != $msg ) {
631 $sub = wfMsgHtml( 'uploaderror' );
632 $wgOut->addHTML( "<h2>{$sub}</h2>\n" .
633 "<span class='error'>{$msg}</span>\n" );
634 }
635 $wgOut->addHTML( '<div id="uploadtext">' );
636 $wgOut->addWikiMsg( 'uploadtext', $this->mDesiredDestName );
637 $wgOut->addHTML( "</div>\n" );
638
639 # Print a list of allowed file extensions, if so configured. We ignore
640 # MIME type here, it's incomprehensible to most people and too long.
641 global $wgCheckFileExtensions, $wgStrictFileExtensions,
642 $wgFileExtensions, $wgFileBlacklist;
643
644 $allowedExtensions = '';
645 if( $wgCheckFileExtensions ) {
646 $delim = wfMsgExt( 'comma-separator', array( 'escapenoentities' ) );
647 if( $wgStrictFileExtensions ) {
648 # Everything not permitted is banned
649 $extensionsList =
650 '<div id="mw-upload-permitted">' .
651 wfMsgWikiHtml( 'upload-permitted', implode( $wgFileExtensions, $delim ) ) .
652 "</div>\n";
653 } else {
654 # We have to list both preferred and prohibited
655 $extensionsList =
656 '<div id="mw-upload-preferred">' .
657 wfMsgWikiHtml( 'upload-preferred', implode( $wgFileExtensions, $delim ) ) .
658 "</div>\n" .
659 '<div id="mw-upload-prohibited">' .
660 wfMsgWikiHtml( 'upload-prohibited', implode( $wgFileBlacklist, $delim ) ) .
661 "</div>\n";
662 }
663 } else {
664 # Everything is permitted.
665 $extensionsList = '';
666 }
667
668 # Get the maximum file size from php.ini as $wgMaxUploadSize works for uploads from URL via CURL only
669 # See http://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize for possible values of upload_max_filesize
670 $val = trim( ini_get( 'upload_max_filesize' ) );
671 $last = strtoupper( ( substr( $val, -1 ) ) );
672 switch( $last ) {
673 case 'G':
674 $val2 = substr( $val, 0, -1 ) * 1024 * 1024 * 1024;
675 break;
676 case 'M':
677 $val2 = substr( $val, 0, -1 ) * 1024 * 1024;
678 break;
679 case 'K':
680 $val2 = substr( $val, 0, -1 ) * 1024;
681 break;
682 default:
683 $val2 = $val;
684 }
685 $val2 = UploadFromUrl::isEnabled() ? min( $wgMaxUploadSize, $val2 ) : $val2;
686 $maxUploadSize = '<div id="mw-upload-maxfilesize">' .
687 wfMsgExt( 'upload-maxfilesize', array( 'parseinline', 'escapenoentities' ),
688 $wgLang->formatSize( $val2 ) ) .
689 "</div>\n";
690
691 $sourcefilename = wfMsgExt( 'sourcefilename', array( 'parseinline', 'escapenoentities' ) );
692 $destfilename = wfMsgExt( 'destfilename', array( 'parseinline', 'escapenoentities' ) );
693
694 $summary = wfMsgExt( 'fileuploadsummary', 'parseinline' );
695
696 $licenses = new Licenses();
697 $license = wfMsgExt( 'license', array( 'parseinline' ) );
698 $nolicense = wfMsgHtml( 'nolicense' );
699 $licenseshtml = $licenses->getHtml();
700
701 $ulb = wfMsgHtml( 'uploadbtn' );
702
703
704 $titleObj = SpecialPage::getTitleFor( 'Upload' );
705
706 $encDestName = htmlspecialchars( $this->mDesiredDestName );
707
708 $watchChecked = $this->watchCheck()
709 ? 'checked="checked"'
710 : '';
711 $warningChecked = $this->mIgnoreWarning ? 'checked' : '';
712
713 // Prepare form for upload or upload/copy
714 if( UploadFromUrl::isEnabled() && $wgUser->isAllowed( 'upload_by_url' ) ) {
715 $filename_form =
716 "<input type='radio' id='wpSourceTypeFile' name='wpSourceType' value='file' " .
717 "onchange='toggle_element_activation(\"wpUploadFileURL\",\"wpUploadFile\")' checked='checked' />" .
718 "<input tabindex='1' type='file' name='wpUploadFile' id='wpUploadFile' " .
719 "onfocus='" .
720 "toggle_element_activation(\"wpUploadFileURL\",\"wpUploadFile\");" .
721 "toggle_element_check(\"wpSourceTypeFile\",\"wpSourceTypeURL\")' " .
722 "onchange='fillDestFilename(\"wpUploadFile\")' size='60' />" .
723 wfMsgHTML( 'upload_source_file' ) . "<br/>" .
724 "<input type='radio' id='wpSourceTypeURL' name='wpSourceType' value='web' " .
725 "onchange='toggle_element_activation(\"wpUploadFile\",\"wpUploadFileURL\")' />" .
726 "<input tabindex='1' type='text' name='wpUploadFileURL' id='wpUploadFileURL' " .
727 "onfocus='" .
728 "toggle_element_activation(\"wpUploadFile\",\"wpUploadFileURL\");" .
729 "toggle_element_check(\"wpSourceTypeURL\",\"wpSourceTypeFile\")' " .
730 "onchange='fillDestFilename(\"wpUploadFileURL\")' size='60' disabled='disabled' />" .
731 wfMsgHtml( 'upload_source_url' ) ;
732 } else {
733 $filename_form =
734 "<input tabindex='1' type='file' name='wpUploadFile' id='wpUploadFile' " .
735 ($this->mDesiredDestName?"":"onchange='fillDestFilename(\"wpUploadFile\")' ") .
736 "size='60' />" .
737 "<input type='hidden' name='wpSourceType' value='file' />" ;
738 }
739 if ( $useAjaxDestCheck ) {
740 $warningRow = "<tr><td colspan='2' id='wpDestFile-warning'>&nbsp;</td></tr>";
741 $destOnkeyup = 'onkeyup="wgUploadWarningObj.keypress();"';
742 } else {
743 $warningRow = '';
744 $destOnkeyup = '';
745 }
746
747 $encComment = htmlspecialchars( $this->mComment );
748
749 $wgOut->addHTML(
750 Xml::openElement( 'form', array( 'method' => 'post', 'action' => $titleObj->getLocalURL(),
751 'enctype' => 'multipart/form-data', 'id' => 'mw-upload-form' ) ) .
752 Xml::openElement( 'fieldset' ) .
753 Xml::element( 'legend', null, wfMsg( 'upload' ) ) .
754 Xml::openElement( 'table', array( 'border' => '0', 'id' => 'mw-upload-table' ) ) .
755 "<tr>
756 {$this->uploadFormTextTop}
757 <td class='mw-label'>
758 <label for='wpUploadFile'>{$sourcefilename}</label>
759 </td>
760 <td class='mw-input'>
761 {$filename_form}
762 </td>
763 </tr>
764 <tr>
765 <td></td>
766 <td>
767 {$maxUploadSize}
768 {$extensionsList}
769 </td>
770 </tr>
771 <tr>
772 <td class='mw-label'>
773 <label for='wpDestFile'>{$destfilename}</label>
774 </td>
775 <td class='mw-input'>
776 <input tabindex='2' type='text' name='wpDestFile' id='wpDestFile' size='60'
777 value=\"{$encDestName}\" onchange='toggleFilenameFiller()' $destOnkeyup />
778 </td>
779 </tr>
780 <tr>
781 <td class='mw-label'>
782 <label for='wpUploadDescription'>{$summary}</label>
783 </td>
784 <td class='mw-input'>
785 <textarea tabindex='3' name='wpUploadDescription' id='wpUploadDescription' rows='6'
786 cols='{$cols}'{$width}>$encComment</textarea>
787 {$this->uploadFormTextAfterSummary}
788 </td>
789 </tr>
790 <tr>"
791 );
792
793 if ( $licenseshtml != '' ) {
794 global $wgStylePath;
795 $wgOut->addHTML( "
796 <td class='mw-label'>
797 <label for='wpLicense'>$license</label>
798 </td>
799 <td class='mw-input'>
800 <select name='wpLicense' id='wpLicense' tabindex='4'
801 onchange='licenseSelectorCheck()'>
802 <option value=''>$nolicense</option>
803 $licenseshtml
804 </select>
805 </td>
806 </tr>
807 <tr>"
808 );
809 if( $useAjaxLicensePreview ) {
810 $wgOut->addHtml( "
811 <td></td>
812 <td id=\"mw-license-preview\"></td>
813 </tr>
814 <tr>"
815 );
816 }
817 }
818
819 if ( $wgUseCopyrightUpload ) {
820 $filestatus = wfMsgExt( 'filestatus', 'escapenoentities' );
821 $copystatus = htmlspecialchars( $this->mCopyrightStatus );
822 $filesource = wfMsgExt( 'filesource', 'escapenoentities' );
823 $uploadsource = htmlspecialchars( $this->mCopyrightSource );
824
825 $wgOut->addHTML( "
826 <td class='mw-label' style='white-space: nowrap;'>
827 <label for='wpUploadCopyStatus'>$filestatus</label></td>
828 <td class='mw-input'>
829 <input tabindex='5' type='text' name='wpUploadCopyStatus' id='wpUploadCopyStatus'
830 value=\"$copystatus\" size='60' />
831 </td>
832 </tr>
833 <tr>
834 <td class='mw-label'>
835 <label for='wpUploadCopyStatus'>$filesource</label>
836 </td>
837 <td class='mw-input'>
838 <input tabindex='6' type='text' name='wpUploadSource' id='wpUploadCopyStatus'
839 value=\"$uploadsource\" size='60' />
840 </td>
841 </tr>
842 <tr>"
843 );
844 }
845
846 $wgOut->addHtml( "
847 <td></td>
848 <td>
849 <input tabindex='7' type='checkbox' name='wpWatchthis' id='wpWatchthis' $watchChecked value='true' />
850 <label for='wpWatchthis'>" . wfMsgHtml( 'watchthisupload' ) . "</label>
851 <input tabindex='8' type='checkbox' name='wpIgnoreWarning' id='wpIgnoreWarning' value='true' $warningChecked/>
852 <label for='wpIgnoreWarning'>" . wfMsgHtml( 'ignorewarnings' ) . "</label>
853 </td>
854 </tr>
855 $warningRow
856 <tr>
857 <td></td>
858 <td class='mw-input'>
859 <input tabindex='9' type='submit' name='wpUpload' value=\"{$ulb}\"" . $wgUser->getSkin()->tooltipAndAccesskey( 'upload' ) . " />
860 </td>
861 </tr>
862 <tr>
863 <td></td>
864 <td class='mw-input'>"
865 );
866 $wgOut->addWikiText( wfMsgForContent( 'edittools' ) );
867 $wgOut->addHTML( "
868 </td>
869 </tr>" .
870 Xml::closeElement( 'table' ) .
871 Xml::hidden( 'wpDestFileWarningAck', '', array( 'id' => 'wpDestFileWarningAck' ) ) .
872 Xml::closeElement( 'fieldset' ) .
873 Xml::closeElement( 'form' )
874 );
875 $uploadfooter = wfMsgNoTrans( 'uploadfooter' );
876 if( $uploadfooter != '-' && !wfEmptyMsg( 'uploadfooter', $uploadfooter ) ){
877 $wgOut->addWikiText( '<div id="mw-upload-footer-message">' . $uploadfooter . '</div>' );
878 }
879 }
880
881 /* -------------------------------------------------------------- */
882
883 /**
884 * See if we should check the 'watch this page' checkbox on the form
885 * based on the user's preferences and whether we're being asked
886 * to create a new file or update an existing one.
887 *
888 * In the case where 'watch edits' is off but 'watch creations' is on,
889 * we'll leave the box unchecked.
890 *
891 * Note that the page target can be changed *on the form*, so our check
892 * state can get out of sync.
893 */
894 function watchCheck() {
895 global $wgUser;
896 if( $wgUser->getOption( 'watchdefault' ) ) {
897 // Watch all edits!
898 return true;
899 }
900
901 $local = wfLocalFile( $this->mDesiredDestName );
902 if( $local && $local->exists() ) {
903 // We're uploading a new version of an existing file.
904 // No creation, so don't watch it if we're not already.
905 return $local->getTitle()->userIsWatching();
906 } else {
907 // New page should get watched if that's our option.
908 return $wgUser->getOption( 'watchcreations' );
909 }
910 }
911
912 /**
913 * Check if a user is the last uploader
914 *
915 * @param User $user
916 * @param string $img, image name
917 * @return bool
918 * @deprecated Use UploadFromBase::userCanReUpload
919 */
920 public static function userCanReUpload( User $user, $img ) {
921 wfDeprecated( __METHOD__ );
922
923 if( $user->isAllowed( 'reupload' ) )
924 return true; // non-conditional
925 if( !$user->isAllowed( 'reupload-own' ) )
926 return false;
927
928 $dbr = wfGetDB( DB_SLAVE );
929 $row = $dbr->selectRow('image',
930 /* SELECT */ 'img_user',
931 /* WHERE */ array( 'img_name' => $img )
932 );
933 if ( !$row )
934 return false;
935
936 return $user->getId() == $row->img_user;
937 }
938
939 /**
940 * Display an error with a wikitext description
941 */
942 function showError( $description ) {
943 global $wgOut;
944 $wgOut->setPageTitle( wfMsg( "internalerror" ) );
945 $wgOut->setRobotPolicy( "noindex,nofollow" );
946 $wgOut->setArticleRelated( false );
947 $wgOut->enableClientCache( false );
948 $wgOut->addWikiText( $description );
949 }
950
951 /**
952 * Get the initial image page text based on a comment and optional file status information
953 */
954 static function getInitialPageText( $comment, $license, $copyStatus, $source ) {
955 global $wgUseCopyrightUpload;
956 if ( $wgUseCopyrightUpload ) {
957 if ( $license != '' ) {
958 $licensetxt = '== ' . wfMsgForContent( 'license' ) . " ==\n" . '{{' . $license . '}}' . "\n";
959 }
960 $pageText = '== ' . wfMsg ( 'filedesc' ) . " ==\n" . $comment . "\n" .
961 '== ' . wfMsgForContent ( 'filestatus' ) . " ==\n" . $copyStatus . "\n" .
962 "$licensetxt" .
963 '== ' . wfMsgForContent ( 'filesource' ) . " ==\n" . $source ;
964 } else {
965 if ( $license != '' ) {
966 $filedesc = $comment == '' ? '' : '== ' . wfMsg ( 'filedesc' ) . " ==\n" . $comment . "\n";
967 $pageText = $filedesc .
968 '== ' . wfMsgForContent ( 'license' ) . " ==\n" . '{{' . $license . '}}' . "\n";
969 } else {
970 $pageText = $comment;
971 }
972 }
973 return $pageText;
974 }
975
976 /**
977 * If there are rows in the deletion log for this file, show them,
978 * along with a nice little note for the user
979 *
980 * @param OutputPage $out
981 * @param string filename
982 */
983 private function showDeletionLog( $out, $filename ) {
984 global $wgUser;
985 $loglist = new LogEventsList( $wgUser->getSkin(), $out );
986 $pager = new LogPager( $loglist, 'delete', false, $filename );
987 if( $pager->getNumRows() > 0 ) {
988 $out->addHtml( '<div id="mw-upload-deleted-warn">' );
989 $out->addWikiMsg( 'upload-wasdeleted' );
990 $out->addHTML(
991 $loglist->beginLogEventsList() .
992 $pager->getBody() .
993 $loglist->endLogEventsList()
994 );
995 $out->addHtml( '</div>' );
996 }
997 }
998 }
Wiklou, le Wiki du Wiklou