function wfSpecialUpload()
{
global $wgUser, $wgOut, $wpUpload, $wpReUpload, $action;
-
+ global $wgDisableUploads;
+
$fields = array( "wpUploadFile", "wpUploadDescription" );
wfCleanFormFields( $fields );
+ if ( $wgDisableUploads ) {
+ $wgOut->addWikiText( wfMsg( "uploaddisabled" ) );
+ return;
+ }
if ( ( 0 == $wgUser->getID() )
or $wgUser->isBlocked() ) {
$wgOut->errorpage( "uploadnologin", "uploadnologintext" );
global $HTTP_POST_FILES, $wgUploadDirectory;
global $wpUploadSaveName, $wpUploadTempName, $wpUploadSize;
global $wgSavedFile, $wgUploadOldVersion, $wpUploadOldVersion;
+ global $wgUseCopyrightUpload , $wpUploadCopyStatus , $wpUploadSource ;
+ global $wgCheckFileExtensions, $wgStrictFileExtensions;
+ global $wgFileExtensions, $wgFileBlacklist;
+
+ if ( $wgUseCopyrightUpload ) {
+ $wpUploadAffirm = 1;
+ if ( trim ( $wpUploadCopyStatus ) == "" || trim ( $wpUploadSource ) == "" ) {
+ $wpUploadAffirm = 0;
+ }
+ }
if ( 1 != $wpUploadAffirm ) {
mainUploadForm( WfMsg( "noaffirmation" ) );
$nt = Title::newFromText( $basename );
$wpUploadSaveName = $nt->getDBkey();
+ /* Don't allow users to override the blacklist */
+ if( checkFileExtension( $ext, $wgFileBlacklist ) ||
+ ($wgStrictFileExtensions && !checkFileExtension( $ext, $wgFileExtensions ) ) ) {
+ return uploadError( wfMsg( "badfiletype", $ext ) );
+ }
+
saveUploadedFile();
if ( ( ! $wpIgnoreWarning ) &&
( 0 != strcmp( ucfirst( $basename ), $wpUploadSaveName ) ) ) {
- $warn = str_replace( "$1", $wpUploadSaveName,
- wfMsg( "badfilename" ) );
- return uploadWarning( $warn );
+ return uploadWarning( wfMsg( "badfilename", $wpUploadSaveName ) );
}
- $extensions = array( "png", "jpg", "jpeg", "ogg" );
- if ( ( ! $wpIgnoreWarning ) &&
- ( ! in_array( strtolower( $ext ), $extensions ) ) ) {
- $warn = str_replace( "$1", $ext, wfMsg( "badfiletype" ) );
- return uploadWarning( $warn );
+
+ if ( $wgCheckFileExtensions ) {
+ if ( ( ! $wpIgnoreWarning ) &&
+ ( ! checkFileExtension( $ext, $wgFileExtensions ) ) ) {
+ return uploadWarning( wfMsg( "badfiletype", $ext ) );
+ }
}
if ( ( ! $wpIgnoreWarning ) && ( $wpUploadSize > 150000 ) ) {
return uploadWarning( WfMsg( "largefile" ) );
$dlink = $sk->makeKnownLink( $dname, $dname );
$wgOut->addHTML( "<h2>" . wfMsg( "successfulupload" ) . "</h2>\n" );
- $text = str_replace( "$1", $ilink, wfMsg( "fileuploaded" ) );
- $text = str_replace( "$2", $dlink, $text );
+ $text = wfMsg( "fileuploaded", $ilink, $dlink );
$wgOut->addHTML( "<p>{$text}\n" );
$wgOut->returnToMain( false );
}
+function checkFileExtension( $ext, $list ) {
+ return in_array( strtolower( $ext ), $list );
+}
+
function saveUploadedFile()
{
global $wpUploadSaveName, $wpUploadTempName;
$wgSavedFile = "{$dest}/{$wpUploadSaveName}";
if ( is_file( $wgSavedFile ) ) {
- $wgUploadOldVersion = date( "YmdHis" ) . "!{$wpUploadSaveName}";
+ $wgUploadOldVersion = gmdate( "YmdHis" ) . "!{$wpUploadSaveName}";
if ( ! rename( $wgSavedFile, "${archive}/{$wgUploadOldVersion}" ) ) {
$wgOut->fileRenameError( $wgSavedFile,
function unsaveUploadedFile()
{
- global $wgSavedFile, $wgUploadOldVersion;
- global $wpSavedFile, $wpUploadOldVersion;
- global $wgUploadDirectory, $wgOut;
-
- $wgSavedFile = $wpSavedFile;
+ global $wpSessionKey, $wpUploadOldVersion;
+ global $wgUploadDirectory, $wgOut, $wsUploadFiles;
+
+ $wgSavedFile = $wsUploadFiles[$wpSessionKey];
$wgUploadOldVersion = $wpUploadOldVersion;
- if ( ! unlink( $wgSavedFile ) ) {
+ if ( ! @unlink( $wgSavedFile ) ) {
$wgOut->fileDeleteError( $wgSavedFile );
return;
}
}
}
+function uploadError( $error )
+{
+ global $wgOut;
+ $sub = wfMsg( "uploadwarning" );
+ $wgOut->addHTML( "<h2>{$sub}</h2>\n" );
+ $wgOut->addHTML( "<h4><font color=red>{$error}</font></h4>\n" );
+}
+
function uploadWarning( $warning )
{
global $wgOut, $wgUser, $wgLang, $wgUploadDirectory;
global $wpUploadDescription, $wpIgnoreWarning;
global $wpUploadSaveName, $wpUploadTempName, $wpUploadSize;
global $wgSavedFile, $wgUploadOldVersion;
- global $wpSavedFile, $wpUploadOldVersion;
+ global $wpSessionKey, $wpUploadOldVersion, $wsUploadFiles;
+ global $wgUseCopyrightUpload , $wpUploadCopyStatus , $wpUploadSource ;
+
+ # wgSavedFile is stored in the session not the form, for security
+ $wpSessionKey = mt_rand( 0, 0x7fffffff );
+ $wsUploadFiles[$wpSessionKey] = $wgSavedFile;
$sub = wfMsg( "uploadwarning" );
$wgOut->addHTML( "<h2>{$sub}</h2>\n" );
$action = wfLocalUrlE( $wgLang->specialPage( "Upload" ),
"action=submit" );
+ if ( $wgUseCopyrightUpload )
+ {
+ $copyright = "
+<input type=hidden name=\"wpUploadCopyStatus\" value=\"" . htmlspecialchars( $wpUploadCopyStatus ) . "\">
+<input type=hidden name=\"wpUploadSource\" value=\"" . htmlspecialchars( $wpUploadSource ) . "\">
+";
+ }
+
$wgOut->addHTML( "
<form id=\"uploadwarning\" method=\"post\" enctype=\"multipart/form-data\"
action=\"{$action}\">
<input type=hidden name=\"wpUploadAffirm\" value=\"1\">
<input type=hidden name=\"wpIgnoreWarning\" value=\"1\">
<input type=hidden name=\"wpUploadDescription\" value=\"" . htmlspecialchars( $wpUploadDescription ) . "\">
+{$copyright}
<input type=hidden name=\"wpUploadSaveName\" value=\"" . htmlspecialchars( $wpUploadSaveName ) . "\">
<input type=hidden name=\"wpUploadTempName\" value=\"" . htmlspecialchars( $wpUploadTempName ) . "\">
<input type=hidden name=\"wpUploadSize\" value=\"" . htmlspecialchars( $wpUploadSize ) . "\">
-<input type=hidden name=\"wpSavedFile\" value=\"" . htmlspecialchars( $wgSavedFile ) . "\">
+<input type=hidden name=\"wpSessionKey\" value=\"" . htmlspecialchars( $wpSessionKey ) . "\">
<input type=hidden name=\"wpUploadOldVersion\" value=\"" . htmlspecialchars( $wgUploadOldVersion) . "\">
<table border=0><tr>
<tr><td align=right>
global $wgOut, $wgUser, $wgLang, $wgUploadDirectory;
global $wpUpload, $wpUploadAffirm, $wpUploadFile;
global $wpUploadDescription, $wpIgnoreWarning;
+ global $wgUseCopyrightUpload , $wpUploadSource , $wpUploadCopyStatus ;
if ( "" != $msg ) {
$sub = wfMsg( "uploaderror" );
$clink = $sk->makeKnownLink( wfMsg( "copyrightpage" ),
wfMsg( "copyrightpagename" ) );
- $ca = str_replace( "$1", $clink, wfMsg( "affirmation" ) );
+ $ca = wfMsg( "affirmation", $clink );
$iw = wfMsg( "ignorewarning" );
$action = wfLocalUrl( $wgLang->specialPage( "Upload" ) );
+
+ $source = "
+<td align=right>
+<input tabindex=3 type=checkbox name=\"wpUploadAffirm\" value=\"1\" id=\"wpUploadAffirm\">
+</td><td align=left><label for=\"wpUploadAffirm\">{$ca}</label></td>
+" ;
+ if ( $wgUseCopyrightUpload )
+ {
+ $source = "
+<td align=right nowrap>" . wfMsg ( "filestatus" ) . ":</td>
+<td><input tabindex=3 type=text name=\"wpUploadCopyStatus\" value=\"" .
+htmlspecialchars($wpUploadCopyStatus). "\" size=40></td>
+</tr><tr>
+<td align=right>". wfMsg ( "filesource" ) . ":</td>
+<td><input tabindex=4 type=text name=\"wpUploadSource\" value=\"" .
+htmlspecialchars($wpUploadSource). "\" size=40></td>
+" ;
+ }
+
$wgOut->addHTML( "
<form id=\"upload\" method=\"post\" enctype=\"multipart/form-data\"
action=\"{$action}\">
<input tabindex=2 type=text name=\"wpUploadDescription\" value=\""
. htmlspecialchars( $wpUploadDescription ) . "\" size=40>
</td></tr><tr>
-<td align=right>
-<input tabindex=3 type=checkbox name=\"wpUploadAffirm\" value=\"1\">
-</td><td align=left>{$ca}</td></tr>
+{$source}
+</tr>
<tr><td> </td><td align=left>
<input tabindex=5 type=submit name=\"wpUpload\" value=\"{$ulb}\">
</td></tr></table></form>\n" );