X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=includes%2FSpecialUpload.php;h=ff3256471b73c0f5029178d2123243d3e266e605;hb=755bdff378fcd40f416a6c5b90a79b07bb2a2c9b;hp=c17fea2aede4b70c771cdea18975774e9b71c62b;hpb=5facdf5fa0d333b3be4f1d4ecfc6eaf8acd42162;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php index c17fea2aed..ff3256471b 100644 --- a/includes/SpecialUpload.php +++ b/includes/SpecialUpload.php @@ -8,9 +8,9 @@ /** * */ -require_once( 'Image.php' ); -require_once( 'MacBinary.php' ); - +require_once 'Image.php'; +require_once 'MacBinary.php'; +require_once 'Licenses.php'; /** * Entry point */ @@ -29,7 +29,7 @@ class UploadForm { /**#@+ * @access private */ - var $mUploadFile, $mUploadDescription, $mIgnoreWarning, $mUploadError; + var $mUploadFile, $mUploadDescription, $mLicense ,$mIgnoreWarning, $mUploadError; var $mUploadSaveName, $mUploadTempName, $mUploadSize, $mUploadOldVersion; var $mUploadCopyStatus, $mUploadSource, $mReUpload, $mAction, $mUpload; var $mOname, $mSessionKey, $mStashed, $mDestFile, $mRemoveTempFile; @@ -53,8 +53,11 @@ class UploadForm { $this->mUpload = $request->getCheck( 'wpUpload' ); $this->mUploadDescription = $request->getText( 'wpUploadDescription' ); + $this->mLicense = $request->getText( 'wpLicense' ); $this->mUploadCopyStatus = $request->getText( 'wpUploadCopyStatus' ); - $this->mUploadSource = $request->getText( 'wpUploadSource'); + $this->mUploadSource = $request->getText( 'wpUploadSource' ); + $this->mWatchthis = $request->getBool( 'wpWatchthis' ); + wfDebug( "UploadForm: watchthis is: '$this->mWatchthis'\n" ); $this->mAction = $request->getVal( 'action' ); @@ -96,17 +99,29 @@ class UploadForm { global $wgUser, $wgOut; global $wgEnableUploads, $wgUploadDirectory; - /** Show an error message if file upload is disabled */ - if( ! $wgEnableUploads ) { - $wgOut->addWikiText( wfMsg( 'uploaddisabled' ) ); + # Check uploading enabled + if( !$wgEnableUploads ) { + $wgOut->errorPage( 'uploaddisabled', 'uploaddisabledtext' ); return; } - /** Various rights checks */ - if( !$wgUser->isAllowed( 'upload' ) || $wgUser->isBlocked() ) { - $wgOut->errorpage( 'uploadnologin', 'uploadnologintext' ); + # Check permissions + if( $wgUser->isLoggedIn() ) { + if( !$wgUser->isAllowed( 'upload' ) ) { + $wgOut->permissionRequired( 'upload' ); + return; + } + } else { + $wgOut->errorPage( 'uploadnologin', 'uploadnologintext' ); + return; + } + + # Check blocks + if( $wgUser->isBlocked() ) { + $wgOut->blockedPage(); return; } + if( wfReadOnly() ) { $wgOut->readOnlyPage(); return; @@ -138,9 +153,7 @@ class UploadForm { * @access private */ function processUpload() { - global $wgUser, $wgOut, $wgLang, $wgContLang; - global $wgUploadDirectory; - global $wgUseCopyrightUpload, $wgCheckCopyrightUpload; + global $wgUser, $wgOut, $wgUploadDirectory; /* Check for PHP error if any, requires php 4.2 or newer */ if ( $this->mUploadError == 1/*UPLOAD_ERR_INI_SIZE*/ ) { @@ -201,6 +214,14 @@ class UploadForm { return $this->uploadError( wfMsgWikiHtml( 'protectedpage' ) ); } + /** + * In some cases we may forbid overwriting of existing files. + */ + $overwrite = $this->checkOverwrite( $this->mUploadSaveName ); + if( WikiError::isError( $overwrite ) ) { + return $this->uploadError( $overwrite->toString() ); + } + /* Don't allow users to override the blacklist (check file extension) */ global $wgStrictFileExtensions; global $wgFileExtensions, $wgFileBlacklist; @@ -224,12 +245,26 @@ class UploadForm { } } + /** + * Provide an opportunity for extensions to add futher checks + */ + $error = ''; + if( !wfRunHooks( 'UploadVerification', + array( $this->mUploadSaveName, $this->mUploadTempName, &$error ) ) ) { + return $this->uploadError( $error ); + } + /** * Check for non-fatal conditions */ if ( ! $this->mIgnoreWarning ) { $warning = ''; - if( $this->mUploadSaveName != ucfirst( $filtered ) ) { + + global $wgCapitalLinks; + if( $wgCapitalLinks ) { + $filtered = ucfirst( $filtered ); + } + if( $this->mUploadSaveName != $filtered ) { $warning .= '
" . wfMsg ( 'filestatus' ) . ": | -mUploadCopyStatus). "\" size='40' /> | -
". wfMsg ( 'filesource' ) . ": | -mUploadSource). "\" size='40' /> | - " ; - } + $watchChecked = $wgUser->getOption( 'watchdefault' ) + ? 'checked="checked"' + : ''; $wgOut->addHTML( " " ); } /* -------------------------------------------------------------- */ @@ -687,12 +789,16 @@ class UploadForm { function verifyExtension( $mime, $extension ) { $fname = 'SpecialUpload::verifyExtension'; - if (!$mime || $mime=="unknown" || $mime=="unknown/unknown") { - wfDebug( "$fname: passing file with unknown mime type\n" ); - return true; - } + $magic =& wfGetMimeMagic(); - $magic=& wfGetMimeMagic(); + if ( ! $mime || $mime == 'unknown' || $mime == 'unknown/unknown' ) + if ( ! $magic->isRecognizableExtension( $extension ) ) { + wfDebug( "$fname: passing file with unknown detected mime type; unrecognized extension '$extension', can't verify\n" ); + return true; + } else { + wfDebug( "$fname: rejecting file with unknown detected mime type; recognized extension '$extension', so probably invalid file\n" ); + return false; + } $match= $magic->isMatchingExtension($extension,$mime); @@ -929,5 +1035,44 @@ class UploadForm { } } + /** + * Check if there's an overwrite conflict and, if so, if restrictions + * forbid this user from performing the upload. + * + * @return mixed true on success, WikiError on failure + * @access private + */ + function checkOverwrite( $name ) { + $img = Image::newFromName( $name ); + if( is_null( $img ) ) { + // Uh... this shouldn't happen ;) + // But if it does, fall through to previous behavior + return false; + } + + $error = ''; + if( $img->exists() ) { + global $wgUser, $wgOut; + if( $img->isLocal() ) { + if( !$wgUser->isAllowed( 'reupload' ) ) { + $error = 'fileexists-forbidden'; + } + } else { + if( !$wgUser->isAllowed( 'reupload' ) || + !$wgUser->isAllowed( 'reupload-shared' ) ) { + $error = "fileexists-shared-forbidden"; + } + } + } + + if( $error ) { + $errorText = wfMsg( $error, wfEscapeWikiText( $img->getName() ) ); + return new WikiError( $wgOut->parse( $errorText ) ); + } + + // Rockin', go ahead and upload + return true; + } + } ?>