X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=includes%2Fupload%2FUploadBase.php;h=fccb5e1a3ade701b60825043eec2a175bc5301c9;hb=87e3e9b5e90826ae3087fcae2250d7b31d101866;hp=079c7f8eb3a376a8bba9c3b1c0f20a8384153a3d;hpb=ca28853e225fb8c3a2715c6f5bcc558d9e482590;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index 079c7f8eb3..fccb5e1a3a 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -150,7 +150,7 @@ abstract class UploadBase { // Give hooks the chance to handle this request $className = null; - wfRunHooks( 'UploadCreateFromRequest', array( $type, &$className ) ); + Hooks::run( 'UploadCreateFromRequest', array( $type, &$className ) ); if ( is_null( $className ) ) { $className = 'UploadFrom' . $type; wfDebug( __METHOD__ . ": class name: $className\n" ); @@ -261,7 +261,6 @@ abstract class UploadBase { * @return string|bool The real path if it was a virtual URL Returns false on failure */ function getRealPath( $srcPath ) { - wfProfileIn( __METHOD__ ); $repo = RepoGroup::singleton()->getLocalRepo(); if ( $repo->isVirtualUrl( $srcPath ) ) { /** @todo Just make uploads work with storage paths UploadFromStash @@ -275,7 +274,6 @@ abstract class UploadBase { } else { $path = $srcPath; } - wfProfileOut( __METHOD__ ); return $path; } @@ -285,13 +283,11 @@ abstract class UploadBase { * @return mixed Const self::OK or else an array with error information */ public function verifyUpload() { - wfProfileIn( __METHOD__ ); /** * If there was no filename or a zero size given, give up quick. */ if ( $this->isEmptyFile() ) { - wfProfileOut( __METHOD__ ); return array( 'status' => self::EMPTY_FILE ); } @@ -301,7 +297,6 @@ abstract class UploadBase { */ $maxSize = self::getMaxUploadSize( $this->getSourceType() ); if ( $this->mFileSize > $maxSize ) { - wfProfileOut( __METHOD__ ); return array( 'status' => self::FILE_TOO_LARGE, @@ -316,7 +311,6 @@ abstract class UploadBase { */ $verification = $this->verifyFile(); if ( $verification !== true ) { - wfProfileOut( __METHOD__ ); return array( 'status' => self::VERIFICATION_ERROR, @@ -329,22 +323,18 @@ abstract class UploadBase { */ $result = $this->validateName(); if ( $result !== true ) { - wfProfileOut( __METHOD__ ); return $result; } $error = ''; - if ( !wfRunHooks( 'UploadVerification', + if ( !Hooks::run( 'UploadVerification', array( $this->mDestName, $this->mTempPath, &$error ) ) ) { - wfProfileOut( __METHOD__ ); return array( 'status' => self::HOOK_ABORTED, 'error' => $error ); } - wfProfileOut( __METHOD__ ); - return array( 'status' => self::OK ); } @@ -386,12 +376,10 @@ abstract class UploadBase { */ protected function verifyMimeType( $mime ) { global $wgVerifyMimeType; - wfProfileIn( __METHOD__ ); if ( $wgVerifyMimeType ) { wfDebug( "mime: <$mime> extension: <{$this->mFinalExtension}>\n" ); global $wgMimeTypeBlacklist; if ( $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) { - wfProfileOut( __METHOD__ ); return array( 'filetype-badmime', $mime ); } @@ -406,15 +394,12 @@ abstract class UploadBase { $ieTypes = $magic->getIEMimeTypes( $this->mTempPath, $chunk, $extMime ); foreach ( $ieTypes as $ieType ) { if ( $this->checkFileExtension( $ieType, $wgMimeTypeBlacklist ) ) { - wfProfileOut( __METHOD__ ); return array( 'filetype-bad-ie-mime', $ieType ); } } } - wfProfileOut( __METHOD__ ); - return true; } @@ -424,12 +409,10 @@ abstract class UploadBase { * @return mixed True of the file is verified, array otherwise. */ protected function verifyFile() { - global $wgVerifyMimeType; - wfProfileIn( __METHOD__ ); + global $wgVerifyMimeType, $wgDisableUploadScriptChecks; $status = $this->verifyPartialFile(); if ( $status !== true ) { - wfProfileOut( __METHOD__ ); return $status; } @@ -440,32 +423,39 @@ abstract class UploadBase { if ( $wgVerifyMimeType ) { # XXX: Missing extension will be caught by validateName() via getTitle() if ( $this->mFinalExtension != '' && !$this->verifyExtension( $mime, $this->mFinalExtension ) ) { - wfProfileOut( __METHOD__ ); return array( 'filetype-mime-mismatch', $this->mFinalExtension, $mime ); } } + # check for htmlish code and javascript + if ( !$wgDisableUploadScriptChecks ) { + if ( $this->mFinalExtension == 'svg' || $mime == 'image/svg+xml' ) { + $svgStatus = $this->detectScriptInSvg( $this->mTempPath, false ); + if ( $svgStatus !== false ) { + + return $svgStatus; + } + } + } + $handler = MediaHandler::getHandler( $mime ); if ( $handler ) { $handlerStatus = $handler->verifyUpload( $this->mTempPath ); if ( !$handlerStatus->isOK() ) { $errors = $handlerStatus->getErrorsArray(); - wfProfileOut( __METHOD__ ); return reset( $errors ); } } - wfRunHooks( 'UploadVerifyFile', array( $this, $mime, &$status ) ); + Hooks::run( 'UploadVerifyFile', array( $this, $mime, &$status ) ); if ( $status !== true ) { - wfProfileOut( __METHOD__ ); return $status; } wfDebug( __METHOD__ . ": all clear; passing.\n" ); - wfProfileOut( __METHOD__ ); return true; } @@ -480,7 +470,6 @@ abstract class UploadBase { */ protected function verifyPartialFile() { global $wgAllowJavaUploads, $wgDisableUploadScriptChecks; - wfProfileIn( __METHOD__ ); # getTitle() sets some internal parameters like $this->mFinalExtension $this->getTitle(); @@ -491,7 +480,6 @@ abstract class UploadBase { $mime = $this->mFileProps['file-mime']; $status = $this->verifyMimeType( $mime ); if ( $status !== true ) { - wfProfileOut( __METHOD__ ); return $status; } @@ -499,14 +487,12 @@ abstract class UploadBase { # check for htmlish code and javascript if ( !$wgDisableUploadScriptChecks ) { if ( self::detectScript( $this->mTempPath, $mime, $this->mFinalExtension ) ) { - wfProfileOut( __METHOD__ ); return array( 'uploadscripted' ); } if ( $this->mFinalExtension == 'svg' || $mime == 'image/svg+xml' ) { - $svgStatus = $this->detectScriptInSvg( $this->mTempPath ); + $svgStatus = $this->detectScriptInSvg( $this->mTempPath, true ); if ( $svgStatus !== false ) { - wfProfileOut( __METHOD__ ); return $svgStatus; } @@ -523,13 +509,11 @@ abstract class UploadBase { $errors = $zipStatus->getErrorsArray(); $error = reset( $errors ); if ( $error[0] !== 'zip-wrong-format' ) { - wfProfileOut( __METHOD__ ); return $error; } } if ( $this->mJavaDetected ) { - wfProfileOut( __METHOD__ ); return array( 'uploadjava' ); } @@ -538,13 +522,10 @@ abstract class UploadBase { # Scan the uploaded file for viruses $virus = $this->detectVirus( $this->mTempPath ); if ( $virus ) { - wfProfileOut( __METHOD__ ); return array( 'uploadvirus', $virus ); } - wfProfileOut( __METHOD__ ); - return true; } @@ -637,7 +618,6 @@ abstract class UploadBase { */ public function checkWarnings() { global $wgLang; - wfProfileIn( __METHOD__ ); $warnings = array(); @@ -697,17 +677,15 @@ abstract class UploadBase { } // Check dupes against archives - $archivedImage = new ArchivedFile( null, 0, "{$hash}.{$this->mFinalExtension}" ); - if ( $archivedImage->getID() > 0 ) { - if ( $archivedImage->userCan( File::DELETED_FILE ) ) { - $warnings['duplicate-archive'] = $archivedImage->getName(); + $archivedFile = new ArchivedFile( null, 0, '', $hash ); + if ( $archivedFile->getID() > 0 ) { + if ( $archivedFile->userCan( File::DELETED_FILE ) ) { + $warnings['duplicate-archive'] = $archivedFile->getName(); } else { $warnings['duplicate-archive'] = ''; } } - wfProfileOut( __METHOD__ ); - return $warnings; } @@ -723,7 +701,6 @@ abstract class UploadBase { * @return Status Indicating the whether the upload succeeded. */ public function performUpload( $comment, $pageText, $watch, $user ) { - wfProfileIn( __METHOD__ ); $status = $this->getLocalFile()->upload( $this->mTempPath, @@ -743,13 +720,11 @@ abstract class UploadBase { WatchedItem::IGNORE_USER_RIGHTS ); } - wfRunHooks( 'UploadComplete', array( &$this ) ); + Hooks::run( 'UploadComplete', array( &$this ) ); $this->postProcessUpload(); } - wfProfileOut( __METHOD__ ); - return $status; } @@ -940,14 +915,11 @@ abstract class UploadBase { */ public function stashFile( User $user = null ) { // was stashSessionFile - wfProfileIn( __METHOD__ ); $stash = RepoGroup::singleton()->getLocalRepo()->getUploadStash( $user ); $file = $stash->stashFile( $this->mTempPath, $this->getSourceType() ); $this->mLocalFile = $file; - wfProfileOut( __METHOD__ ); - return $file; } @@ -1087,7 +1059,6 @@ abstract class UploadBase { */ public static function detectScript( $file, $mime, $extension ) { global $wgAllowTitlesInSVG; - wfProfileIn( __METHOD__ ); # ugly hack: for text files, always look at the entire file. # For binary field, just check the first K. @@ -1103,7 +1074,6 @@ abstract class UploadBase { $chunk = strtolower( $chunk ); if ( !$chunk ) { - wfProfileOut( __METHOD__ ); return false; } @@ -1128,7 +1098,6 @@ abstract class UploadBase { # check for HTML doctype if ( preg_match( "/mSVGNSError = false; $check = new XmlTypeCheck( $filename, @@ -1293,7 +1257,8 @@ abstract class UploadBase { ); if ( $check->wellFormed !== true ) { // Invalid xml (bug 58553) - return array( 'uploadinvalidxml' ); + // But only when non-partial (bug 65724) + return $partial ? false : array( 'uploadinvalidxml' ); } elseif ( $check->filterMatch ) { if ( $this->mSVGNSError ) { return array( 'uploadscriptednamespace', $this->mSVGNSError ); @@ -1636,11 +1601,9 @@ abstract class UploadBase { */ public static function detectVirus( $file ) { global $wgAntivirus, $wgAntivirusSetup, $wgAntivirusRequired, $wgOut; - wfProfileIn( __METHOD__ ); if ( !$wgAntivirus ) { wfDebug( __METHOD__ . ": virus scanner disabled\n" ); - wfProfileOut( __METHOD__ ); return null; } @@ -1649,7 +1612,6 @@ abstract class UploadBase { wfDebug( __METHOD__ . ": unknown virus scanner: $wgAntivirus\n" ); $wgOut->wrapWikiMsg( "
\n$1\n
", array( 'virus-badscanner', $wgAntivirus ) ); - wfProfileOut( __METHOD__ ); return wfMessage( 'virus-unknownscanner' )->text() . " $wgAntivirus"; } @@ -1723,8 +1685,6 @@ abstract class UploadBase { wfDebug( __METHOD__ . ": FOUND VIRUS! scanner feedback: $output \n" ); } - wfProfileOut( __METHOD__ ); - return $output; }