X-Git-Url: http://git.cyclocoop.org/ecrire?a=blobdiff_plain;f=includes%2Fupload%2FUploadFromUrl.php;h=0201d5f4e2290d5ae2692c8389fdbe05a0846afd;hb=c38d687a3fe8e084f75472041f55818ac3424b01;hp=c99feefd51c4c0250d3a7b4d880d6547ab58c6a9;hpb=709c614382c199b7d3c5fc5bdbd285d8d3a5f339;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/upload/UploadFromUrl.php b/includes/upload/UploadFromUrl.php
index c99feefd51..0201d5f4e2 100644
--- a/includes/upload/UploadFromUrl.php
+++ b/includes/upload/UploadFromUrl.php
@@ -34,6 +34,8 @@ class UploadFromUrl extends UploadBase {
 
 	protected $mTempPath, $mTmpHandle;
 
+	protected static $allowedUrls = array();
+
 	/**
 	 * Checks if the user is allowed to use the upload-by-URL feature. If the
 	 * user is not allowed, return the name of the user right as a string. If
@@ -104,6 +106,21 @@ class UploadFromUrl extends UploadBase {
 		return $valid;
 	}
 
+	/**
+	 * Checks whether the URL is not allowed.
+	 *
+	 * @param $url string
+	 * @return bool
+	 */
+	public static function isAllowedUrl( $url ) {
+		if ( !isset( self::$allowedUrls[$url] ) ) {
+			$allowed = true;
+			wfRunHooks( 'IsUploadAllowedFromUrl', array( $url, &$allowed ) );
+			self::$allowedUrls[$url] = $allowed;
+		}
+		return self::$allowedUrls[$url];
+	}
+
 	/**
 	 * Entry point for API upload
 	 *
@@ -165,9 +182,13 @@ class UploadFromUrl extends UploadBase {
 	}
 
 	/**
+	 * Download the file (if not async)
+	 *
+	 * @param Array $httpOptions Array of options for MWHttpRequest. Ignored if async.
+	 *   This could be used to override the timeout on the http request.
 	 * @return Status
 	 */
-	public function fetchFile() {
+	public function fetchFile( $httpOptions = array() ) {
 		if ( !Http::isValidURI( $this->mUrl ) ) {
 			return Status::newFatal( 'http-invalid-url' );
 		}
@@ -175,8 +196,11 @@ class UploadFromUrl extends UploadBase {
 		if ( !self::isAllowedHost( $this->mUrl ) ) {
 			return Status::newFatal( 'upload-copy-upload-invalid-domain' );
 		}
+		if ( !self::isAllowedUrl( $this->mUrl ) ) {
+			return Status::newFatal( 'upload-copy-upload-invalid-url' );
+		}
 		if ( !$this->mAsync ) {
-			return $this->reallyFetchFile();
+			return $this->reallyFetchFile( $httpOptions );
 		}
 		return Status::newGood();
 	}
@@ -213,9 +237,12 @@ class UploadFromUrl extends UploadBase {
 	/**
 	 * Download the file, save it to the temporary file and update the file
 	 * size and set $mRemoveTempFile to true.
+	 *
+	 * @param Array $httpOptions Array of options for MWHttpRequest
 	 * @return Status
 	 */
-	protected function reallyFetchFile() {
+	protected function reallyFetchFile( $httpOptions = array() ) {
+		global $wgCopyUploadProxy, $wgCopyUploadTimeout;
 		if ( $this->mTempPath === false ) {
 			return Status::newFatal( 'tmp-create-error' );
 		}
@@ -229,13 +256,15 @@ class UploadFromUrl extends UploadBase {
 		$this->mRemoveTempFile = true;
 		$this->mFileSize = 0;
 
-		$options = array(
-			'followRedirects' => true
+		$options = $httpOptions + array(
+			'followRedirects' => true,
 		);
-		global $wgCopyUploadProxy;
 		if ( $wgCopyUploadProxy !== false ) {
 			$options['proxy'] = $wgCopyUploadProxy;
 		}
+		if ( $wgCopyUploadTimeout && !isset( $options['timeout'] ) ) {
+			$options['timeout'] = $wgCopyUploadTimeout;
+		}
 		$req = MWHttpRequest::factory( $this->mUrl, $options );
 		$req->setCallback( array( $this, 'saveTempFileChunk' ) );
 		$status = $req->execute();