* Add UploadVerification hook for custom file upload validation/security checks

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 5fe5bce..b4f6c58 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -86,6 +86,7 @@ fully support the editing toolbar, but was found to be too confusing.
   overwriting existing files; default is the old behavior (allowed).
 * Use strval() to make sure we don't accidentally get null on bad revision
   text loads or other fields mucking up XML export output
+* Add UploadVerification hook for custom file upload validation/security checks
 
 
 === Caveats ===

diff --git a/docs/hooks.txt b/docs/hooks.txt
index 6bb5fe2..54507d5 100644 (file)
--- a/docs/hooks.txt
+++ b/docs/hooks.txt
@@ -331,6 +331,11 @@ $article: article object to be removed
 $user: user that was watching
 $article: article object removed
 
+'UploadVerification': additional chances to reject an uploaded file
+string $saveName: destination file name
+string $tempName: filesystem path to the temporary file for checks
+string &$error: output: HTML error to show if upload canceled by returning false
+
 'UserLoginComplete': after a user has logged in
 $user: the user object that was created on login
                    

diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php
index 185700f..3eda0f3 100644 (file)
--- a/includes/SpecialUpload.php
+++ b/includes/SpecialUpload.php
@@ -232,6 +232,15 @@ class UploadForm {
                                return $this->uploadError( $veri->toString() );
                        }
                }
+               
+               /**
+                * Provide an opportunity for extensions to add futher checks
+                */
+               $error = '';
+               if( !wfRunHooks( 'UploadVerification',
+                               array( $this->mUploadSaveName, $this->mUploadTempName, &$error ) ) ) {
+                       return $this->uploadError( $error );
+               }
 
                /**
                 * Check for non-fatal conditions