includes/SpecialUpload.php

   1 <?php
   2
   3 function wfSpecialUpload()
   4 {
   5         global $wgRequest;
   6         $form = new UploadForm( $wgRequest );
   7         $form->execute();
   8 }
   9
  10 class UploadForm {
  11         var $mUploadAffirm, $mUploadFile, $mUploadDescription, $mIgnoreWarning;
  12         var $mUploadSaveName, $mUploadTempName, $mUploadSize, $mUploadOldVersion;
  13         var $mUploadCopyStatus, $mUploadSource, $mReUpload, $mAction, $mUpload;
  14         var $mOname, $mSessionKey;
  15
  16         function UploadForm( &$request ) {
  17                 $this->mUploadAffirm = $request->getVal( 'wpUploadAffirm' );
  18                 $this->mUploadFile = $request->getVal( 'wpUploadFile' );
  19                 $this->mUploadDescription = $request->getVal( 'wpUploadDescription');
  20                 $this->mIgnoreWarning = $request->getVal( 'wpIgnoreWarning');
  21                 $this->mUploadSaveName = $request->getVal( 'wpUploadSaveName');
  22                 $this->mUploadTempName = $request->getVal( 'wpUploadTempName');
  23                 $this->mUploadTempName = $request->getVal( 'wpUploadTempName');
  24                 $this->mUploadSize = $request->getVal( 'wpUploadSize');
  25                 $this->mUploadOldVersion = $request->getVal( 'wpUploadOldVersion');
  26                 $this->mUploadCopyStatus = $request->getVal( 'wpUploadCopyStatus');
  27                 $this->mUploadSource = $request->getVal( 'wpUploadSource');
  28                 $this->mReUpload = $request->getCheck( 'wpReUpload' );
  29                 $this->mAction = $request->getVal( 'action' );
  30                 $this->mUpload = $request->getCheck( 'wpUpload' );
  31                 $this->mSessionKey = $request->getVal( 'wpSessionKey' );
  32
  33                 if ( ! $this->mUploadTempName ) {
  34                         $this->mUploadTempName = @$_FILES['wpUploadFile']['tmp_name'];
  35                 }
  36                 if ( ! $this->mUploadSize ) {
  37                         $this->mUploadSize = @$_FILES['wpUploadFile']['size'];
  38                 }
  39                 $this->mOname = $request->getGPCVal( $_FILES['wpUploadFile'], 'name', "" );
  40
  41         }
  42
  43         function execute() {
  44                 global $wgUser, $wgOut;
  45                 global $wgDisableUploads;
  46
  47                 if ( $wgDisableUploads ) {
  48                         $wgOut->addWikiText( wfMsg( "uploaddisabled" ) );
  49                         return;
  50                 }
  51                 if ( ( 0 == $wgUser->getID() )
  52                         or $wgUser->isBlocked() ) {
  53                         $wgOut->errorpage( "uploadnologin", "uploadnologintext" );
  54                         return;
  55                 }
  56                 if ( wfReadOnly() ) {
  57                         $wgOut->readOnlyPage();
  58                         return;
  59                 }
  60                 if ( $this->mReUpload ) {
  61                         $this->unsaveUploadedFile();
  62                         $this->mainUploadForm( "" );
  63                 } else if ( "submit" == $this->mAction || $this->mUpload ) {
  64                         $this->processUpload();
  65                 } else {
  66                         $this->mainUploadForm( "" );
  67                 }
  68         }
  69
  70
  71         function processUpload()
  72         {
  73                 global $wgUser, $wgOut, $wgLang;
  74                 global $wgUploadDirectory;
  75                 global $wgSavedFile, $wgUploadOldVersion;
  76                 global $wgUseCopyrightUpload, $wgCheckCopyrightUpload;
  77                 global $wgCheckFileExtensions, $wgStrictFileExtensions;
  78                 global $wgFileExtensions, $wgFileBlacklist, $wgUploadSizeWarning;
  79
  80                 if ( $wgUseCopyrightUpload ) {
  81                         $this->mUploadAffirm = 1;
  82                         if ($wgCheckCopyrightUpload &&
  83                                 (trim ( $this->mUploadCopyStatus ) == "" || trim ( $this->mUploadSource ) == "" )) {
  84                                 $this->mUploadAffirm = 0;
  85                         }
  86                 }
  87
  88                 if ( 1 != $this->mUploadAffirm ) {
  89                         $this->mainUploadForm( WfMsg( "noaffirmation" ) );
  90                         return;
  91                 }
  92
  93                 if ( "" != $this->mOname ) {
  94                         $basename = strrchr( $this->mOname, "/" );
  95                         if ( false === $basename ) { $basename = $this->mOname; }
  96                         else ( $basename = substr( $basename, 1 ) );
  97
  98                         $ext = strrchr( $basename, "." );
  99                         if ( false === $ext ) { $ext = ""; }
 100                         else { $ext = substr( $ext, 1 ); }
 101
 102                         if ( "" == $ext ) { $xl = 0; } else { $xl = strlen( $ext ) + 1; }
 103                         $partname = substr( $basename, 0, strlen( $basename ) - $xl );
 104
 105                         if ( strlen( $partname ) < 3 ) {
 106                                 $this->mainUploadForm( WfMsg( "minlength" ) );
 107                                 return;
 108                         }
 109                         $nt = Title::newFromText( $basename );
 110                         $nt->setNamespace( Namespace::getImage() );
 111                         $this->mUploadSaveName = $nt->getDBkey();
 112
 113                         /* Don't allow users to override the blacklist */
 114                         if( $this->checkFileExtension( $ext, $wgFileBlacklist ) ||
 115                                 ($wgStrictFileExtensions && !$this->checkFileExtension( $ext, $wgFileExtensions ) ) ) {
 116                                 return $this->uploadError( wfMsg( "badfiletype", $ext ) );
 117                         }
 118
 119                         $this->saveUploadedFile( $this->mUploadSaveName, $this->mUploadTempName );
 120                         if ( ( ! $this->mIgnoreWarning ) &&
 121                           ( 0 != strcmp( ucfirst( $basename ), $this->mUploadSaveName ) ) ) {
 122                                 return $this->uploadWarning( wfMsg( "badfilename", $this->mUploadSaveName ) );
 123                         }
 124
 125                         if ( $wgCheckFileExtensions ) {
 126                                 if ( ( ! $this->mIgnoreWarning ) &&
 127                                          ( ! $this->checkFileExtension( $ext, $wgFileExtensions ) ) ) {
 128                                         return $this->uploadWarning( wfMsg( "badfiletype", $ext ) );
 129                                 }
 130                         }
 131                         if ( $wgUploadSizeWarning && ( ! $this->mIgnoreWarning ) &&
 132                           ( $this->mUploadSize > $wgUploadSizeWarning ) ) {
 133                                 return $this->uploadWarning( wfMsg( "largefile" ) );
 134                         }
 135                         if ( !$nt->userCanEdit() ) {
 136                                 return $this->uploadError( wfMsg( "protectedpage" ) );
 137                         }
 138                         if($nt->getArticleID()) {
 139                                 $sk = $wgUser->getSkin();
 140                                 $dname = $wgLang->getNsText( Namespace::getImage() ) . ":{$this->mUploadSaveName}";
 141                                 $dlink = $sk->makeKnownLink( $dname, $dname );
 142                                 return $this->uploadWarning( wfMsg( "fileexists", $dlink ) );
 143                         }
 144                 }
 145                 if ( !is_null( $this->mUploadOldVersion ) ) {
 146                         $wgUploadOldVersion = $this->mUploadOldVersion;
 147                 }
 148                 wfRecordUpload( $this->mUploadSaveName, $wgUploadOldVersion, $this->mUploadSize,
 149                   $this->mUploadDescription, $this->mUploadCopyStatus, $this->mUploadSource );
 150
 151                 $sk = $wgUser->getSkin();
 152                 $ilink = $sk->makeMediaLink( $this->mUploadSaveName, Image::wfImageUrl( $this->mUploadSaveName ) );
 153                 $dname = $wgLang->getNsText( Namespace::getImage() ) . ":{$this->mUploadSaveName}";
 154                 $dlink = $sk->makeKnownLink( $dname, $dname );
 155
 156                 $wgOut->addHTML( "<h2>" . wfMsg( "successfulupload" ) . "</h2>\n" );
 157                 $text = wfMsg( "fileuploaded", $ilink, $dlink );
 158                 $wgOut->addHTML( "<p>{$text}\n" );
 159                 $wgOut->returnToMain( false );
 160         }
 161
 162         function checkFileExtension( $ext, $list ) {
 163                 return in_array( strtolower( $ext ), $list );
 164         }
 165
 166         function saveUploadedFile( $saveName, $tempName )
 167         {
 168                 global $wgSavedFile, $wgUploadOldVersion;
 169                 global $wgUploadDirectory, $wgOut;
 170
 171                 $dest = wfImageDir( $saveName );
 172                 $archive = wfImageArchiveDir( $saveName );
 173                 $wgSavedFile = "{$dest}/{$saveName}";
 174
 175                 if ( is_file( $wgSavedFile ) ) {
 176                         $wgUploadOldVersion = gmdate( "YmdHis" ) . "!{$saveName}";
 177
 178                         if ( ! rename( $wgSavedFile, "${archive}/{$wgUploadOldVersion}" ) ) {
 179                                 $wgOut->fileRenameError( $wgSavedFile,
 180                                   "${archive}/{$wgUploadOldVersion}" );
 181                                 return;
 182                         }
 183                 } else {
 184                         $wgUploadOldVersion = "";
 185                 }
 186                 if ( ! move_uploaded_file( $tempName, $wgSavedFile ) ) {
 187                         $wgOut->fileCopyError( $tempName, $wgSavedFile );
 188                 }
 189                 chmod( $wgSavedFile, 0644 );
 190         }
 191
 192         function unsaveUploadedFile()
 193         {
 194                 global $wgUploadDirectory, $wgOut, $wgRequest;
 195
 196                 $wgSavedFile = $_SESSION['wsUploadFiles'][$this->mSessionKey];
 197                 $wgUploadOldVersion = $this->mUploadOldVersion;
 198
 199                 if ( ! @unlink( $wgSavedFile ) ) {
 200                         $wgOut->fileDeleteError( $wgSavedFile );
 201                         return;
 202                 }
 203                 if ( "" != $wgUploadOldVersion ) {
 204                         $hash = md5( substr( $wgUploadOldVersion, 15 ) );
 205                         $archive = "{$wgUploadDirectory}/archive/" . $hash{0} .
 206                         "/" . substr( $hash, 0, 2 );
 207
 208                         if ( ! rename( "{$archive}/{$wgUploadOldVersion}", $wgSavedFile ) ) {
 209                                 $wgOut->fileRenameError( "{$archive}/{$wgUploadOldVersion}",
 210                                   $wgSavedFile );
 211                         }
 212                 }
 213         }
 214
 215         function uploadError( $error )
 216         {
 217                 global $wgOut;
 218                 $sub = wfMsg( "uploadwarning" );
 219                 $wgOut->addHTML( "<h2>{$sub}</h2>\n" );
 220                 $wgOut->addHTML( "<h4><font color=red>{$error}</font></h4>\n" );
 221         }
 222
 223         function uploadWarning( $warning )
 224         {
 225                 global $wgOut, $wgUser, $wgLang, $wgUploadDirectory, $wgRequest;
 226                 global $wgSavedFile, $wgUploadOldVersion;
 227                 global $wgUseCopyrightUpload;
 228
 229                 # wgSavedFile is stored in the session not the form, for security
 230                 $this->mSessionKey = mt_rand( 0, 0x7fffffff );
 231                 $_SESSION['wsUploadFiles'][$this->mSessionKey] = $wgSavedFile;
 232
 233                 $sub = wfMsg( "uploadwarning" );
 234                 $wgOut->addHTML( "<h2>{$sub}</h2>\n" );
 235                 $wgOut->addHTML( "<h4><font color=red>{$warning}</font></h4>\n" );
 236
 237                 $save = wfMsg( "savefile" );
 238                 $reupload = wfMsg( "reupload" );
 239                 $iw = wfMsg( "ignorewarning" );
 240                 $reup = wfMsg( "reuploaddesc" );
 241                 $titleObj = Title::makeTitle( NS_SPECIAL, "Upload" );
 242                 $action = $titleObj->escapeLocalURL( "action=submit" );
 243
 244                 if ( $wgUseCopyrightUpload )
 245                 {
 246                         $copyright =  "
 247         <input type=hidden name=\"wpUploadCopyStatus\" value=\"" . htmlspecialchars( $this->mUploadCopyStatus ) . "\">
 248         <input type=hidden name=\"wpUploadSource\" value=\"" . htmlspecialchars( $this->mUploadSource ) . "\">
 249         ";
 250                 } else {
 251                         $copyright = "";
 252                 }
 253
 254                 $wgOut->addHTML( "
 255         <form id=\"uploadwarning\" method=\"post\" enctype=\"multipart/form-data\"
 256         action=\"{$action}\">
 257         <input type=hidden name=\"wpUploadAffirm\" value=\"1\">
 258         <input type=hidden name=\"wpIgnoreWarning\" value=\"1\">
 259         <input type=hidden name=\"wpUploadDescription\" value=\"" . htmlspecialchars( $this->mUploadDescription ) . "\">
 260         {$copyright}
 261         <input type=hidden name=\"wpUploadSaveName\" value=\"" . htmlspecialchars( $this->mUploadSaveName ) . "\">
 262         <input type=hidden name=\"wpUploadTempName\" value=\"" . htmlspecialchars( $this->mUploadTempName ) . "\">
 263         <input type=hidden name=\"wpUploadSize\" value=\"" . htmlspecialchars( $this->mUploadSize ) . "\">
 264         <input type=hidden name=\"wpSessionKey\" value=\"" . htmlspecialchars( $this->mSessionKey ) . "\">
 265         <input type=hidden name=\"wpUploadOldVersion\" value=\"" . htmlspecialchars( $wgUploadOldVersion) . "\">
 266         <table border=0><tr>
 267         <tr><td align=right>
 268         <input tabindex=2 type=submit name=\"wpUpload\" value=\"{$save}\">
 269         </td><td align=left>{$iw}</td></tr>
 270         <tr><td align=right>
 271         <input tabindex=2 type=submit name=\"wpReUpload\" value=\"{$reupload}\">
 272         </td><td align=left>{$reup}</td></tr></table></form>\n" );
 273         }
 274
 275         function mainUploadForm( $msg )
 276         {
 277                 global $wgOut, $wgUser, $wgLang, $wgUploadDirectory, $wgRequest;
 278                 global $wgUseCopyrightUpload;
 279
 280                 if ( "" != $msg ) {
 281                         $sub = wfMsg( "uploaderror" );
 282                         $wgOut->addHTML( "<h2>{$sub}</h2>\n" .
 283                           "<h4><font color=red>{$msg}</font></h4>\n" );
 284                 } else {
 285                         $sub = wfMsg( "uploadfile" );
 286                         $wgOut->addHTML( "<h2>{$sub}</h2>\n" );
 287                 }
 288                 $wgOut->addHTML( "<p>" . wfMsg( "uploadtext" ) );
 289                 $sk = $wgUser->getSkin();
 290
 291                 $fn = wfMsg( "filename" );
 292                 $fd = wfMsg( "filedesc" );
 293                 $ulb = wfMsg( "uploadbtn" );
 294
 295                 $clink = $sk->makeKnownLink( wfMsg( "copyrightpage" ),
 296                   wfMsg( "copyrightpagename" ) );
 297                 $ca = wfMsg( "affirmation", $clink );
 298                 $iw = wfMsg( "ignorewarning" );
 299
 300                 $titleObj = Title::makeTitle( NS_SPECIAL, "Upload" );
 301                 $action = $titleObj->escapeLocalURL();
 302
 303                 $source = "
 304         <td align=right>
 305         <input tabindex=3 type=checkbox name=\"wpUploadAffirm\" value=\"1\" id=\"wpUploadAffirm\">
 306         </td><td align=left><label for=\"wpUploadAffirm\">{$ca}</label></td>
 307         " ;
 308                 if ( $wgUseCopyrightUpload )
 309                   {
 310                         $source = "
 311         <td align=right nowrap>" . wfMsg ( "filestatus" ) . ":</td>
 312         <td><input tabindex=3 type=text name=\"wpUploadCopyStatus\" value=\"" .
 313         htmlspecialchars($this->mUploadCopyStatus). "\" size=40></td>
 314         </tr><tr>
 315         <td align=right>". wfMsg ( "filesource" ) . ":</td>
 316         <td><input tabindex=4 type=text name=\"wpUploadSource\" value=\"" .
 317         htmlspecialchars($this->mUploadSource). "\" size=40></td>
 318         " ;
 319                   }
 320
 321                 $wgOut->addHTML( "
 322         <form id=\"upload\" method=\"post\" enctype=\"multipart/form-data\"
 323         action=\"{$action}\">
 324         <table border=0><tr>
 325         <td align=right>{$fn}:</td><td align=left>
 326         <input tabindex=1 type=file name=\"wpUploadFile\" value=\""
 327           . htmlspecialchars( $this->mUploadFile ) . "\" size=40>
 328         </td></tr><tr>
 329         <td align=right>{$fd}:</td><td align=left>
 330         <input tabindex=2 type=text name=\"wpUploadDescription\" value=\""
 331           . htmlspecialchars( $this->mUploadDescription ) . "\" size=40>
 332         </td></tr><tr>
 333         {$source}
 334         </tr>
 335         <tr><td>&nbsp;</td><td align=left>
 336         <input tabindex=5 type=submit name=\"wpUpload\" value=\"{$ulb}\">
 337         </td></tr></table></form>\n" );
 338         }
 339 }
 340 ?>