MediaWiki REL1_27
UploadBase Class Reference

UploadBase and subclasses are the backend of MediaWiki's file uploads. More...

Inheritance diagram for UploadBase:
Collaboration diagram for UploadBase:

Public Member Functions

 __construct ()
 
 checkSvgScriptCallback ( $element, $attribs, $data=null)
 
 checkWarnings ()
 Check for non fatal problems with the file.
 
 cleanupTempFile ()
 If we've modified the upload file we need to manually remove it on exit to clean up.
 
 convertVerifyErrorToStatus ( $error)
 
 fetchFile ()
 Fetch the file.
 
 getFileSize ()
 Return the file size.
 
 getImageInfo ( $result)
 Gets image info about the file just uploaded.
 
 getLocalFile ()
 Return the local file and initializes if necessary.
 
 getRealPath ( $srcPath)
 
 getSourceType ()
 Returns the upload type.
 
 getTempFileSha1Base36 ()
 Get the base 36 SHA1 of the file.
 
 getTempPath ()
 
 getTitle ()
 Returns the title of the file to be uploaded.
 
 getVerificationErrorCode ( $error)
 
 initializeFromRequest (&$request)
 Initialize from a WebRequest.
 
 initializePathInfo ( $name, $tempPath, $fileSize, $removeTempFile=false)
 Initialize the path information.
 
 isEmptyFile ()
 Return true if the file is empty.
 
 performUpload ( $comment, $pageText, $watch, $user, $tags=[])
 Really perform the upload.
 
 postProcessUpload ()
 Perform extra steps after a successful upload.
 
 stashFile (User $user=null)
 If the user does not supply all necessary information in the first upload form submission (either by accident or by design) then we may want to stash the file temporarily, get more information, and publish the file later.
 
 stashFileGetKey ()
 Stash a file in a temporary directory, returning a key which can be used to find the file again.
 
 stashSession ()
 alias for stashFileGetKey, for backwards compatibility
 
 validateName ()
 Verify that the name is valid and, if necessary, that we can overwrite.
 
 verifyPermissions ( $user)
 Alias for verifyTitlePermissions.
 
 verifyTitlePermissions ( $user)
 Check whether the user can edit, upload and create the image.
 
 verifyUpload ()
 Verify whether the upload is sane.
 
 zipEntryCallback ( $entry)
 Callback for ZipDirectoryReader to detect Java class files.
 

Static Public Member Functions

static checkFileExtension ( $ext, $list)
 Perform case-insensitive match against a list of file extensions.
 
static checkFileExtensionList ( $ext, $list)
 Perform case-insensitive match against a list of file extensions.
 
static checkSvgExternalDTD ( $type, $publicId, $systemId)
 Verify that DTD urls referenced are only the standard dtds.
 
static checkSvgPICallback ( $target, $data)
 Callback to filter SVG Processing Instructions.
 
static checkXMLEncodingMissmatch ( $file)
 Check a whitelist of xml encodings that are known not to be interpreted differently by the server's xml parser (expat) and some common browsers.
 
static createFromRequest (&$request, $type=null)
 Create a form of UploadBase depending on wpSourceType and initializes it.
 
static detectScript ( $file, $mime, $extension)
 Heuristic for detecting files that could contain JavaScript instructions or things that may look like HTML to a browser and are thus potentially harmful.
 
static detectVirus ( $file)
 Generic wrapper function for a virus scanner program.
 
static getExistsWarning ( $file)
 Helper function that does various existence checks for a file.
 
static getFilenamePrefixBlacklist ()
 Get a list of blacklisted filename prefixes from [[MediaWiki:Filename-prefix-blacklist]].
 
static getMaxPhpUploadSize ()
 Get the PHP maximum uploaded file size, based on ini settings.
 
static getMaxUploadSize ( $forType=null)
 Get the MediaWiki maximum uploaded file size for given type of upload, based on $wgMaxUploadSize.
 
static getSessionStatus (User $user, $statusKey)
 Get the current status of a chunked upload (used for polling)
 
static isAllowed ( $user)
 Returns true if the user can use this upload module or else a string identifying the missing permission.
 
static isEnabled ()
 Returns true if uploads are enabled.
 
static isThrottled ( $user)
 Returns true if the user has surpassed the upload rate limit, false otherwise.
 
static isThumbName ( $filename)
 Helper function that checks whether the filename looks like a thumbnail.
 
static isValidRequest ( $request)
 Check whether a request if valid for this handler.
 
static setSessionStatus (User $user, $statusKey, $value)
 Set the current status of a chunked upload (used for polling)
 
static splitExtensions ( $filename)
 Split a file into a base name and all dot-delimited 'extensions' on the end.
 
static userCanReUpload (User $user, File $img)
 Check if a user is the last uploader.
 
static verifyExtension ( $mime, $extension)
 Checks if the MIME type of the uploaded file matches the file extension.
 

Public Attributes

const EMPTY_FILE = 3
 
const FILE_TOO_LARGE = 12
 
const FILENAME_TOO_LONG = 14
 
const FILETYPE_BADTYPE = 9
 
const FILETYPE_MISSING = 8
 
const HOOK_ABORTED = 11
 
const ILLEGAL_FILENAME = 5
 
const MIN_LENGTH_PARTNAME = 4
 
const OK = 0
 
const OVERWRITE_EXISTING_FILE = 7
 
const SUCCESS = 0
 
const VERIFICATION_ERROR = 10
 
const WINDOWS_NONASCII_FILENAME = 13
 

Protected Member Functions

 detectScriptInSvg ( $filename, $partial)
 
 setTempFile ( $tempPath, $fileSize=null)
 
 verifyFile ()
 Verifies that it's ok to include the uploaded file.
 
 verifyMimeType ( $mime)
 Verify the MIME type.
 
 verifyPartialFile ()
 A verification routine suitable for partial files.
 

Protected Attributes

 $mBlackListedExtensions
 
 $mDesiredDestName
 
 $mDestName
 
 $mFileProps
 
 $mFileSize
 
 $mFilteredName
 
 $mFinalExtension
 
 $mJavaDetected
 
 $mLocalFile
 
 $mRemoveTempFile
 
 $mSourceType
 
 $mSVGNSError
 
string $mTempPath
 Local file system path to the file to upload (or a local copy)
 
 $mTitle = false
 
 $mTitleError = 0
 
TempFSFile null $tempFileObj
 Wrapper to handle deleting the temp file.
 

Static Protected Attributes

static $safeXmlEncodings
 

Private Member Functions

 checkOverwrite ( $user)
 Check if there's an overwrite conflict and, if so, if restrictions forbid this user from performing the upload.
 
 stripXmlNamespace ( $name)
 

Static Private Member Functions

static checkCssFragment ( $value)
 Check a block of CSS or CSS fragment for anything that looks like it is bringing in remote code.
 
static splitXmlNamespace ( $element)
 Divide the element name passed by the xml parser to the callback into URI and prifix.
 

Static Private Attributes

static $uploadHandlers = [ 'Stash', 'File', 'Url' ]
 

Detailed Description

UploadBase and subclasses are the backend of MediaWiki's file uploads.

The frontends are formed by ApiUpload and SpecialUpload.

Author
Brion Vibber
Bryan Tong Minh
Michael Dale

Definition at line 38 of file UploadBase.php.

Constructor & Destructor Documentation

◆ __construct()

UploadBase::__construct ( )

Definition at line 200 of file UploadBase.php.

Member Function Documentation

◆ checkCssFragment()

static UploadBase::checkCssFragment (   $value)
staticprivate

Check a block of CSS or CSS fragment for anything that looks like it is bringing in remote code.

Parameters
string$valuea string of CSS
bool$propOnlyonly check css properties (start regex with :)
Returns
bool true if the CSS contains an illegal string, false if otherwise

Definition at line 1576 of file UploadBase.php.

References $matches, $value, and as.

◆ checkFileExtension()

static UploadBase::checkFileExtension (   $ext,
  $list 
)
static

Perform case-insensitive match against a list of file extensions.

Returns true if the extension is in the list.

Parameters
string$ext
array$list
Returns
bool

Definition at line 1010 of file UploadBase.php.

References $ext.

Referenced by checkWarnings(), getTitle(), and verifyMimeType().

◆ checkFileExtensionList()

static UploadBase::checkFileExtensionList (   $ext,
  $list 
)
static

Perform case-insensitive match against a list of file extensions.

Returns an array of matching extensions.

Parameters
array$ext
array$list
Returns
bool

Definition at line 1022 of file UploadBase.php.

References $ext.

Referenced by StreamFile\contentTypeFromPath(), and getTitle().

◆ checkOverwrite()

UploadBase::checkOverwrite (   $user)
private

Check if there's an overwrite conflict and, if so, if restrictions forbid this user from performing the upload.

Parameters
User$user
Returns
mixed True on success, array on failure

Definition at line 1753 of file UploadBase.php.

Referenced by verifyTitlePermissions().

◆ checkSvgExternalDTD()

static UploadBase::checkSvgExternalDTD (   $type,
  $publicId,
  $systemId 
)
static

Verify that DTD urls referenced are only the standard dtds.

Browsers seem to ignore external dtds. However just to be on the safe side, only allow dtds from the svg standard.

Parameters
string$typePUBLIC or SYSTEM
string$publicIdThe well-known public identifier for the dtd
string$systemIdThe url for the external dtd

Definition at line 1324 of file UploadBase.php.

References $type.

◆ checkSvgPICallback()

static UploadBase::checkSvgPICallback (   $target,
  $data 
)
static

Callback to filter SVG Processing Instructions.

Parameters
string$targetProcessing instruction name
string$dataProcessing instruction attribute and value
Returns
bool (true if the filter identified something bad)

Definition at line 1305 of file UploadBase.php.

◆ checkSvgScriptCallback()

UploadBase::checkSvgScriptCallback (   $element,
  $attribs,
  $data = null 
)
Todo:
Replace this with a whitelist filter!
Parameters
string$element
array$attribs
Returns
bool

Definition at line 1350 of file UploadBase.php.

References $attribs, $value, as, list, Sanitizer\normalizeCss(), splitXmlNamespace(), stripXmlNamespace(), and wfDebug().

◆ checkWarnings()

UploadBase::checkWarnings ( )

Check for non fatal problems with the file.

This should not assume that mTempPath is set.

Returns
array Array of warnings

Definition at line 630 of file UploadBase.php.

References $extensions, $mFileSize, $mFinalExtension, $title, $wgCheckFileExtensions, $wgFileExtensions, $wgLang, $wgUploadSizeWarning, as, Title\capitalize(), checkFileExtension(), File\DELETED_FILE, getExistsWarning(), getLocalFile(), getTempFileSha1Base36(), getTitle(), global, NS_FILE, IDBAccessObject\READ_LATEST, and RepoGroup\singleton().

◆ checkXMLEncodingMissmatch()

static UploadBase::checkXMLEncodingMissmatch (   $file)
static

Check a whitelist of xml encodings that are known not to be interpreted differently by the server's xml parser (expat) and some common browsers.

Parameters
string$filePathname to the temporary upload file
Returns
bool True if the file contains an encoding that could be misinterpreted

Definition at line 1215 of file UploadBase.php.

References $matches, $wgSVGMetadataCutoff, as, global, and wfDebug().

◆ cleanupTempFile()

UploadBase::cleanupTempFile ( )

If we've modified the upload file we need to manually remove it on exit to clean up.

Definition at line 974 of file UploadBase.php.

References wfDebug().

◆ convertVerifyErrorToStatus()

UploadBase::convertVerifyErrorToStatus (   $error)
Parameters
array$error
Returns
Status

Definition at line 1971 of file UploadBase.php.

References $code, and getVerificationErrorCode().

◆ createFromRequest()

static UploadBase::createFromRequest ( $request,
  $type = null 
)
static

Create a form of UploadBase depending on wpSourceType and initializes it.

Parameters
WebRequest$request
string | null$type
Returns
null|UploadBase

Definition at line 152 of file UploadBase.php.

References $handler, $request, $type, and wfDebug().

Referenced by SpecialUpload\loadRequest().

◆ detectScript()

static UploadBase::detectScript (   $file,
  $mime,
  $extension 
)
static

Heuristic for detecting files that could contain JavaScript instructions or things that may look like HTML to a browser and are thus potentially harmful.

The present implementation will produce false positives in some situations.

Parameters
string$filePathname to the temporary upload file
string$mimeThe MIME type of the file
string$extensionThe extension of the file
Returns
bool True if the file contains something looking like embedded scripts

Definition at line 1086 of file UploadBase.php.

References $mime, $tag, $wgAllowTitlesInSVG, as, Sanitizer\decodeCharReferences(), global, in, and wfDebug().

◆ detectScriptInSvg()

UploadBase::detectScriptInSvg (   $filename,
  $partial 
)
protected
Parameters
string$filename
bool$partial
Returns
mixed False of the file is verified (does not contain scripts), array otherwise.

Definition at line 1273 of file UploadBase.php.

References $mSVGNSError, and false.

Referenced by verifyFile(), and verifyPartialFile().

◆ detectVirus()

static UploadBase::detectVirus (   $file)
static

Generic wrapper function for a virus scanner program.

This relies on the $wgAntivirus and $wgAntivirusSetup variables. $wgAntivirusRequired may be used to deny upload if the scan fails.

Parameters
string$filePathname to the temporary upload file
Returns
mixed False if not virus is found, null if the scan fails or is disabled, or a string containing feedback from the virus scanner if a virus was found. If textual feedback is missing but a virus was found, this function returns true.

Definition at line 1656 of file UploadBase.php.

References $command, $output, $wgAntivirus, $wgAntivirusRequired, $wgAntivirusSetup, $wgOut, AV_NO_VIRUS, AV_SCAN_ABORTED, AV_SCAN_FAILED, global, there, wfDebug(), wfEscapeShellArg(), wfMessage(), and wfShellExecWithStderr().

Referenced by verifyPartialFile().

◆ fetchFile()

UploadBase::fetchFile ( )

Fetch the file.

Usually a no-op

Returns
Status

Definition at line 259 of file UploadBase.php.

◆ getExistsWarning()

static UploadBase::getExistsWarning (   $file)
static

Helper function that does various existence checks for a file.

The following checks are performed:

  • The file exists
  • Article with the same name as the file exists
  • File exists with normalized extension
  • The file looks like a thumbnail and the original exists
Parameters
File$fileThe File object to check
Returns
mixed False if the file does not exists, else an array

Definition at line 1810 of file UploadBase.php.

References file, of, and page.

Referenced by checkWarnings(), and ApiQueryImageInfo\getInfo().

◆ getFilenamePrefixBlacklist()

static UploadBase::getFilenamePrefixBlacklist ( )
static

Get a list of blacklisted filename prefixes from [[MediaWiki:Filename-prefix-blacklist]].

Returns
array List of prefixes

Definition at line 1915 of file UploadBase.php.

References $comment, $line, $lines, as, and wfMessage().

◆ getFileSize()

UploadBase::getFileSize ( )

Return the file size.

Returns
int

Definition at line 275 of file UploadBase.php.

References $mFileSize.

◆ getImageInfo()

UploadBase::getImageInfo (   $result)

Gets image info about the file just uploaded.

Also has the effect of setting metadata to be an 'indexed tag name' in returned API result if 'metadata' was requested. Oddly, we have to pass the "result" object down just so it can do that with the appropriate format, presumably.

Parameters
ApiResult$result
Returns
array Image info

Definition at line 1949 of file UploadBase.php.

References ApiQueryImageInfo\getInfo(), getLocalFile(), and ApiQueryImageInfo\getPropertyNames().

◆ getLocalFile()

UploadBase::getLocalFile ( )

Return the local file and initializes if necessary.

Returns
LocalFile|UploadStashFile|null

Definition at line 917 of file UploadBase.php.

References $mLocalFile, getTitle(), and wfLocalFile().

Referenced by checkWarnings(), getImageInfo(), performUpload(), postProcessUpload(), and validateName().

◆ getMaxPhpUploadSize()

static UploadBase::getMaxPhpUploadSize ( )
static

Get the PHP maximum uploaded file size, based on ini settings.

If there is no limit or the limit can't be guessed, returns a very large number (PHP_INT_MAX).

Since
1.27
Returns
int

Definition at line 2006 of file UploadBase.php.

References wfShorthandToInteger().

Referenced by UploadForm\getSourceSection().

◆ getMaxUploadSize()

static UploadBase::getMaxUploadSize (   $forType = null)
static

Get the MediaWiki maximum uploaded file size for given type of upload, based on $wgMaxUploadSize.

Parameters
null | string$forType
Returns
int

Definition at line 1985 of file UploadBase.php.

References $wgMaxUploadSize, and global.

Referenced by UploadFromChunks\addChunk(), UploadForm\addUploadJS(), ApiQuerySiteinfo\appendGeneralInfo(), ApiUpload\execute(), ApiUpload\getAllowedParams(), UploadForm\getSourceSection(), and verifyUpload().

◆ getRealPath()

UploadBase::getRealPath (   $srcPath)
Parameters
string$srcPathThe source path
Returns
string|bool The real path if it was a virtual URL Returns false on failure

Definition at line 291 of file UploadBase.php.

References $path, and RepoGroup\singleton().

Referenced by UploadFromChunks\continueChunks(), and UploadFromStash\initialize().

◆ getSessionStatus()

static UploadBase::getSessionStatus ( User  $user,
  $statusKey 
)
static

Get the current status of a chunked upload (used for polling)

The value will be read from cache.

Parameters
User$user
string$statusKey
Returns
Status[]|bool

Definition at line 2027 of file UploadBase.php.

References $user, ObjectCache\getMainStashInstance(), and wfMemcKey().

Referenced by ApiUpload\getChunkResult(), ApiUpload\performUpload(), and ApiUpload\selectUploadModule().

◆ getSourceType()

UploadBase::getSourceType ( )

Returns the upload type.

Should be overridden by child classes

Since
1.18
Returns
string

Reimplemented in UploadFromFile, UploadFromStash, and UploadFromUrl.

Definition at line 209 of file UploadBase.php.

Referenced by stashFile(), and verifyUpload().

◆ getTempFileSha1Base36()

UploadBase::getTempFileSha1Base36 ( )

Get the base 36 SHA1 of the file.

Returns
string

Reimplemented in UploadFromStash.

Definition at line 283 of file UploadBase.php.

References FSFile\getSha1Base36FromPath().

Referenced by checkWarnings().

◆ getTempPath()

UploadBase::getTempPath ( )

Definition at line 982 of file UploadBase.php.

References $mTempPath.

◆ getTitle()

◆ getVerificationErrorCode()

UploadBase::getVerificationErrorCode (   $error)
Parameters
int$error
Returns
string

Definition at line 77 of file UploadBase.php.

Referenced by UploadFromChunks\concatenateChunks(), and convertVerifyErrorToStatus().

◆ initializeFromRequest()

UploadBase::initializeFromRequest ( $request)
abstract

Initialize from a WebRequest.

Override this in a subclass.

Parameters
WebRequest$request

Reimplemented in UploadFromFile, UploadFromStash, UploadFromUrl, and UploadTestHandler.

◆ initializePathInfo()

UploadBase::initializePathInfo (   $name,
  $tempPath,
  $fileSize,
  $removeTempFile = false 
)

Initialize the path information.

Parameters
string$nameThe desired destination name
string$tempPathThe temporary path
int$fileSizeThe file size
bool$removeTempFile(false) remove the temporary file?
Exceptions
MWException

Definition at line 221 of file UploadBase.php.

References $name, FileBackend\isStoragePath(), and setTempFile().

Referenced by UploadFromChunks\continueChunks(), UploadFromStash\initialize(), UploadFromUrl\initialize(), and UploadFromFile\initialize().

◆ isAllowed()

static UploadBase::isAllowed (   $user)
static

Returns true if the user can use this upload module or else a string identifying the missing permission.

Can be overridden by subclasses.

Parameters
User$user
Returns
bool|string

Reimplemented in UploadFromUrl.

Definition at line 122 of file UploadBase.php.

References $user, and as.

Referenced by SkinTemplate\buildNavUrls(), and SpecialUpload\execute().

◆ isEmptyFile()

UploadBase::isEmptyFile ( )

Return true if the file is empty.

Returns
bool

Definition at line 267 of file UploadBase.php.

Referenced by verifyUpload(), and UploadFromFile\verifyUpload().

◆ isEnabled()

static UploadBase::isEnabled ( )
static

Returns true if uploads are enabled.

Can be override by subclasses.

Returns
bool

Reimplemented in UploadFromUrl.

Definition at line 103 of file UploadBase.php.

References $wgEnableUploads, global, wfIniGetBool(), and wfIsHHVM().

Referenced by ApiQuerySiteinfo\appendGeneralInfo(), SkinTemplate\buildNavUrls(), SpecialUpload\execute(), ApiUpload\execute(), and SpecialUpload\userCanExecute().

◆ isThrottled()

static UploadBase::isThrottled (   $user)
static

Returns true if the user has surpassed the upload rate limit, false otherwise.

Parameters
User$user
Returns
bool

Definition at line 138 of file UploadBase.php.

References $user.

Referenced by ApiUpload\getContextResult(), and SpecialUpload\processUpload().

◆ isThumbName()

static UploadBase::isThumbName (   $filename)
static

Helper function that checks whether the filename looks like a thumbnail.

Parameters
string$filename
Returns
bool

Definition at line 1899 of file UploadBase.php.

◆ isValidRequest()

static UploadBase::isValidRequest (   $request)
static

Check whether a request if valid for this handler.

Parameters
WebRequest$request
Returns
bool

Reimplemented in UploadFromFile, UploadFromStash, and UploadFromUrl.

Definition at line 196 of file UploadBase.php.

◆ performUpload()

UploadBase::performUpload (   $comment,
  $pageText,
  $watch,
  $user,
  $tags = [] 
)

Really perform the upload.

Stores the file in the local repo, watches if necessary and runs the UploadComplete hook.

Parameters
string$comment
string$pageText
bool$watchWhether the file page should be added to user's watchlist. (This doesn't check $user's permissions.)
User$user
string[]$tagsChange tags to add to the log entry and page revision. (This doesn't check $user's permissions.)
Returns
Status Indicating the whether the upload succeeded.

Definition at line 718 of file UploadBase.php.

References $comment, $status, $user, File\DELETE_SOURCE, WatchAction\doWatch(), getLocalFile(), getTitle(), postProcessUpload(), and IDBAccessObject\READ_LATEST.

◆ postProcessUpload()

UploadBase::postProcessUpload ( )

Perform extra steps after a successful upload.

Since
1.25

Reimplemented in UploadFromStash.

Definition at line 755 of file UploadBase.php.

References $wgUploadThumbnailRenderMap, as, getLocalFile(), global, and JobQueueGroup\singleton().

Referenced by performUpload().

◆ setSessionStatus()

static UploadBase::setSessionStatus ( User  $user,
  $statusKey,
  $value 
)
static

Set the current status of a chunked upload (used for polling)

The value will be set in cache for 1 day

Parameters
User$user
string$statusKey
array | bool$value
Returns
void

Definition at line 2043 of file UploadBase.php.

References $cache, $user, $value, ObjectCache\getMainStashInstance(), and wfMemcKey().

Referenced by ApiUpload\getChunkResult(), ApiUpload\performUpload(), AssembleUploadChunksJob\run(), and PublishStashedFileJob\run().

◆ setTempFile()

UploadBase::setTempFile (   $tempPath,
  $fileSize = null 
)
protected
Parameters
string$tempPathFile system path to temporary file containing the upload
integer$fileSize

Definition at line 242 of file UploadBase.php.

Referenced by UploadFromChunks\concatenateChunks(), and initializePathInfo().

◆ splitExtensions()

static UploadBase::splitExtensions (   $filename)
static

Split a file into a base name and all dot-delimited 'extensions' on the end.

Some web server configurations will fall back to earlier pseudo-'extensions' to determine type and execute scripts, so the blacklist needs to check them all.

Parameters
string$filename
Returns
array

Definition at line 995 of file UploadBase.php.

Referenced by StreamFile\contentTypeFromPath(), and getTitle().

◆ splitXmlNamespace()

static UploadBase::splitXmlNamespace (   $element)
staticprivate

Divide the element name passed by the xml parser to the callback into URI and prifix.

Parameters
string$element
Returns
array Containing the namespace URI and prefix

Definition at line 1626 of file UploadBase.php.

References $name.

Referenced by checkSvgScriptCallback().

◆ stashFile()

UploadBase::stashFile ( User  $user = null)

If the user does not supply all necessary information in the first upload form submission (either by accident or by design) then we may want to stash the file temporarily, get more information, and publish the file later.

This method will stash a file in a temporary directory for later processing, and save the necessary descriptive info into the database. This method returns the file object, which also has a 'fileKey' property which can be passed through a form or API request to find this stashed file again.

Parameters
User$user
Returns
UploadStashFile Stashed file

Reimplemented in UploadFromChunks, and UploadFromStash.

Definition at line 941 of file UploadBase.php.

References $user, getSourceType(), and RepoGroup\singleton().

Referenced by stashFileGetKey().

◆ stashFileGetKey()

UploadBase::stashFileGetKey ( )

Stash a file in a temporary directory, returning a key which can be used to find the file again.

See stashFile().

Returns
string File key

Definition at line 957 of file UploadBase.php.

References stashFile().

Referenced by stashSession().

◆ stashSession()

UploadBase::stashSession ( )

alias for stashFileGetKey, for backwards compatibility

Returns
string File key

Reimplemented in UploadFromStash.

Definition at line 966 of file UploadBase.php.

References stashFileGetKey().

◆ stripXmlNamespace()

UploadBase::stripXmlNamespace (   $name)
private
Parameters
string$name
Returns
string

Definition at line 1639 of file UploadBase.php.

References $name.

Referenced by checkSvgScriptCallback().

◆ userCanReUpload()

static UploadBase::userCanReUpload ( User  $user,
File  $img 
)
static

Check if a user is the last uploader.

Parameters
User$user
File$img
Returns
bool

Definition at line 1783 of file UploadBase.php.

Referenced by ImagePage\uploadLinksBox().

◆ validateName()

UploadBase::validateName ( )

Verify that the name is valid and, if necessary, that we can overwrite.

Returns
mixed True if valid, otherwise and array with 'status' and other keys

Definition at line 370 of file UploadBase.php.

References $mBlackListedExtensions, $mFilteredName, $mFinalExtension, $mTitleError, getLocalFile(), InfoAction\getName(), and getTitle().

Referenced by verifyUpload().

◆ verifyExtension()

static UploadBase::verifyExtension (   $mime,
  $extension 
)
static

Checks if the MIME type of the uploaded file matches the file extension.

Parameters
string$mimeThe MIME type of the uploaded file
string$extensionThe filename extension that the file is to be served with
Returns
bool

Definition at line 1033 of file UploadBase.php.

References $mime, and wfDebug().

Referenced by verifyFile().

◆ verifyFile()

UploadBase::verifyFile ( )
protected

Verifies that it's ok to include the uploaded file.

Returns
mixed True of the file is verified, array otherwise.

Definition at line 432 of file UploadBase.php.

References $handler, $mFinalExtension, $mime, $status, $wgDisableUploadScriptChecks, $wgVerifyMimeType, detectScriptInSvg(), MediaHandler\getHandler(), FSFile\getPropsFromPath(), global, verifyExtension(), verifyPartialFile(), and wfDebug().

Referenced by verifyUpload().

◆ verifyMimeType()

UploadBase::verifyMimeType (   $mime)
protected

Verify the MIME type.

Note
Only checks that it is not an evil MIME. The "does it have correct extension given its MIME type?" check is in verifyFile. in verifyFile() that MIME type and file extension correlate.
Parameters
string$mimeRepresenting the MIME
Returns
mixed True if the file is verified, an array otherwise

Definition at line 400 of file UploadBase.php.

References $mime, $wgMimeTypeBlacklist, $wgVerifyMimeType, as, checkFileExtension(), global, and wfDebug().

Referenced by verifyPartialFile().

◆ verifyPartialFile()

UploadBase::verifyPartialFile ( )
protected

A verification routine suitable for partial files.

Runs the blacklist checks, but not any checks that may assume the entire file is present.

Returns
mixed True for valid or array with error message key.

Definition at line 488 of file UploadBase.php.

References $mime, $status, $wgAllowJavaUploads, $wgDisableUploadScriptChecks, detectScriptInSvg(), detectVirus(), FSFile\getPropsFromPath(), getTitle(), global, ZipDirectoryReader\read(), and verifyMimeType().

Referenced by UploadFromChunks\verifyChunk(), and verifyFile().

◆ verifyPermissions()

UploadBase::verifyPermissions (   $user)

Alias for verifyTitlePermissions.

The function was originally 'verifyPermissions', but that suggests it's checking the user, when it's really checking the title + user combination.

Parameters
User$userUser object to verify the permissions against
Returns
mixed An array as returned by getUserPermissionsErrors or true in case the user has proper permissions.

Definition at line 577 of file UploadBase.php.

References $user, and verifyTitlePermissions().

◆ verifyTitlePermissions()

UploadBase::verifyTitlePermissions (   $user)

Check whether the user can edit, upload and create the image.

This checks only against the current title; if it returns errors, it may very well be that another title will not give errors. Therefore isAllowed() should be called as well for generic is-user-blocked or can-user-upload checking.

Parameters
User$userUser object to verify the permissions against
Returns
mixed An array as returned by getUserPermissionsErrors or true in case the user has proper permissions.

Definition at line 592 of file UploadBase.php.

References $user, checkOverwrite(), getTitle(), and wfArrayDiff2().

Referenced by verifyPermissions().

◆ verifyUpload()

UploadBase::verifyUpload ( )

Verify whether the upload is sane.

Returns
mixed Const self::OK or else an array with error information

Reimplemented in UploadFromFile.

Definition at line 313 of file UploadBase.php.

References EMPTY_FILE, FILE_TOO_LARGE, getMaxUploadSize(), getSourceType(), HOOK_ABORTED, isEmptyFile(), OK, validateName(), VERIFICATION_ERROR, and verifyFile().

◆ zipEntryCallback()

UploadBase::zipEntryCallback (   $entry)

Callback for ZipDirectoryReader to detect Java class files.

Parameters
array$entry

Definition at line 548 of file UploadBase.php.

Member Data Documentation

◆ $mBlackListedExtensions

UploadBase::$mBlackListedExtensions
protected

Definition at line 48 of file UploadBase.php.

Referenced by validateName().

◆ $mDesiredDestName

UploadBase::$mDesiredDestName
protected

Definition at line 44 of file UploadBase.php.

Referenced by getTitle(), and UploadFromChunks\verifyChunk().

◆ $mDestName

UploadBase::$mDestName
protected

Definition at line 44 of file UploadBase.php.

◆ $mFileProps

UploadBase::$mFileProps
protected

Definition at line 47 of file UploadBase.php.

◆ $mFileSize

UploadBase::$mFileSize
protected

Definition at line 47 of file UploadBase.php.

Referenced by checkWarnings(), and getFileSize().

◆ $mFilteredName

UploadBase::$mFilteredName
protected

Definition at line 46 of file UploadBase.php.

Referenced by validateName().

◆ $mFinalExtension

UploadBase::$mFinalExtension
protected

Definition at line 46 of file UploadBase.php.

Referenced by checkWarnings(), getTitle(), validateName(), and verifyFile().

◆ $mJavaDetected

UploadBase::$mJavaDetected
protected

Definition at line 49 of file UploadBase.php.

◆ $mLocalFile

UploadBase::$mLocalFile
protected

◆ $mRemoveTempFile

UploadBase::$mRemoveTempFile
protected

Definition at line 44 of file UploadBase.php.

◆ $mSourceType

UploadBase::$mSourceType
protected

Definition at line 44 of file UploadBase.php.

◆ $mSVGNSError

UploadBase::$mSVGNSError
protected

Definition at line 49 of file UploadBase.php.

Referenced by detectScriptInSvg().

◆ $mTempPath

string UploadBase::$mTempPath
protected

Local file system path to the file to upload (or a local copy)

Definition at line 40 of file UploadBase.php.

Referenced by UploadFromChunks\addChunk(), and getTempPath().

◆ $mTitle

UploadBase::$mTitle = false
protected

Definition at line 45 of file UploadBase.php.

Referenced by getTitle().

◆ $mTitleError

UploadBase::$mTitleError = 0
protected

Definition at line 45 of file UploadBase.php.

Referenced by UploadTestHandler\testTitleValidation(), and validateName().

◆ $safeXmlEncodings

UploadBase::$safeXmlEncodings
staticprotected
Initial value:
= [
'UTF-8',
'ISO-8859-1',
'ISO-8859-2',
'UTF-16',
'UTF-32'
]

Definition at line 51 of file UploadBase.php.

◆ $tempFileObj

TempFSFile null UploadBase::$tempFileObj
protected

Wrapper to handle deleting the temp file.

Definition at line 42 of file UploadBase.php.

◆ $uploadHandlers

UploadBase::$uploadHandlers = [ 'Stash', 'File', 'Url' ]
staticprivate

Definition at line 143 of file UploadBase.php.

◆ EMPTY_FILE

const UploadBase::EMPTY_FILE = 3

◆ FILE_TOO_LARGE

const UploadBase::FILE_TOO_LARGE = 12

◆ FILENAME_TOO_LONG

const UploadBase::FILENAME_TOO_LONG = 14

◆ FILETYPE_BADTYPE

const UploadBase::FILETYPE_BADTYPE = 9

◆ FILETYPE_MISSING

const UploadBase::FILETYPE_MISSING = 8

◆ HOOK_ABORTED

const UploadBase::HOOK_ABORTED = 11

◆ ILLEGAL_FILENAME

const UploadBase::ILLEGAL_FILENAME = 5

◆ MIN_LENGTH_PARTNAME

const UploadBase::MIN_LENGTH_PARTNAME = 4

◆ OK

◆ OVERWRITE_EXISTING_FILE

const UploadBase::OVERWRITE_EXISTING_FILE = 7

Definition at line 64 of file UploadBase.php.

◆ SUCCESS

const UploadBase::SUCCESS = 0

Definition at line 59 of file UploadBase.php.

◆ VERIFICATION_ERROR

const UploadBase::VERIFICATION_ERROR = 10

◆ WINDOWS_NONASCII_FILENAME

const UploadBase::WINDOWS_NONASCII_FILENAME = 13

The documentation for this class was generated from the following file: