MediaWiki REL1_30
UploadStash.php
Go to the documentation of this file.
1<?php
55 // Format of the key for files -- has to be suitable as a filename itself (e.g. ab12cd34ef.jpg)
56 const KEY_FORMAT_REGEX = '/^[\w-\.]+\.\w*$/';
57 const MAX_US_PROPS_SIZE = 65535;
58
65 public $repo;
66
67 // array of initialized repo objects
68 protected $files = [];
69
70 // cache of the file metadata that's stored in the database
71 protected $fileMetadata = [];
72
73 // fileprops cache
74 protected $fileProps = [];
75
76 // current user
78
87 public function __construct( FileRepo $repo, $user = null ) {
88 // this might change based on wiki's configuration.
89 $this->repo = $repo;
90
91 // if a user was passed, use it. otherwise, attempt to use the global.
92 // this keeps FileRepo from breaking when it creates an UploadStash object
93 if ( $user ) {
94 $this->user = $user;
95 } else {
96 global $wgUser;
97 $this->user = $wgUser;
98 }
99
100 if ( is_object( $this->user ) ) {
101 $this->userId = $this->user->getId();
102 $this->isLoggedIn = $this->user->isLoggedIn();
103 }
104 }
105
119 public function getFile( $key, $noAuth = false ) {
120 if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
121 throw new UploadStashBadPathException( "key '$key' is not in a proper format" );
122 }
123
124 if ( !$noAuth && !$this->isLoggedIn ) {
125 throw new UploadStashNotLoggedInException( __METHOD__ .
126 ' No user is logged in, files must belong to users' );
127 }
128
129 if ( !isset( $this->fileMetadata[$key] ) ) {
130 if ( !$this->fetchFileMetadata( $key ) ) {
131 // If nothing was received, it's likely due to replication lag.
132 // Check the master to see if the record is there.
133 $this->fetchFileMetadata( $key, DB_MASTER );
134 }
135
136 if ( !isset( $this->fileMetadata[$key] ) ) {
137 throw new UploadStashFileNotFoundException( "key '$key' not found in stash" );
138 }
139
140 // create $this->files[$key]
141 $this->initFile( $key );
142
143 // fetch fileprops
144 if ( strlen( $this->fileMetadata[$key]['us_props'] ) ) {
145 $this->fileProps[$key] = unserialize( $this->fileMetadata[$key]['us_props'] );
146 } else { // b/c for rows with no us_props
147 wfDebug( __METHOD__ . " fetched props for $key from file\n" );
148 $path = $this->fileMetadata[$key]['us_path'];
149 $this->fileProps[$key] = $this->repo->getFileProps( $path );
150 }
151 }
152
153 if ( !$this->files[$key]->exists() ) {
154 wfDebug( __METHOD__ . " tried to get file at $key, but it doesn't exist\n" );
155 // @todo Is this not an UploadStashFileNotFoundException case?
156 throw new UploadStashBadPathException( "path doesn't exist" );
157 }
158
159 if ( !$noAuth ) {
160 if ( $this->fileMetadata[$key]['us_user'] != $this->userId ) {
161 throw new UploadStashWrongOwnerException( "This file ($key) doesn't "
162 . "belong to the current user." );
163 }
164 }
165
166 return $this->files[$key];
167 }
168
175 public function getMetadata( $key ) {
176 $this->getFile( $key );
177
178 return $this->fileMetadata[$key];
179 }
180
187 public function getFileProps( $key ) {
188 $this->getFile( $key );
189
190 return $this->fileProps[$key];
191 }
192
205 public function stashFile( $path, $sourceType = null ) {
206 if ( !is_file( $path ) ) {
207 wfDebug( __METHOD__ . " tried to stash file at '$path', but it doesn't exist\n" );
208 throw new UploadStashBadPathException( "path doesn't exist" );
209 }
210
211 $mwProps = new MWFileProps( MimeMagic::singleton() );
212 $fileProps = $mwProps->getPropsFromPath( $path, true );
213 wfDebug( __METHOD__ . " stashing file at '$path'\n" );
214
215 // we will be initializing from some tmpnam files that don't have extensions.
216 // most of MediaWiki assumes all uploaded files have good extensions. So, we fix this.
217 $extension = self::getExtensionForPath( $path );
218 if ( !preg_match( "/\\.\\Q$extension\\E$/", $path ) ) {
219 $pathWithGoodExtension = "$path.$extension";
220 } else {
221 $pathWithGoodExtension = $path;
222 }
223
224 // If no key was supplied, make one. a mysql insertid would be totally
225 // reasonable here, except that for historical reasons, the key is this
226 // random thing instead. At least it's not guessable.
227 // Some things that when combined will make a suitably unique key.
228 // see: http://www.jwz.org/doc/mid.html
229 list( $usec, $sec ) = explode( ' ', microtime() );
230 $usec = substr( $usec, 2 );
231 $key = Wikimedia\base_convert( $sec . $usec, 10, 36 ) . '.' .
232 Wikimedia\base_convert( mt_rand(), 10, 36 ) . '.' .
233 $this->userId . '.' .
234 $extension;
235
236 $this->fileProps[$key] = $fileProps;
237
238 if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
239 throw new UploadStashBadPathException( "key '$key' is not in a proper format" );
240 }
241
242 wfDebug( __METHOD__ . " key for '$path': $key\n" );
243
244 // if not already in a temporary area, put it there
245 $storeStatus = $this->repo->storeTemp( basename( $pathWithGoodExtension ), $path );
246
247 if ( !$storeStatus->isOK() ) {
248 // It is a convention in MediaWiki to only return one error per API
249 // exception, even if multiple errors are available. We use reset()
250 // to pick the "first" thing that was wrong, preferring errors to
251 // warnings. This is a bit lame, as we may have more info in the
252 // $storeStatus and we're throwing it away, but to fix it means
253 // redesigning API errors significantly.
254 // $storeStatus->value just contains the virtual URL (if anything)
255 // which is probably useless to the caller.
256 $error = $storeStatus->getErrorsArray();
257 $error = reset( $error );
258 if ( !count( $error ) ) {
259 $error = $storeStatus->getWarningsArray();
260 $error = reset( $error );
261 if ( !count( $error ) ) {
262 $error = [ 'unknown', 'no error recorded' ];
263 }
264 }
265 // At this point, $error should contain the single "most important"
266 // error, plus any parameters.
267 $errorMsg = array_shift( $error );
268 throw new UploadStashFileException( "Error storing file in '$path': "
269 . wfMessage( $errorMsg, $error )->text() );
270 }
271 $stashPath = $storeStatus->value;
272
273 // fetch the current user ID
274 if ( !$this->isLoggedIn ) {
275 throw new UploadStashNotLoggedInException( __METHOD__
276 . ' No user is logged in, files must belong to users' );
277 }
278
279 // insert the file metadata into the db.
280 wfDebug( __METHOD__ . " inserting $stashPath under $key\n" );
281 $dbw = $this->repo->getMasterDB();
282
283 $serializedFileProps = serialize( $fileProps );
284 if ( strlen( $serializedFileProps ) > self::MAX_US_PROPS_SIZE ) {
285 // Database is going to truncate this and make the field invalid.
286 // Prioritize important metadata over file handler metadata.
287 // File handler should be prepared to regenerate invalid metadata if needed.
288 $fileProps['metadata'] = false;
289 $serializedFileProps = serialize( $fileProps );
290 }
291
292 $this->fileMetadata[$key] = [
293 'us_user' => $this->userId,
294 'us_key' => $key,
295 'us_orig_path' => $path,
296 'us_path' => $stashPath, // virtual URL
297 'us_props' => $dbw->encodeBlob( $serializedFileProps ),
298 'us_size' => $fileProps['size'],
299 'us_sha1' => $fileProps['sha1'],
300 'us_mime' => $fileProps['mime'],
301 'us_media_type' => $fileProps['media_type'],
302 'us_image_width' => $fileProps['width'],
303 'us_image_height' => $fileProps['height'],
304 'us_image_bits' => $fileProps['bits'],
305 'us_source_type' => $sourceType,
306 'us_timestamp' => $dbw->timestamp(),
307 'us_status' => 'finished'
308 ];
309
310 $dbw->insert(
311 'uploadstash',
312 $this->fileMetadata[$key],
313 __METHOD__
314 );
315
316 // store the insertid in the class variable so immediate retrieval
317 // (possibly laggy) isn't necesary.
318 $this->fileMetadata[$key]['us_id'] = $dbw->insertId();
319
320 # create the UploadStashFile object for this file.
321 $this->initFile( $key );
322
323 return $this->getFile( $key );
324 }
325
333 public function clear() {
334 if ( !$this->isLoggedIn ) {
335 throw new UploadStashNotLoggedInException( __METHOD__
336 . ' No user is logged in, files must belong to users' );
337 }
338
339 wfDebug( __METHOD__ . ' clearing all rows for user ' . $this->userId . "\n" );
340 $dbw = $this->repo->getMasterDB();
341 $dbw->delete(
342 'uploadstash',
343 [ 'us_user' => $this->userId ],
344 __METHOD__
345 );
346
347 # destroy objects.
348 $this->files = [];
349 $this->fileMetadata = [];
350
351 return true;
352 }
353
362 public function removeFile( $key ) {
363 if ( !$this->isLoggedIn ) {
364 throw new UploadStashNotLoggedInException( __METHOD__
365 . ' No user is logged in, files must belong to users' );
366 }
367
368 $dbw = $this->repo->getMasterDB();
369
370 // this is a cheap query. it runs on the master so that this function
371 // still works when there's lag. It won't be called all that often.
372 $row = $dbw->selectRow(
373 'uploadstash',
374 'us_user',
375 [ 'us_key' => $key ],
376 __METHOD__
377 );
378
379 if ( !$row ) {
380 throw new UploadStashNoSuchKeyException( "No such key ($key), cannot remove" );
381 }
382
383 if ( $row->us_user != $this->userId ) {
384 throw new UploadStashWrongOwnerException( "Can't delete: "
385 . "the file ($key) doesn't belong to this user." );
386 }
387
388 return $this->removeFileNoAuth( $key );
389 }
390
397 public function removeFileNoAuth( $key ) {
398 wfDebug( __METHOD__ . " clearing row $key\n" );
399
400 // Ensure we have the UploadStashFile loaded for this key
401 $this->getFile( $key, true );
402
403 $dbw = $this->repo->getMasterDB();
404
405 $dbw->delete(
406 'uploadstash',
407 [ 'us_key' => $key ],
408 __METHOD__
409 );
410
414 $this->files[$key]->remove();
415
416 unset( $this->files[$key] );
417 unset( $this->fileMetadata[$key] );
418
419 return true;
420 }
421
428 public function listFiles() {
429 if ( !$this->isLoggedIn ) {
430 throw new UploadStashNotLoggedInException( __METHOD__
431 . ' No user is logged in, files must belong to users' );
432 }
433
434 $dbr = $this->repo->getReplicaDB();
435 $res = $dbr->select(
436 'uploadstash',
437 'us_key',
438 [ 'us_user' => $this->userId ],
439 __METHOD__
440 );
441
442 if ( !is_object( $res ) || $res->numRows() == 0 ) {
443 // nothing to do.
444 return false;
445 }
446
447 // finish the read before starting writes.
448 $keys = [];
449 foreach ( $res as $row ) {
450 array_push( $keys, $row->us_key );
451 }
452
453 return $keys;
454 }
455
466 public static function getExtensionForPath( $path ) {
467 global $wgFileBlacklist;
468 // Does this have an extension?
469 $n = strrpos( $path, '.' );
470 $extension = null;
471 if ( $n !== false ) {
472 $extension = $n ? substr( $path, $n + 1 ) : '';
473 } else {
474 // If not, assume that it should be related to the MIME type of the original file.
475 $magic = MimeMagic::singleton();
476 $mimeType = $magic->guessMimeType( $path );
477 $extensions = explode( ' ', MimeMagic::singleton()->getExtensionsForType( $mimeType ) );
478 if ( count( $extensions ) ) {
479 $extension = $extensions[0];
480 }
481 }
482
483 if ( is_null( $extension ) ) {
484 throw new UploadStashFileException( "extension is null" );
485 }
486
487 $extension = File::normalizeExtension( $extension );
488 if ( in_array( $extension, $wgFileBlacklist ) ) {
489 // The file should already be checked for being evil.
490 // However, if somehow we got here, we definitely
491 // don't want to give it an extension of .php and
492 // put it in a web accesible directory.
493 return '';
494 }
495
496 return $extension;
497 }
498
506 protected function fetchFileMetadata( $key, $readFromDB = DB_REPLICA ) {
507 // populate $fileMetadata[$key]
508 $dbr = null;
509 if ( $readFromDB === DB_MASTER ) {
510 // sometimes reading from the master is necessary, if there's replication lag.
511 $dbr = $this->repo->getMasterDB();
512 } else {
513 $dbr = $this->repo->getReplicaDB();
514 }
515
516 $row = $dbr->selectRow(
517 'uploadstash',
518 '*',
519 [ 'us_key' => $key ],
520 __METHOD__
521 );
522
523 if ( !is_object( $row ) ) {
524 // key wasn't present in the database. this will happen sometimes.
525 return false;
526 }
527
528 $this->fileMetadata[$key] = (array)$row;
529 $this->fileMetadata[$key]['us_props'] = $dbr->decodeBlob( $row->us_props );
530
531 return true;
532 }
533
541 protected function initFile( $key ) {
542 $file = new UploadStashFile( $this->repo, $this->fileMetadata[$key]['us_path'], $key );
543 if ( $file->getSize() === 0 ) {
544 throw new UploadStashZeroLengthFileException( "File is zero length" );
545 }
546 $this->files[$key] = $file;
547
548 return true;
549 }
550}
551
553 private $fileKey;
554 private $urlName;
555 protected $url;
556
569 public function __construct( $repo, $path, $key ) {
570 $this->fileKey = $key;
571
572 // resolve mwrepo:// urls
573 if ( $repo->isVirtualUrl( $path ) ) {
574 $path = $repo->resolveVirtualUrl( $path );
575 } else {
576 // check if path appears to be sane, no parent traversals,
577 // and is in this repo's temp zone.
578 $repoTempPath = $repo->getZonePath( 'temp' );
579 if ( ( !$repo->validateFilename( $path ) ) ||
580 ( strpos( $path, $repoTempPath ) !== 0 )
581 ) {
582 wfDebug( "UploadStash: tried to construct an UploadStashFile "
583 . "from a file that should already exist at '$path', but path is not valid\n" );
584 throw new UploadStashBadPathException( 'path is not valid' );
585 }
586
587 // check if path exists! and is a plain file.
588 if ( !$repo->fileExists( $path ) ) {
589 wfDebug( "UploadStash: tried to construct an UploadStashFile from "
590 . "a file that should already exist at '$path', but path is not found\n" );
591 throw new UploadStashFileNotFoundException( 'cannot find path, or not a plain file' );
592 }
593 }
594
595 parent::__construct( false, $repo, $path, false );
596
597 $this->name = basename( $this->path );
598 }
599
608 public function getDescriptionUrl() {
609 return $this->getUrl();
610 }
611
622 public function getThumbPath( $thumbName = false ) {
623 $path = dirname( $this->path );
624 if ( $thumbName !== false ) {
625 $path .= "/$thumbName";
626 }
627
628 return $path;
629 }
630
640 function thumbName( $params, $flags = 0 ) {
641 return $this->generateThumbName( $this->getUrlName(), $params );
642 }
643
650 private function getSpecialUrl( $subPage ) {
651 return SpecialPage::getTitleFor( 'UploadStash', $subPage )->getLocalURL();
652 }
653
664 public function getThumbUrl( $thumbName = false ) {
665 wfDebug( __METHOD__ . " getting for $thumbName \n" );
666
667 return $this->getSpecialUrl( 'thumb/' . $this->getUrlName() . '/' . $thumbName );
668 }
669
676 public function getUrlName() {
677 if ( !$this->urlName ) {
678 $this->urlName = $this->fileKey;
679 }
680
681 return $this->urlName;
682 }
683
690 public function getUrl() {
691 if ( !isset( $this->url ) ) {
692 $this->url = $this->getSpecialUrl( 'file/' . $this->getUrlName() );
693 }
694
695 return $this->url;
696 }
697
705 public function getFullUrl() {
706 return $this->getUrl();
707 }
708
715 public function getFileKey() {
716 return $this->fileKey;
717 }
718
723 public function remove() {
724 if ( !$this->repo->fileExists( $this->path ) ) {
725 // Maybe the file's already been removed? This could totally happen in UploadBase.
726 return true;
727 }
728
729 return $this->repo->freeTemp( $this->path );
730 }
731
732 public function exists() {
733 return $this->repo->fileExists( $this->path );
734 }
735}
736
739
742
745
748
751
754
757
serialize()
unserialize( $serialized)
c Accompany it with the information you received as to the offer to distribute corresponding source complete source code means all the source code for all modules it plus any associated interface definition files
Definition COPYING.txt:158
$wgFileBlacklist
Files with these extensions will never be allowed as uploads.
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
$wgUser
Definition Setup.php:817
Base class for file repositories.
Definition FileRepo.php:37
resolveVirtualUrl( $url)
Get the backend storage path corresponding to a virtual URL.
Definition FileRepo.php:323
fileExists( $file)
Checks existence of a a file.
getZonePath( $zone)
Get the storage path corresponding to one of the zones.
Definition FileRepo.php:363
static isVirtualUrl( $url)
Determine if a string is an mwrepo:// URL.
Definition FileRepo.php:254
validateFilename( $filename)
Determine if a relative path is valid, i.e.
FileRepo LocalRepo ForeignAPIRepo bool $repo
Some member variables can be lazy-initialised using __get().
Definition File.php:96
static normalizeExtension( $extension)
Normalize a file extension to the common form, making it lowercase and checking some synonyms,...
Definition File.php:224
generateThumbName( $name, $params)
Generate a thumbnail file name from a name and specified parameters.
Definition File.php:953
A repository that stores files in the local filesystem and registers them in the wiki's own database.
Definition LocalRepo.php:35
MediaWiki exception.
MimeMagic helper wrapper.
static singleton()
Get an instance of this class.
Definition MimeMagic.php:33
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
A file object referring to either a standalone local file, or a file in a local repository with no da...
exists()
Returns true if file exists in the repository.
__construct( $repo, $path, $key)
A LocalFile wrapper around a file that has been temporarily stashed, so we can do things like create ...
getThumbPath( $thumbName=false)
Get the path for the thumbnail (actually any transformation of this file) The actual argument is the ...
getDescriptionUrl()
A method needed by the file transforming and scaling routines in File.php We do not necessarily care ...
getSpecialUrl( $subPage)
Helper function – given a 'subpage', return the local URL, e.g.
getUrl()
Return the URL of the file, if for some reason we wanted to download it We tend not to do this for th...
getThumbUrl( $thumbName=false)
Get a URL to access the thumbnail This is required because the model of how files work requires that ...
getFullUrl()
Parent classes use this method, for no obvious reason, to return the path (relative to wiki root,...
getUrlName()
The basename for the URL, which we want to not be related to the filename.
getFileKey()
Getter for file key (the unique id by which this file's location & metadata is stored in the db)
thumbName( $params, $flags=0)
Return the file/url base name of a thumbnail with the specified parameters.
UploadStash is intended to accomplish a few things:
static getExtensionForPath( $path)
Find or guess extension – ensuring that our extension matches our MIME type.
removeFile( $key)
Remove a particular file from the stash.
__construct(FileRepo $repo, $user=null)
Represents a temporary filestore, with metadata in the database.
const KEY_FORMAT_REGEX
fetchFileMetadata( $key, $readFromDB=DB_REPLICA)
Helper function: do the actual database query to fetch file metadata.
getFileProps( $key)
Getter for fileProps.
stashFile( $path, $sourceType=null)
Stash a file in a temp directory and record that we did this in the database, along with other metada...
clear()
Remove all files from the stash.
const MAX_US_PROPS_SIZE
listFiles()
List all files in the stash.
getMetadata( $key)
Getter for file metadata.
removeFileNoAuth( $key)
Remove a file (see removeFile), but doesn't check ownership first.
initFile( $key)
Helper function: Initialize the UploadStashFile for a given file.
getFile( $key, $noAuth=false)
Get a file and its metadata from the stash.
LocalRepo $repo
repository that this uses to store temp files public because we sometimes need to get a LocalFile wit...
if(! $regexes) $dbr
Definition cleanup.php:94
$res
Definition database.txt:21
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
Definition deferred.txt:11
design txt This is a brief overview of the new design More thorough and up to date information is available on the documentation wiki at etc Handles the details of getting and saving to the user table of the and dealing with sessions and cookies OutputPage Encapsulates the entire HTML page that will be sent in response to any server request It is used by calling its functions to add text
Definition design.txt:18
the array() calling protocol came about after MediaWiki 1.4rc1.
either a unescaped string or a HtmlArmor object after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock() - offset Set to overwrite offset parameter in $wgRequest set to '' to unset offset - wrap String Wrap the message in html(usually something like "&lt;div ...>$1&lt;/div>"). - flags Integer display flags(NO_ACTION_LINK, NO_EXTRA_USER_LINKS) 'LogException':Called before an exception(or PHP error) is logged. This is meant for integration with external error aggregation services
it s the revision text itself In either if gzip is the revision text is gzipped $flags
Definition hooks.txt:2805
const DB_REPLICA
Definition defines.php:25
const DB_MASTER
Definition defines.php:26
$params