MediaWiki REL1_32
UploadStash.php
Go to the documentation of this file.
1<?php
54 // Format of the key for files -- has to be suitable as a filename itself (e.g. ab12cd34ef.jpg)
55 const KEY_FORMAT_REGEX = '/^[\w\-\.]+\.\w*$/';
56 const MAX_US_PROPS_SIZE = 65535;
57
64 public $repo;
65
66 // array of initialized repo objects
67 protected $files = [];
68
69 // cache of the file metadata that's stored in the database
70 protected $fileMetadata = [];
71
72 // fileprops cache
73 protected $fileProps = [];
74
75 // current user
77
86 public function __construct( FileRepo $repo, $user = null ) {
87 // this might change based on wiki's configuration.
88 $this->repo = $repo;
89
90 // if a user was passed, use it. otherwise, attempt to use the global.
91 // this keeps FileRepo from breaking when it creates an UploadStash object
92 if ( $user ) {
93 $this->user = $user;
94 } else {
95 global $wgUser;
96 $this->user = $wgUser;
97 }
98
99 if ( is_object( $this->user ) ) {
100 $this->userId = $this->user->getId();
101 $this->isLoggedIn = $this->user->isLoggedIn();
102 }
103 }
104
118 public function getFile( $key, $noAuth = false ) {
119 if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
121 wfMessage( 'uploadstash-bad-path-bad-format', $key )
122 );
123 }
124
125 if ( !$noAuth && !$this->isLoggedIn ) {
127 wfMessage( 'uploadstash-not-logged-in' )
128 );
129 }
130
131 if ( !isset( $this->fileMetadata[$key] ) ) {
132 if ( !$this->fetchFileMetadata( $key ) ) {
133 // If nothing was received, it's likely due to replication lag.
134 // Check the master to see if the record is there.
135 $this->fetchFileMetadata( $key, DB_MASTER );
136 }
137
138 if ( !isset( $this->fileMetadata[$key] ) ) {
140 wfMessage( 'uploadstash-file-not-found', $key )
141 );
142 }
143
144 // create $this->files[$key]
145 $this->initFile( $key );
146
147 // fetch fileprops
148 if ( strlen( $this->fileMetadata[$key]['us_props'] ) ) {
149 $this->fileProps[$key] = unserialize( $this->fileMetadata[$key]['us_props'] );
150 } else { // b/c for rows with no us_props
151 wfDebug( __METHOD__ . " fetched props for $key from file\n" );
152 $path = $this->fileMetadata[$key]['us_path'];
153 $this->fileProps[$key] = $this->repo->getFileProps( $path );
154 }
155 }
156
157 if ( !$this->files[$key]->exists() ) {
158 wfDebug( __METHOD__ . " tried to get file at $key, but it doesn't exist\n" );
159 // @todo Is this not an UploadStashFileNotFoundException case?
161 wfMessage( 'uploadstash-bad-path' )
162 );
163 }
164
165 if ( !$noAuth ) {
166 if ( $this->fileMetadata[$key]['us_user'] != $this->userId ) {
168 wfMessage( 'uploadstash-wrong-owner', $key )
169 );
170 }
171 }
172
173 return $this->files[$key];
174 }
175
182 public function getMetadata( $key ) {
183 $this->getFile( $key );
184
185 return $this->fileMetadata[$key];
186 }
187
194 public function getFileProps( $key ) {
195 $this->getFile( $key );
196
197 return $this->fileProps[$key];
198 }
199
212 public function stashFile( $path, $sourceType = null ) {
213 if ( !is_file( $path ) ) {
214 wfDebug( __METHOD__ . " tried to stash file at '$path', but it doesn't exist\n" );
216 wfMessage( 'uploadstash-bad-path' )
217 );
218 }
219
220 $mwProps = new MWFileProps( MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer() );
221 $fileProps = $mwProps->getPropsFromPath( $path, true );
222 wfDebug( __METHOD__ . " stashing file at '$path'\n" );
223
224 // we will be initializing from some tmpnam files that don't have extensions.
225 // most of MediaWiki assumes all uploaded files have good extensions. So, we fix this.
226 $extension = self::getExtensionForPath( $path );
227 if ( !preg_match( "/\\.\\Q$extension\\E$/", $path ) ) {
228 $pathWithGoodExtension = "$path.$extension";
229 } else {
230 $pathWithGoodExtension = $path;
231 }
232
233 // If no key was supplied, make one. a mysql insertid would be totally
234 // reasonable here, except that for historical reasons, the key is this
235 // random thing instead. At least it's not guessable.
236 // Some things that when combined will make a suitably unique key.
237 // see: http://www.jwz.org/doc/mid.html
238 list( $usec, $sec ) = explode( ' ', microtime() );
239 $usec = substr( $usec, 2 );
240 $key = Wikimedia\base_convert( $sec . $usec, 10, 36 ) . '.' .
241 Wikimedia\base_convert( mt_rand(), 10, 36 ) . '.' .
242 $this->userId . '.' .
243 $extension;
244
245 $this->fileProps[$key] = $fileProps;
246
247 if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
249 wfMessage( 'uploadstash-bad-path-bad-format', $key )
250 );
251 }
252
253 wfDebug( __METHOD__ . " key for '$path': $key\n" );
254
255 // if not already in a temporary area, put it there
256 $storeStatus = $this->repo->storeTemp( basename( $pathWithGoodExtension ), $path );
257
258 if ( !$storeStatus->isOK() ) {
259 // It is a convention in MediaWiki to only return one error per API
260 // exception, even if multiple errors are available. We use reset()
261 // to pick the "first" thing that was wrong, preferring errors to
262 // warnings. This is a bit lame, as we may have more info in the
263 // $storeStatus and we're throwing it away, but to fix it means
264 // redesigning API errors significantly.
265 // $storeStatus->value just contains the virtual URL (if anything)
266 // which is probably useless to the caller.
267 $error = $storeStatus->getErrorsArray();
268 $error = reset( $error );
269 if ( !count( $error ) ) {
270 $error = $storeStatus->getWarningsArray();
271 $error = reset( $error );
272 if ( !count( $error ) ) {
273 $error = [ 'unknown', 'no error recorded' ];
274 }
275 }
276 // At this point, $error should contain the single "most important"
277 // error, plus any parameters.
278 $errorMsg = array_shift( $error );
279 throw new UploadStashFileException( wfMessage( $errorMsg, $error ) );
280 }
281 $stashPath = $storeStatus->value;
282
283 // fetch the current user ID
284 if ( !$this->isLoggedIn ) {
286 wfMessage( 'uploadstash-not-logged-in' )
287 );
288 }
289
290 // insert the file metadata into the db.
291 wfDebug( __METHOD__ . " inserting $stashPath under $key\n" );
292 $dbw = $this->repo->getMasterDB();
293
294 $serializedFileProps = serialize( $fileProps );
295 if ( strlen( $serializedFileProps ) > self::MAX_US_PROPS_SIZE ) {
296 // Database is going to truncate this and make the field invalid.
297 // Prioritize important metadata over file handler metadata.
298 // File handler should be prepared to regenerate invalid metadata if needed.
299 $fileProps['metadata'] = false;
300 $serializedFileProps = serialize( $fileProps );
301 }
302
303 $this->fileMetadata[$key] = [
304 'us_user' => $this->userId,
305 'us_key' => $key,
306 'us_orig_path' => $path,
307 'us_path' => $stashPath, // virtual URL
308 'us_props' => $dbw->encodeBlob( $serializedFileProps ),
309 'us_size' => $fileProps['size'],
310 'us_sha1' => $fileProps['sha1'],
311 'us_mime' => $fileProps['mime'],
312 'us_media_type' => $fileProps['media_type'],
313 'us_image_width' => $fileProps['width'],
314 'us_image_height' => $fileProps['height'],
315 'us_image_bits' => $fileProps['bits'],
316 'us_source_type' => $sourceType,
317 'us_timestamp' => $dbw->timestamp(),
318 'us_status' => 'finished'
319 ];
320
321 $dbw->insert(
322 'uploadstash',
323 $this->fileMetadata[$key],
324 __METHOD__
325 );
326
327 // store the insertid in the class variable so immediate retrieval
328 // (possibly laggy) isn't necessary.
329 $this->fileMetadata[$key]['us_id'] = $dbw->insertId();
330
331 # create the UploadStashFile object for this file.
332 $this->initFile( $key );
333
334 return $this->getFile( $key );
335 }
336
344 public function clear() {
345 if ( !$this->isLoggedIn ) {
347 wfMessage( 'uploadstash-not-logged-in' )
348 );
349 }
350
351 wfDebug( __METHOD__ . ' clearing all rows for user ' . $this->userId . "\n" );
352 $dbw = $this->repo->getMasterDB();
353 $dbw->delete(
354 'uploadstash',
355 [ 'us_user' => $this->userId ],
356 __METHOD__
357 );
358
359 # destroy objects.
360 $this->files = [];
361 $this->fileMetadata = [];
362
363 return true;
364 }
365
374 public function removeFile( $key ) {
375 if ( !$this->isLoggedIn ) {
377 wfMessage( 'uploadstash-not-logged-in' )
378 );
379 }
380
381 $dbw = $this->repo->getMasterDB();
382
383 // this is a cheap query. it runs on the master so that this function
384 // still works when there's lag. It won't be called all that often.
385 $row = $dbw->selectRow(
386 'uploadstash',
387 'us_user',
388 [ 'us_key' => $key ],
389 __METHOD__
390 );
391
392 if ( !$row ) {
394 wfMessage( 'uploadstash-no-such-key', $key )
395 );
396 }
397
398 if ( $row->us_user != $this->userId ) {
400 wfMessage( 'uploadstash-wrong-owner', $key )
401 );
402 }
403
404 return $this->removeFileNoAuth( $key );
405 }
406
413 public function removeFileNoAuth( $key ) {
414 wfDebug( __METHOD__ . " clearing row $key\n" );
415
416 // Ensure we have the UploadStashFile loaded for this key
417 $this->getFile( $key, true );
418
419 $dbw = $this->repo->getMasterDB();
420
421 $dbw->delete(
422 'uploadstash',
423 [ 'us_key' => $key ],
424 __METHOD__
425 );
426
430 $this->files[$key]->remove();
431
432 unset( $this->files[$key] );
433 unset( $this->fileMetadata[$key] );
434
435 return true;
436 }
437
444 public function listFiles() {
445 if ( !$this->isLoggedIn ) {
447 wfMessage( 'uploadstash-not-logged-in' )
448 );
449 }
450
451 $dbr = $this->repo->getReplicaDB();
452 $res = $dbr->select(
453 'uploadstash',
454 'us_key',
455 [ 'us_user' => $this->userId ],
456 __METHOD__
457 );
458
459 if ( !is_object( $res ) || $res->numRows() == 0 ) {
460 // nothing to do.
461 return false;
462 }
463
464 // finish the read before starting writes.
465 $keys = [];
466 foreach ( $res as $row ) {
467 array_push( $keys, $row->us_key );
468 }
469
470 return $keys;
471 }
472
483 public static function getExtensionForPath( $path ) {
484 global $wgFileBlacklist;
485 // Does this have an extension?
486 $n = strrpos( $path, '.' );
487 $extension = null;
488 if ( $n !== false ) {
489 $extension = $n ? substr( $path, $n + 1 ) : '';
490 } else {
491 // If not, assume that it should be related to the MIME type of the original file.
492 $magic = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer();
493 $mimeType = $magic->guessMimeType( $path );
494 $extensions = explode( ' ', $magic->getExtensionsForType( $mimeType ) );
495 if ( count( $extensions ) ) {
496 $extension = $extensions[0];
497 }
498 }
499
500 if ( is_null( $extension ) ) {
501 throw new UploadStashFileException(
502 wfMessage( 'uploadstash-no-extension' )
503 );
504 }
505
506 $extension = File::normalizeExtension( $extension );
507 if ( in_array( $extension, $wgFileBlacklist ) ) {
508 // The file should already be checked for being evil.
509 // However, if somehow we got here, we definitely
510 // don't want to give it an extension of .php and
511 // put it in a web accesible directory.
512 return '';
513 }
514
515 return $extension;
516 }
517
525 protected function fetchFileMetadata( $key, $readFromDB = DB_REPLICA ) {
526 // populate $fileMetadata[$key]
527 $dbr = null;
528 if ( $readFromDB === DB_MASTER ) {
529 // sometimes reading from the master is necessary, if there's replication lag.
530 $dbr = $this->repo->getMasterDB();
531 } else {
532 $dbr = $this->repo->getReplicaDB();
533 }
534
535 $row = $dbr->selectRow(
536 'uploadstash',
537 [
538 'us_user', 'us_key', 'us_orig_path', 'us_path', 'us_props',
539 'us_size', 'us_sha1', 'us_mime', 'us_media_type',
540 'us_image_width', 'us_image_height', 'us_image_bits',
541 'us_source_type', 'us_timestamp', 'us_status',
542 ],
543 [ 'us_key' => $key ],
544 __METHOD__
545 );
546
547 if ( !is_object( $row ) ) {
548 // key wasn't present in the database. this will happen sometimes.
549 return false;
550 }
551
552 $this->fileMetadata[$key] = (array)$row;
553 $this->fileMetadata[$key]['us_props'] = $dbr->decodeBlob( $row->us_props );
554
555 return true;
556 }
557
565 protected function initFile( $key ) {
566 $file = new UploadStashFile( $this->repo, $this->fileMetadata[$key]['us_path'], $key );
567 if ( $file->getSize() === 0 ) {
569 wfMessage( 'uploadstash-zero-length' )
570 );
571 }
572 $this->files[$key] = $file;
573
574 return true;
575 }
576}
577
582 private $fileKey;
583 private $urlName;
584 protected $url;
585
598 public function __construct( $repo, $path, $key ) {
599 $this->fileKey = $key;
600
601 // resolve mwrepo:// urls
602 if ( $repo->isVirtualUrl( $path ) ) {
604 } else {
605 // check if path appears to be sane, no parent traversals,
606 // and is in this repo's temp zone.
607 $repoTempPath = $repo->getZonePath( 'temp' );
608 if ( ( !$repo->validateFilename( $path ) ) ||
609 ( strpos( $path, $repoTempPath ) !== 0 )
610 ) {
611 wfDebug( "UploadStash: tried to construct an UploadStashFile "
612 . "from a file that should already exist at '$path', but path is not valid\n" );
614 wfMessage( 'uploadstash-bad-path-invalid' )
615 );
616 }
617
618 // check if path exists! and is a plain file.
619 if ( !$repo->fileExists( $path ) ) {
620 wfDebug( "UploadStash: tried to construct an UploadStashFile from "
621 . "a file that should already exist at '$path', but path is not found\n" );
623 wfMessage( 'uploadstash-file-not-found-not-exists' )
624 );
625 }
626 }
627
628 parent::__construct( false, $repo, $path, false );
629
630 $this->name = basename( $this->path );
631 }
632
641 public function getDescriptionUrl() {
642 return $this->getUrl();
643 }
644
655 public function getThumbPath( $thumbName = false ) {
656 $path = dirname( $this->path );
657 if ( $thumbName !== false ) {
658 $path .= "/$thumbName";
659 }
660
661 return $path;
662 }
663
673 function thumbName( $params, $flags = 0 ) {
674 return $this->generateThumbName( $this->getUrlName(), $params );
675 }
676
683 private function getSpecialUrl( $subPage ) {
684 return SpecialPage::getTitleFor( 'UploadStash', $subPage )->getLocalURL();
685 }
686
697 public function getThumbUrl( $thumbName = false ) {
698 wfDebug( __METHOD__ . " getting for $thumbName \n" );
699
700 return $this->getSpecialUrl( 'thumb/' . $this->getUrlName() . '/' . $thumbName );
701 }
702
709 public function getUrlName() {
710 if ( !$this->urlName ) {
711 $this->urlName = $this->fileKey;
712 }
713
714 return $this->urlName;
715 }
716
723 public function getUrl() {
724 if ( !isset( $this->url ) ) {
725 $this->url = $this->getSpecialUrl( 'file/' . $this->getUrlName() );
726 }
727
728 return $this->url;
729 }
730
738 public function getFullUrl() {
739 return $this->getUrl();
740 }
741
748 public function getFileKey() {
749 return $this->fileKey;
750 }
751
756 public function remove() {
757 if ( !$this->repo->fileExists( $this->path ) ) {
758 // Maybe the file's already been removed? This could totally happen in UploadBase.
759 return true;
760 }
761
762 return $this->repo->freeTemp( $this->path );
763 }
764
765 public function exists() {
766 return $this->repo->fileExists( $this->path );
767 }
768}
769
775 protected $messageSpec;
776
783 public function __construct( $messageSpec, $code = 0, $previous = null ) {
784 $this->messageSpec = $messageSpec;
785
786 $msg = $this->getMessageObject()->text();
787 $msg = preg_replace( '!</?(var|kbd|samp|code)>!', '"', $msg );
788 $msg = Sanitizer::stripAllTags( $msg );
789 parent::__construct( $msg, $code, $previous );
790 }
791
792 public function getMessageObject() {
793 return Message::newFromSpecifier( $this->messageSpec );
794 }
795}
796
802
808
814
820
826
832
serialize()
unserialize( $serialized)
$wgFileBlacklist
Files with these extensions will never be allowed as uploads.
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Base class for file repositories.
Definition FileRepo.php:39
resolveVirtualUrl( $url)
Get the backend storage path corresponding to a virtual URL.
Definition FileRepo.php:318
fileExists( $file)
Checks existence of a file.
getZonePath( $zone)
Get the storage path corresponding to one of the zones.
Definition FileRepo.php:358
static isVirtualUrl( $url)
Determine if a string is an mwrepo:// URL.
Definition FileRepo.php:249
validateFilename( $filename)
Determine if a relative path is valid, i.e.
FileRepo LocalRepo ForeignAPIRepo bool $repo
Some member variables can be lazy-initialised using __get().
Definition File.php:96
static normalizeExtension( $extension)
Normalize a file extension to the common form, making it lowercase and checking some synonyms,...
Definition File.php:224
generateThumbName( $name, $params)
Generate a thumbnail file name from a name and specified parameters.
Definition File.php:972
A repository that stores files in the local filesystem and registers them in the wiki's own database.
Definition LocalRepo.php:36
MediaWiki exception.
MimeMagic helper wrapper.
A file object referring to either a standalone local file, or a file in a local repository with no da...
string array MessageSpecifier $messageSpec
getMessageObject()
Return a Message object for this exception.
__construct( $messageSpec, $code=0, $previous=null)
exists()
Returns true if file exists in the repository.
__construct( $repo, $path, $key)
A LocalFile wrapper around a file that has been temporarily stashed, so we can do things like create ...
getThumbPath( $thumbName=false)
Get the path for the thumbnail (actually any transformation of this file) The actual argument is the ...
getDescriptionUrl()
A method needed by the file transforming and scaling routines in File.php We do not necessarily care ...
getSpecialUrl( $subPage)
Helper function – given a 'subpage', return the local URL, e.g.
getUrl()
Return the URL of the file, if for some reason we wanted to download it We tend not to do this for th...
getThumbUrl( $thumbName=false)
Get a URL to access the thumbnail This is required because the model of how files work requires that ...
getFullUrl()
Parent classes use this method, for no obvious reason, to return the path (relative to wiki root,...
getUrlName()
The basename for the URL, which we want to not be related to the filename.
getFileKey()
Getter for file key (the unique id by which this file's location & metadata is stored in the db)
thumbName( $params, $flags=0)
Return the file/url base name of a thumbnail with the specified parameters.
UploadStash is intended to accomplish a few things:
static getExtensionForPath( $path)
Find or guess extension – ensuring that our extension matches our MIME type.
removeFile( $key)
Remove a particular file from the stash.
__construct(FileRepo $repo, $user=null)
Represents a temporary filestore, with metadata in the database.
const KEY_FORMAT_REGEX
fetchFileMetadata( $key, $readFromDB=DB_REPLICA)
Helper function: do the actual database query to fetch file metadata.
getFileProps( $key)
Getter for fileProps.
stashFile( $path, $sourceType=null)
Stash a file in a temp directory and record that we did this in the database, along with other metada...
clear()
Remove all files from the stash.
const MAX_US_PROPS_SIZE
listFiles()
List all files in the stash.
getMetadata( $key)
Getter for file metadata.
removeFileNoAuth( $key)
Remove a file (see removeFile), but doesn't check ownership first.
initFile( $key)
Helper function: Initialize the UploadStashFile for a given file.
getFile( $key, $noAuth=false)
Get a file and its metadata from the stash.
LocalRepo $repo
repository that this uses to store temp files public because we sometimes need to get a LocalFile wit...
$res
Definition database.txt:21
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
Definition deferred.txt:11
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such and we might be restricted by PHP settings such as safe mode or open_basedir We cannot assume that the software even has read access anywhere useful Many shared hosts run all users web applications under the same user
Wikitext formatted, in the key only.
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that probably a stub it is not rendered in wiki pages or galleries in category pages allow injecting custom HTML after the section Any uses of the hook need to handle escaping see BaseTemplate::getToolbox and BaseTemplate::makeListItem for details on the format of individual items inside of this array or by returning and letting standard HTTP rendering take place modifiable or by returning false and taking over the output modifiable & $code
Definition hooks.txt:895
either a unescaped string or a HtmlArmor object after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation use $formDescriptor instead default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock() - offset Set to overwrite offset parameter in $wgRequest set to '' to unset offset - wrap String Wrap the message in html(usually something like "&lt;div ...>$1&lt;/div>"). - flags Integer display flags(NO_ACTION_LINK, NO_EXTRA_USER_LINKS) 'LogException':Called before an exception(or PHP error) is logged. This is meant for integration with external error aggregation services
and how to run hooks for an and one after Each event has a name
Definition hooks.txt:12
as see the revision history and available at free of to any person obtaining a copy of this software and associated documentation files(the "Software")
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition injection.txt:37
Interface for MediaWiki-localized exceptions.
The wiki should then use memcached to cache various data To use multiple just add more items to the array To increase the weight of a make its entry a array("192.168.0.1:11211", 2))
A helper class for throttling authentication attempts.
const DB_REPLICA
Definition defines.php:25
const DB_MASTER
Definition defines.php:26
$params