MediaWiki REL1_35
UploadStash.php
Go to the documentation of this file.
1<?php
53class UploadStash {
54 // Format of the key for files -- has to be suitable as a filename itself (e.g. ab12cd34ef.jpg)
55 public const KEY_FORMAT_REGEX = '/^[\w\-\.]+\.\w*$/';
56 private const MAX_US_PROPS_SIZE = 65535;
57
64 public $repo;
65
66 // array of initialized repo objects
67 protected $files = [];
68
69 // cache of the file metadata that's stored in the database
70 protected $fileMetadata = [];
71
72 // fileprops cache
73 protected $fileProps = [];
74
75 // current user
76 protected $user, $userId, $isLoggedIn;
77
86 public function __construct( FileRepo $repo, $user = null ) {
87 // this might change based on wiki's configuration.
88 $this->repo = $repo;
89
90 // if a user was passed, use it. otherwise, attempt to use the global.
91 // this keeps FileRepo from breaking when it creates an UploadStash object
92 global $wgUser;
93 $this->user = $user ?: $wgUser;
94
95 if ( is_object( $this->user ) ) {
96 $this->userId = $this->user->getId();
97 $this->isLoggedIn = $this->user->isLoggedIn();
98 }
99 }
100
114 public function getFile( $key, $noAuth = false ) {
115 if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
116 throw new UploadStashBadPathException(
117 wfMessage( 'uploadstash-bad-path-bad-format', $key )
118 );
119 }
120
121 if ( !$noAuth && !$this->isLoggedIn ) {
122 throw new UploadStashNotLoggedInException(
123 wfMessage( 'uploadstash-not-logged-in' )
124 );
125 }
126
127 if ( !isset( $this->fileMetadata[$key] ) ) {
128 if ( !$this->fetchFileMetadata( $key ) ) {
129 // If nothing was received, it's likely due to replication lag.
130 // Check the master to see if the record is there.
131 $this->fetchFileMetadata( $key, DB_MASTER );
132 }
133
134 if ( !isset( $this->fileMetadata[$key] ) ) {
135 throw new UploadStashFileNotFoundException(
136 wfMessage( 'uploadstash-file-not-found', $key )
137 );
138 }
139
140 // create $this->files[$key]
141 $this->initFile( $key );
142
143 // fetch fileprops
144 if (
145 isset( $this->fileMetadata[$key]['us_props'] ) && strlen( $this->fileMetadata[$key]['us_props'] )
146 ) {
147 $this->fileProps[$key] = unserialize( $this->fileMetadata[$key]['us_props'] );
148 } else { // b/c for rows with no us_props
149 wfDebug( __METHOD__ . " fetched props for $key from file" );
150 $path = $this->fileMetadata[$key]['us_path'];
151 $this->fileProps[$key] = $this->repo->getFileProps( $path );
152 }
153 }
154
155 if ( !$this->files[$key]->exists() ) {
156 wfDebug( __METHOD__ . " tried to get file at $key, but it doesn't exist" );
157 // @todo Is this not an UploadStashFileNotFoundException case?
158 throw new UploadStashBadPathException(
159 wfMessage( 'uploadstash-bad-path' )
160 );
161 }
162
163 if ( !$noAuth && $this->fileMetadata[$key]['us_user'] != $this->userId ) {
164 throw new UploadStashWrongOwnerException(
165 wfMessage( 'uploadstash-wrong-owner', $key )
166 );
167 }
168
169 return $this->files[$key];
170 }
171
178 public function getMetadata( $key ) {
179 $this->getFile( $key );
180
181 return $this->fileMetadata[$key];
182 }
183
190 public function getFileProps( $key ) {
191 $this->getFile( $key );
192
193 return $this->fileProps[$key];
194 }
195
208 public function stashFile( $path, $sourceType = null ) {
209 if ( !is_file( $path ) ) {
210 wfDebug( __METHOD__ . " tried to stash file at '$path', but it doesn't exist" );
211 throw new UploadStashBadPathException(
212 wfMessage( 'uploadstash-bad-path' )
213 );
214 }
215
216 $mwProps = new MWFileProps( MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer() );
217 $fileProps = $mwProps->getPropsFromPath( $path, true );
218 wfDebug( __METHOD__ . " stashing file at '$path'" );
219
220 // we will be initializing from some tmpnam files that don't have extensions.
221 // most of MediaWiki assumes all uploaded files have good extensions. So, we fix this.
222 $extension = self::getExtensionForPath( $path );
223 if ( !preg_match( "/\\.\\Q$extension\\E$/", $path ) ) {
224 $pathWithGoodExtension = "$path.$extension";
225 } else {
226 $pathWithGoodExtension = $path;
227 }
228
229 // If no key was supplied, make one. a mysql insertid would be totally
230 // reasonable here, except that for historical reasons, the key is this
231 // random thing instead. At least it's not guessable.
232 // Some things that when combined will make a suitably unique key.
233 // see: http://www.jwz.org/doc/mid.html
234 list( $usec, $sec ) = explode( ' ', microtime() );
235 $usec = substr( $usec, 2 );
236 $key = Wikimedia\base_convert( $sec . $usec, 10, 36 ) . '.' .
237 Wikimedia\base_convert( mt_rand(), 10, 36 ) . '.' .
238 $this->userId . '.' .
239 $extension;
240
241 $this->fileProps[$key] = $fileProps;
242
243 if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
244 throw new UploadStashBadPathException(
245 wfMessage( 'uploadstash-bad-path-bad-format', $key )
246 );
247 }
248
249 wfDebug( __METHOD__ . " key for '$path': $key" );
250
251 // if not already in a temporary area, put it there
252 $storeStatus = $this->repo->storeTemp( basename( $pathWithGoodExtension ), $path );
253
254 if ( !$storeStatus->isOK() ) {
255 // It is a convention in MediaWiki to only return one error per API
256 // exception, even if multiple errors are available. We use reset()
257 // to pick the "first" thing that was wrong, preferring errors to
258 // warnings. This is a bit lame, as we may have more info in the
259 // $storeStatus and we're throwing it away, but to fix it means
260 // redesigning API errors significantly.
261 // $storeStatus->value just contains the virtual URL (if anything)
262 // which is probably useless to the caller.
263 $error = $storeStatus->getErrorsArray();
264 $error = reset( $error );
265 if ( !count( $error ) ) {
266 $error = $storeStatus->getWarningsArray();
267 $error = reset( $error );
268 if ( !count( $error ) ) {
269 $error = [ 'unknown', 'no error recorded' ];
270 }
271 }
272 // At this point, $error should contain the single "most important"
273 // error, plus any parameters.
274 $errorMsg = array_shift( $error );
275 throw new UploadStashFileException( wfMessage( $errorMsg, $error ) );
276 }
277 $stashPath = $storeStatus->value;
278
279 // fetch the current user ID
280 if ( !$this->isLoggedIn ) {
281 throw new UploadStashNotLoggedInException(
282 wfMessage( 'uploadstash-not-logged-in' )
283 );
284 }
285
286 // insert the file metadata into the db.
287 wfDebug( __METHOD__ . " inserting $stashPath under $key" );
288 $dbw = $this->repo->getMasterDB();
289
290 $serializedFileProps = serialize( $fileProps );
291 if ( strlen( $serializedFileProps ) > self::MAX_US_PROPS_SIZE ) {
292 // Database is going to truncate this and make the field invalid.
293 // Prioritize important metadata over file handler metadata.
294 // File handler should be prepared to regenerate invalid metadata if needed.
295 $fileProps['metadata'] = false;
296 $serializedFileProps = serialize( $fileProps );
297 }
298
299 $this->fileMetadata[$key] = [
300 'us_user' => $this->userId,
301 'us_key' => $key,
302 'us_orig_path' => $path,
303 'us_path' => $stashPath, // virtual URL
304 'us_props' => $dbw->encodeBlob( $serializedFileProps ),
305 'us_size' => $fileProps['size'],
306 'us_sha1' => $fileProps['sha1'],
307 'us_mime' => $fileProps['mime'],
308 'us_media_type' => $fileProps['media_type'],
309 'us_image_width' => $fileProps['width'],
310 'us_image_height' => $fileProps['height'],
311 'us_image_bits' => $fileProps['bits'],
312 'us_source_type' => $sourceType,
313 'us_timestamp' => $dbw->timestamp(),
314 'us_status' => 'finished'
315 ];
316
317 $dbw->insert(
318 'uploadstash',
319 $this->fileMetadata[$key],
320 __METHOD__
321 );
322
323 // store the insertid in the class variable so immediate retrieval
324 // (possibly laggy) isn't necessary.
325 $this->fileMetadata[$key]['us_id'] = $dbw->insertId();
326
327 # create the UploadStashFile object for this file.
328 $this->initFile( $key );
329
330 return $this->getFile( $key );
331 }
332
340 public function clear() {
341 if ( !$this->isLoggedIn ) {
342 throw new UploadStashNotLoggedInException(
343 wfMessage( 'uploadstash-not-logged-in' )
344 );
345 }
346
347 wfDebug( __METHOD__ . ' clearing all rows for user ' . $this->userId );
348 $dbw = $this->repo->getMasterDB();
349 $dbw->delete(
350 'uploadstash',
351 [ 'us_user' => $this->userId ],
352 __METHOD__
353 );
354
355 # destroy objects.
356 $this->files = [];
357 $this->fileMetadata = [];
358
359 return true;
360 }
361
370 public function removeFile( $key ) {
371 if ( !$this->isLoggedIn ) {
372 throw new UploadStashNotLoggedInException(
373 wfMessage( 'uploadstash-not-logged-in' )
374 );
375 }
376
377 $dbw = $this->repo->getMasterDB();
378
379 // this is a cheap query. it runs on the master so that this function
380 // still works when there's lag. It won't be called all that often.
381 $row = $dbw->selectRow(
382 'uploadstash',
383 'us_user',
384 [ 'us_key' => $key ],
385 __METHOD__
386 );
387
388 if ( !$row ) {
389 throw new UploadStashNoSuchKeyException(
390 wfMessage( 'uploadstash-no-such-key', $key )
391 );
392 }
393
394 if ( $row->us_user != $this->userId ) {
395 throw new UploadStashWrongOwnerException(
396 wfMessage( 'uploadstash-wrong-owner', $key )
397 );
398 }
399
400 return $this->removeFileNoAuth( $key );
401 }
402
409 public function removeFileNoAuth( $key ) {
410 wfDebug( __METHOD__ . " clearing row $key" );
411
412 // Ensure we have the UploadStashFile loaded for this key
413 $this->getFile( $key, true );
414
415 $dbw = $this->repo->getMasterDB();
416
417 $dbw->delete(
418 'uploadstash',
419 [ 'us_key' => $key ],
420 __METHOD__
421 );
422
426 $this->files[$key]->remove();
427
428 unset( $this->files[$key] );
429 unset( $this->fileMetadata[$key] );
430
431 return true;
432 }
433
440 public function listFiles() {
441 if ( !$this->isLoggedIn ) {
442 throw new UploadStashNotLoggedInException(
443 wfMessage( 'uploadstash-not-logged-in' )
444 );
445 }
446
447 $dbr = $this->repo->getReplicaDB();
448 $res = $dbr->select(
449 'uploadstash',
450 'us_key',
451 [ 'us_user' => $this->userId ],
452 __METHOD__
453 );
454
455 if ( !is_object( $res ) || $res->numRows() == 0 ) {
456 // nothing to do.
457 return false;
458 }
459
460 // finish the read before starting writes.
461 $keys = [];
462 foreach ( $res as $row ) {
463 array_push( $keys, $row->us_key );
464 }
465
466 return $keys;
467 }
468
478 public static function getExtensionForPath( $path ) {
479 global $wgFileBlacklist;
480 // Does this have an extension?
481 $n = strrpos( $path, '.' );
482
483 if ( $n !== false ) {
484 $extension = $n ? substr( $path, $n + 1 ) : '';
485 } else {
486 // If not, assume that it should be related to the MIME type of the original file.
487 $magic = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer();
488 $mimeType = $magic->guessMimeType( $path );
489 $extension = $magic->getExtensionFromMimeTypeOrNull( $mimeType );
490 }
491
492 $extension = File::normalizeExtension( $extension );
493 if ( in_array( $extension, $wgFileBlacklist ) ) {
494 // The file should already be checked for being evil.
495 // However, if somehow we got here, we definitely
496 // don't want to give it an extension of .php and
497 // put it in a web accessible directory.
498 return '';
499 }
500
501 return $extension;
502 }
503
511 protected function fetchFileMetadata( $key, $readFromDB = DB_REPLICA ) {
512 // populate $fileMetadata[$key]
513 $dbr = null;
514 if ( $readFromDB === DB_MASTER ) {
515 // sometimes reading from the master is necessary, if there's replication lag.
516 $dbr = $this->repo->getMasterDB();
517 } else {
518 $dbr = $this->repo->getReplicaDB();
519 }
520
521 $row = $dbr->selectRow(
522 'uploadstash',
523 [
524 'us_user', 'us_key', 'us_orig_path', 'us_path', 'us_props',
525 'us_size', 'us_sha1', 'us_mime', 'us_media_type',
526 'us_image_width', 'us_image_height', 'us_image_bits',
527 'us_source_type', 'us_timestamp', 'us_status',
528 ],
529 [ 'us_key' => $key ],
530 __METHOD__
531 );
532
533 if ( !is_object( $row ) ) {
534 // key wasn't present in the database. this will happen sometimes.
535 return false;
536 }
537
538 $this->fileMetadata[$key] = (array)$row;
539 $this->fileMetadata[$key]['us_props'] = $dbr->decodeBlob( $row->us_props );
540
541 return true;
542 }
543
551 protected function initFile( $key ) {
552 $file = new UploadStashFile( $this->repo, $this->fileMetadata[$key]['us_path'], $key );
553 if ( $file->getSize() === 0 ) {
554 throw new UploadStashZeroLengthFileException(
555 wfMessage( 'uploadstash-zero-length' )
556 );
557 }
558 $this->files[$key] = $file;
559
560 return true;
561 }
562}
serialize
serialize()
Definition ApiMessageTrait.php:138
unserialize
unserialize( $serialized)
Definition ApiMessageTrait.php:150
$wgFileBlacklist
$wgFileBlacklist
Files with these extensions will never be allowed as uploads.
Definition DefaultSettings.php:1042
wfDebug
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Definition GlobalFunctions.php:910
wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition GlobalFunctions.php:1220
getFile
getFile()
Get the file for this page, if one exists.
Definition RevisionSearchResultTrait.php:89
FileRepo
Base class for file repositories.
Definition FileRepo.php:41
LocalRepo
A repository that stores files in the local filesystem and registers them in the wiki's own database.
Definition LocalRepo.php:37
MWFileProps
MimeMagic helper wrapper.
Definition MWFileProps.php:28
UploadStash
UploadStash is intended to accomplish a few things:
Definition UploadStash.php:53
UploadStash\getExtensionForPath
static getExtensionForPath( $path)
Find or guess extension – ensuring that our extension matches our MIME type.
Definition UploadStash.php:478
UploadStash\removeFile
removeFile( $key)
Remove a particular file from the stash.
Definition UploadStash.php:370
UploadStash\__construct
__construct(FileRepo $repo, $user=null)
Represents a temporary filestore, with metadata in the database.
Definition UploadStash.php:86
UploadStash\KEY_FORMAT_REGEX
const KEY_FORMAT_REGEX
Definition UploadStash.php:55
UploadStash\fetchFileMetadata
fetchFileMetadata( $key, $readFromDB=DB_REPLICA)
Helper function: do the actual database query to fetch file metadata.
Definition UploadStash.php:511
UploadStash\getFileProps
getFileProps( $key)
Getter for fileProps.
Definition UploadStash.php:190
UploadStash\stashFile
stashFile( $path, $sourceType=null)
Stash a file in a temp directory and record that we did this in the database, along with other metada...
Definition UploadStash.php:208
UploadStash\clear
clear()
Remove all files from the stash.
Definition UploadStash.php:340
UploadStash\MAX_US_PROPS_SIZE
const MAX_US_PROPS_SIZE
Definition UploadStash.php:56
UploadStash\listFiles
listFiles()
List all files in the stash.
Definition UploadStash.php:440
UploadStash\getMetadata
getMetadata( $key)
Getter for file metadata.
Definition UploadStash.php:178
UploadStash\removeFileNoAuth
removeFileNoAuth( $key)
Remove a file (see removeFile), but doesn't check ownership first.
Definition UploadStash.php:409
UploadStash\initFile
initFile( $key)
Helper function: Initialize the UploadStashFile for a given file.
Definition UploadStash.php:551
UploadStash\getFile
getFile( $key, $noAuth=false)
Get a file and its metadata from the stash.
Definition UploadStash.php:114
UploadStash\$repo
LocalRepo $repo
repository that this uses to store temp files public because we sometimes need to get a LocalFile wit...
Definition UploadStash.php:64
MediaWiki
A helper class for throttling authentication attempts.
DB_REPLICA
const DB_REPLICA
Definition defines.php:25
DB_MASTER
const DB_MASTER
Definition defines.php:29
$file
if(PHP_SAPI !='cli-server') if(!isset( $_SERVER['SCRIPT_FILENAME'])) $file
Item class for a filearchive table row.
Definition router.php:42