MediaWiki REL1_39
UploadBase Class Reference

UploadBase and subclasses are the backend of MediaWiki's file uploads. More...

Inheritance diagram for UploadBase:
Collaboration diagram for UploadBase:

Public Member Functions

 __construct ()
 
 checkSvgScriptCallback ( $element, $attribs, $data=null)
 
 checkWarnings ( $user=null)
 Check for non fatal problems with the file.
 
 cleanupTempFile ()
 If we've modified the upload file we need to manually remove it on exit to clean up.
 
 convertVerifyErrorToStatus ( $error)
 
 fetchFile ()
 Fetch the file.
 
 getFileSize ()
 Return the file size.
 
 getImageInfo ( $result)
 Gets image info about the file just uploaded.
 
 getLocalFile ()
 Return the local file and initializes if necessary.
 
 getRealPath ( $srcPath)
 
 getSourceType ()
 Returns the upload type.
 
 getStashFile ()
 
 getTempFileSha1Base36 ()
 Get the base 36 SHA1 of the file.
 
 getTempPath ()
 
 getTitle ()
 Returns the title of the file to be uploaded.
 
 getVerificationErrorCode ( $error)
 
 initializeFromRequest (&$request)
 Initialize from a WebRequest.
 
 initializePathInfo ( $name, $tempPath, $fileSize, $removeTempFile=false)
 
 isEmptyFile ()
 Return true if the file is empty.
 
 performUpload ( $comment, $pageText, $watch, $user, $tags=[], ?string $watchlistExpiry=null)
 Really perform the upload.
 
 postProcessUpload ()
 Perform extra steps after a successful upload.
 
 tryStashFile (User $user, $isPartial=false)
 Like stashFile(), but respects extensions' wishes to prevent the stashing.
 
 validateName ()
 Verify that the name is valid and, if necessary, that we can overwrite.
 
 verifyPermissions (Authority $performer)
 Alias for verifyTitlePermissions.
 
 verifyTitlePermissions (Authority $performer)
 Check whether the user can edit, upload and create the image.
 
 verifyUpload ()
 Verify whether the upload is sensible.
 
 zipEntryCallback ( $entry)
 Callback for ZipDirectoryReader to detect Java class files.
 

Static Public Member Functions

static checkFileExtension ( $ext, $list)
 Perform case-insensitive match against a list of file extensions.
 
static checkFileExtensionList ( $ext, $list)
 Perform case-insensitive match against a list of file extensions.
 
static checkSvgExternalDTD ( $type, $publicId, $systemId)
 Verify that DTD urls referenced are only the standard dtds.
 
static checkSvgPICallback ( $target, $data)
 Callback to filter SVG Processing Instructions.
 
static checkXMLEncodingMissmatch ( $file)
 Check a whitelist of xml encodings that are known not to be interpreted differently by the server's xml parser (expat) and some common browsers.
 
static createFromRequest (&$request, $type=null)
 Create a form of UploadBase depending on wpSourceType and initializes it.
 
static detectScript ( $file, $mime, $extension)
 Heuristic for detecting files that could contain JavaScript instructions or things that may look like HTML to a browser and are thus potentially harmful.
 
static detectVirus ( $file)
 Generic wrapper function for a virus scanner program.
 
static getExistsWarning ( $file)
 Helper function that does various existence checks for a file.
 
static getFilenamePrefixBlacklist ()
 Get a list of blacklisted filename prefixes from [[MediaWiki:Filename-prefix-blacklist]].
 
static getMaxPhpUploadSize ()
 Get the PHP maximum uploaded file size, based on ini settings.
 
static getMaxUploadSize ( $forType=null)
 Get MediaWiki's maximum uploaded file size for given type of upload, based on $wgMaxUploadSize.
 
static getSessionStatus (UserIdentity $user, $statusKey)
 Get the current status of a chunked upload (used for polling)
 
static isAllowed (Authority $performer)
 Returns true if the user can use this upload module or else a string identifying the missing permission.
 
static isEnabled ()
 Returns true if uploads are enabled.
 
static isThrottled ( $user)
 Returns true if the user has surpassed the upload rate limit, false otherwise.
 
static isThumbName ( $filename)
 Helper function that checks whether the filename looks like a thumbnail.
 
static isValidRequest ( $request)
 Check whether a request if valid for this handler.
 
static makeWarningsSerializable ( $warnings)
 Convert the warnings array returned by checkWarnings() to something that can be serialized.
 
static setSessionStatus (UserIdentity $user, $statusKey, $value)
 Set the current status of a chunked upload (used for polling)
 
static splitExtensions ( $filename)
 Split a file into a base name and all dot-delimited 'extensions' on the end.
 
static userCanReUpload (Authority $performer, File $img)
 Check if a user is the last uploader.
 
static verifyExtension ( $mime, $extension)
 Checks if the MIME type of the uploaded file matches the file extension.
 

Public Attributes

const EMPTY_FILE = 3
 
const FILE_TOO_LARGE = 12
 
const FILENAME_TOO_LONG = 14
 
const FILETYPE_BADTYPE = 9
 
const FILETYPE_MISSING = 8
 
const HOOK_ABORTED = 11
 
const ILLEGAL_FILENAME = 5
 
const MIN_LENGTH_PARTNAME = 4
 
const OK = 0
 
const OVERWRITE_EXISTING_FILE = 7
 
const SUCCESS = 0
 
const VERIFICATION_ERROR = 10
 
const WINDOWS_NONASCII_FILENAME = 13
 

Protected Member Functions

 detectScriptInSvg ( $filename, $partial)
 
 doStashFile (User $user=null)
 Implementation for stashFile() and tryStashFile().
 
 runUploadStashFileHook (User $user)
 
 setTempFile ( $tempPath, $fileSize=null)
 
 verifyFile ()
 Verifies that it's ok to include the uploaded file.
 
 verifyMimeType ( $mime)
 Verify the MIME type.
 
 verifyPartialFile ()
 A verification routine suitable for partial files.
 

Protected Attributes

string[] $mBlackListedExtensions
 
string null $mDesiredDestName
 
string null $mDestName
 
array null $mFileProps
 
int null $mFileSize
 
string null $mFilteredName
 
string null $mFinalExtension
 
bool null $mJavaDetected
 
LocalFile null $mLocalFile
 
bool null $mRemoveTempFile
 
string null $mSourceType
 
UploadStashFile null $mStashFile
 
string false $mSVGNSError
 
string null $mTempPath
 Local file system path to the file to upload (or a local copy)
 
Title bool null $mTitle = false
 
int $mTitleError = 0
 
TempFSFile null $tempFileObj
 Wrapper to handle deleting the temp file.
 

Static Protected Attributes

static $safeXmlEncodings
 

Detailed Description

UploadBase and subclasses are the backend of MediaWiki's file uploads.

The frontends are formed by ApiUpload and SpecialUpload.

Stability: stable
to extend
Author
Brion Vibber
Bryan Tong Minh
Michael Dale

Definition at line 49 of file UploadBase.php.

Constructor & Destructor Documentation

◆ __construct()

UploadBase::__construct ( )
Stability: stable
to call

Definition at line 243 of file UploadBase.php.

Member Function Documentation

◆ checkFileExtension()

static UploadBase::checkFileExtension ( $ext,
$list )
static

Perform case-insensitive match against a list of file extensions.

Returns true if the extension is in the list.

Parameters
string$ext
array$list
Returns
bool

Definition at line 1239 of file UploadBase.php.

References $ext.

Referenced by getTitle().

◆ checkFileExtensionList()

static UploadBase::checkFileExtensionList ( $ext,
$list )
static

Perform case-insensitive match against a list of file extensions.

Returns an array of matching extensions.

Parameters
string[]$ext
string[]$list
Returns
string[]

Definition at line 1251 of file UploadBase.php.

References $ext.

◆ checkSvgExternalDTD()

static UploadBase::checkSvgExternalDTD ( $type,
$publicId,
$systemId )
static

Verify that DTD urls referenced are only the standard dtds.

Browsers seem to ignore external dtds. However just to be on the safe side, only allow dtds from the svg standard.

Parameters
string$typePUBLIC or SYSTEM
string$publicIdThe well-known public identifier for the dtd
string$systemIdThe url for the external dtd
Returns
bool|array

Definition at line 1540 of file UploadBase.php.

References $type.

◆ checkSvgPICallback()

static UploadBase::checkSvgPICallback ( $target,
$data )
static

Callback to filter SVG Processing Instructions.

Parameters
string$targetProcessing instruction name
string$dataProcessing instruction attribute and value
Returns
bool|array

Definition at line 1520 of file UploadBase.php.

◆ checkSvgScriptCallback()

UploadBase::checkSvgScriptCallback ( $element,
$attribs,
$data = null )
Todo
Replace this with a whitelist filter!
Parameters
string$element
array$attribs
string | null$data
Returns
bool|array

Definition at line 1567 of file UploadBase.php.

References wfDebug().

◆ checkWarnings()

UploadBase::checkWarnings ( $user = null)

Check for non fatal problems with the file.

This should not assume that mTempPath is set.

Parameters
User | null$userAccepted since 1.35
Returns
mixed[] Array of warnings

Definition at line 674 of file UploadBase.php.

References getLocalFile(), and getTempFileSha1Base36().

◆ checkXMLEncodingMissmatch()

static UploadBase::checkXMLEncodingMissmatch ( $file)
static

Check a whitelist of xml encodings that are known not to be interpreted differently by the server's xml parser (expat) and some common browsers.

Parameters
string$filePathname to the temporary upload file
Returns
bool True if the file contains an encoding that could be misinterpreted

Definition at line 1429 of file UploadBase.php.

References $file, $matches, and wfDebug().

◆ cleanupTempFile()

UploadBase::cleanupTempFile ( )

If we've modified the upload file we need to manually remove it on exit to clean up.

Definition at line 1203 of file UploadBase.php.

References wfDebug().

◆ convertVerifyErrorToStatus()

UploadBase::convertVerifyErrorToStatus ( $error)
Parameters
array$error
Returns
Status

Definition at line 2193 of file UploadBase.php.

References getVerificationErrorCode().

◆ createFromRequest()

static UploadBase::createFromRequest ( & $request,
$type = null )
static

Create a form of UploadBase depending on wpSourceType and initializes it.

Parameters
WebRequest&$request
string | null$type
Returns
null|self

Definition at line 190 of file UploadBase.php.

References $type, and wfDebug().

◆ detectScript()

static UploadBase::detectScript ( $file,
$mime,
$extension )
static

Heuristic for detecting files that could contain JavaScript instructions or things that may look like HTML to a browser and are thus potentially harmful.

The present implementation will produce false positives in some situations.

Parameters
string$filePathname to the temporary upload file
string$mimeThe MIME type of the file
string | null$extensionThe extension of the file
Returns
bool True if the file contains something looking like embedded scripts

Definition at line 1315 of file UploadBase.php.

References $file, $mime, and wfDebug().

◆ detectScriptInSvg()

UploadBase::detectScriptInSvg ( $filename,
$partial )
protected
Parameters
string$filename
bool$partial
Returns
bool|array

Definition at line 1488 of file UploadBase.php.

Referenced by verifyFile(), and verifyPartialFile().

◆ detectVirus()

static UploadBase::detectVirus ( $file)
static

Generic wrapper function for a virus scanner program.

This relies on the $wgAntivirus and $wgAntivirusSetup variables. $wgAntivirusRequired may be used to deny upload if the scan fails.

Parameters
string$filePathname to the temporary upload file
Returns
bool|null|string False if not virus is found, null if the scan fails or is disabled, or a string containing feedback from the virus scanner if a virus was found. If textual feedback is missing but a virus was found, this function returns true.

Definition at line 1879 of file UploadBase.php.

References $command, $file, $wgOut, AV_NO_VIRUS, AV_SCAN_ABORTED, AV_SCAN_FAILED, wfDebug(), wfMessage(), and wfShellExecWithStderr().

Referenced by verifyPartialFile().

◆ doStashFile()

UploadBase::doStashFile ( User $user = null)
protected

Implementation for stashFile() and tryStashFile().

Stability: stable
to override
Parameters
User | null$user
Returns
UploadStashFile Stashed file

Reimplemented in UploadFromChunks.

Definition at line 1190 of file UploadBase.php.

References $file, and getSourceType().

Referenced by tryStashFile().

◆ fetchFile()

UploadBase::fetchFile ( )

Fetch the file.

Usually a no-op

Stability: stable
to override
Returns
Status

Definition at line 303 of file UploadBase.php.

◆ getExistsWarning()

static UploadBase::getExistsWarning ( $file)
static

Helper function that does various existence checks for a file.

The following checks are performed:

  • The file exists
  • Article with the same name as the file exists
  • File exists with normalized extension
  • The file looks like a thumbnail and the original exists
Parameters
File$fileThe File object to check
Returns
array|bool False if the file does not exist, else an array

Definition at line 2034 of file UploadBase.php.

◆ getFilenamePrefixBlacklist()

static UploadBase::getFilenamePrefixBlacklist ( )
static

Get a list of blacklisted filename prefixes from [[MediaWiki:Filename-prefix-blacklist]].

Returns
string[] List of prefixes

Definition at line 2139 of file UploadBase.php.

References $line, $lines, and wfMessage().

◆ getFileSize()

UploadBase::getFileSize ( )

Return the file size.

Returns
int

Definition at line 319 of file UploadBase.php.

◆ getImageInfo()

UploadBase::getImageInfo ( $result)

Gets image info about the file just uploaded.

Also has the effect of setting metadata to be an 'indexed tag name' in returned API result if 'metadata' was requested. Oddly, we have to pass the "result" object down just so it can do that with the appropriate format, presumably.

Parameters
ApiResult$result
Returns
array Image info

Definition at line 2173 of file UploadBase.php.

References ApiQueryImageInfo\getInfo(), getLocalFile(), ApiQueryImageInfo\getPropertyNames(), ApiQueryStashImageInfo\getPropertyNames(), and getStashFile().

◆ getLocalFile()

UploadBase::getLocalFile ( )

Return the local file and initializes if necessary.

Stability: stable
to override
Returns
LocalFile|null

Definition at line 1124 of file UploadBase.php.

References getTitle().

Referenced by checkWarnings(), getImageInfo(), performUpload(), and validateName().

◆ getMaxPhpUploadSize()

static UploadBase::getMaxPhpUploadSize ( )
static

Get the PHP maximum uploaded file size, based on ini settings.

If there is no limit or the limit can't be guessed, returns a very large number (PHP_INT_MAX).

Since
1.27
Returns
int

Definition at line 2228 of file UploadBase.php.

References wfShorthandToInteger().

◆ getMaxUploadSize()

static UploadBase::getMaxUploadSize ( $forType = null)
static

Get MediaWiki's maximum uploaded file size for given type of upload, based on $wgMaxUploadSize.

Parameters
null | string$forType
Returns
int

Definition at line 2207 of file UploadBase.php.

Referenced by UploadFromChunks\addChunk().

◆ getRealPath()

UploadBase::getRealPath ( $srcPath)
Parameters
string$srcPathThe source path
Returns
string|bool The real path if it was a virtual URL Returns false on failure

Definition at line 336 of file UploadBase.php.

References $path, and FileRepo\isVirtualUrl().

Referenced by UploadFromChunks\continueChunks(), and UploadFromStash\initialize().

◆ getSessionStatus()

static UploadBase::getSessionStatus ( UserIdentity $user,
$statusKey )
static

Get the current status of a chunked upload (used for polling)

This should only be called during POST requests since we fetch from dc-local MainStash, and from a GET request we can't know that the value is available or up-to-date.

Parameters
UserIdentity$user
string$statusKey
Returns
Status[]|bool

Definition at line 2251 of file UploadBase.php.

◆ getSourceType()

UploadBase::getSourceType ( )

Returns the upload type.

Should be overridden by child classes

Since
1.18
Stability: stable
to override
Returns
string|null

Reimplemented in UploadFromFile, UploadFromStash, and UploadFromUrl.

Definition at line 253 of file UploadBase.php.

Referenced by doStashFile(), and verifyUpload().

◆ getStashFile()

UploadBase::getStashFile ( )
Returns
UploadStashFile|null

Definition at line 1138 of file UploadBase.php.

Referenced by getImageInfo().

◆ getTempFileSha1Base36()

UploadBase::getTempFileSha1Base36 ( )

Get the base 36 SHA1 of the file.

Stability: stable
to override
Returns
string|false

Reimplemented in UploadFromStash.

Definition at line 328 of file UploadBase.php.

References FSFile\getSha1Base36FromPath().

Referenced by checkWarnings().

◆ getTempPath()

UploadBase::getTempPath ( )

Definition at line 1211 of file UploadBase.php.

◆ getTitle()

UploadBase::getTitle ( )

Returns the title of the file to be uploaded.

Sets mTitleError in case the name was illegal.

Returns
Title|null The title of the file or null in case the name was illegal

Definition at line 983 of file UploadBase.php.

References $ext, $mime, $mTitle, $title, checkFileExtension(), Title\getDBkey(), NS_FILE, splitExtensions(), and wfStripIllegalFilenameChars().

◆ getVerificationErrorCode()

UploadBase::getVerificationErrorCode ( $error)
Parameters
int$error
Returns
string

Definition at line 123 of file UploadBase.php.

Referenced by UploadFromChunks\concatenateChunks(), and convertVerifyErrorToStatus().

◆ initializeFromRequest()

UploadBase::initializeFromRequest ( & $request)
abstract

Initialize from a WebRequest.

Override this in a subclass.

Parameters
WebRequest&$request

Reimplemented in UploadFromFile, UploadFromStash, and UploadFromUrl.

◆ initializePathInfo()

UploadBase::initializePathInfo ( $name,
$tempPath,
$fileSize,
$removeTempFile = false )
Parameters
string$nameThe desired destination name
string | null$tempPath
int | null$fileSize
bool$removeTempFile(false) remove the temporary file?
Exceptions
MWException

Definition at line 264 of file UploadBase.php.

References FileBackend\isStoragePath(), and setTempFile().

Referenced by UploadFromChunks\continueChunks(), UploadFromStash\initialize(), and UploadFromFile\initialize().

◆ isAllowed()

static UploadBase::isAllowed ( Authority $performer)
static

Returns true if the user can use this upload module or else a string identifying the missing permission.

Can be overridden by subclasses.

Parameters
Authority$performer
Returns
bool|string

Reimplemented in UploadFromUrl.

Definition at line 160 of file UploadBase.php.

References MediaWiki\Permissions\Authority\isAllowed().

◆ isEmptyFile()

UploadBase::isEmptyFile ( )

Return true if the file is empty.

Returns
bool

Definition at line 311 of file UploadBase.php.

Referenced by verifyUpload(), and UploadFromFile\verifyUpload().

◆ isEnabled()

static UploadBase::isEnabled ( )
static

Returns true if uploads are enabled.

Can be override by subclasses.

Stability: stable
to override
Returns
bool

Reimplemented in UploadFromUrl.

Definition at line 146 of file UploadBase.php.

References wfIniGetBool().

◆ isThrottled()

static UploadBase::isThrottled ( $user)
static

Returns true if the user has surpassed the upload rate limit, false otherwise.

Parameters
User$user
Returns
bool

Definition at line 176 of file UploadBase.php.

◆ isThumbName()

static UploadBase::isThumbName ( $filename)
static

Helper function that checks whether the filename looks like a thumbnail.

Parameters
string$filename
Returns
bool

Definition at line 2123 of file UploadBase.php.

◆ isValidRequest()

static UploadBase::isValidRequest ( $request)
static

Check whether a request if valid for this handler.

Parameters
WebRequest$request
Returns
bool

Reimplemented in UploadFromFile, UploadFromStash, and UploadFromUrl.

Definition at line 236 of file UploadBase.php.

◆ makeWarningsSerializable()

static UploadBase::makeWarningsSerializable ( $warnings)
static

Convert the warnings array returned by checkWarnings() to something that can be serialized.

File objects will be converted to an associative array with the following keys:

  • fileName: The name of the file
  • timestamp: The upload timestamp
Parameters
mixed[]$warnings
Returns
mixed[]

Definition at line 738 of file UploadBase.php.

◆ performUpload()

UploadBase::performUpload ( $comment,
$pageText,
$watch,
$user,
$tags = [],
?string $watchlistExpiry = null )

Really perform the upload.

Stores the file in the local repo, watches if necessary and runs the UploadComplete hook.

Parameters
string$comment
string$pageText
bool$watchWhether the file page should be added to user's watchlist. (This doesn't check $user's permissions.)
User$user
string[]$tagsChange tags to add to the log entry and page revision. (This doesn't check $user's permissions.)
string | null$watchlistExpiryOptional watchlist expiry timestamp in any format acceptable to wfTimestamp().
Returns
Status Indicating the whether the upload succeeded.
Since
1.35 Accepts $watchlistExpiry parameter.

Definition at line 925 of file UploadBase.php.

References getLocalFile(), getTitle(), and postProcessUpload().

◆ postProcessUpload()

UploadBase::postProcessUpload ( )

Perform extra steps after a successful upload.

Stability: stable
to override
Since
1.25

Reimplemented in UploadFromStash.

Definition at line 974 of file UploadBase.php.

Referenced by performUpload().

◆ runUploadStashFileHook()

UploadBase::runUploadStashFileHook ( User $user)
protected
Parameters
User$user
Returns
array|null Error message and parameters, null if there's no error

Definition at line 1173 of file UploadBase.php.

Referenced by UploadFromChunks\concatenateChunks(), and tryStashFile().

◆ setSessionStatus()

static UploadBase::setSessionStatus ( UserIdentity $user,
$statusKey,
$value )
static

Set the current status of a chunked upload (used for polling)

The value will be set in cache for 1 day

This should only be called during POST requests.

Parameters
UserIdentity$user
string$statusKey
array | bool$value
Returns
void

Definition at line 2270 of file UploadBase.php.

◆ setTempFile()

UploadBase::setTempFile ( $tempPath,
$fileSize = null )
protected
Parameters
string | null$tempPathFile system path to temporary file containing the upload
int | null$fileSize

Definition at line 285 of file UploadBase.php.

Referenced by UploadFromChunks\concatenateChunks(), and initializePathInfo().

◆ splitExtensions()

static UploadBase::splitExtensions ( $filename)
static

Split a file into a base name and all dot-delimited 'extensions' on the end.

Some web server configurations will fall back to earlier pseudo-'extensions' to determine type and execute scripts, so the blacklist needs to check them all.

Parameters
string$filename
Returns
array [ string, string[] ]

Definition at line 1224 of file UploadBase.php.

Referenced by getTitle().

◆ tryStashFile()

UploadBase::tryStashFile ( User $user,
$isPartial = false )

Like stashFile(), but respects extensions' wishes to prevent the stashing.

verifyUpload() must be called before calling this method (unless $isPartial is true).

Upload stash exceptions are also caught and converted to an error status.

Since
1.28
Stability: stable
to override
Parameters
User$user
bool$isPartialPass true if this is a part of a chunked upload (not a complete file).
Returns
Status If successful, value is an UploadStashFile instance

Reimplemented in UploadFromChunks.

Definition at line 1154 of file UploadBase.php.

References $file, doStashFile(), and runUploadStashFileHook().

◆ userCanReUpload()

static UploadBase::userCanReUpload ( Authority $performer,
File $img )
static

Check if a user is the last uploader.

Parameters
Authority$performer
File$img
Returns
bool

Definition at line 2009 of file UploadBase.php.

◆ validateName()

UploadBase::validateName ( )

Verify that the name is valid and, if necessary, that we can overwrite.

Returns
array|bool True if valid, otherwise an array with 'status' and other keys

Definition at line 420 of file UploadBase.php.

References getLocalFile(), and getTitle().

Referenced by verifyUpload().

◆ verifyExtension()

static UploadBase::verifyExtension ( $mime,
$extension )
static

Checks if the MIME type of the uploaded file matches the file extension.

Parameters
string$mimeThe MIME type of the uploaded file
string$extensionThe filename extension that the file is to be served with
Returns
bool

Definition at line 1262 of file UploadBase.php.

References $mime, and wfDebug().

Referenced by verifyFile().

◆ verifyFile()

UploadBase::verifyFile ( )
protected

Verifies that it's ok to include the uploaded file.

Returns
array|true True of the file is verified, array otherwise.

Definition at line 488 of file UploadBase.php.

References $mime, detectScriptInSvg(), MediaHandler\getHandler(), verifyExtension(), verifyPartialFile(), and wfDebug().

Referenced by verifyUpload().

◆ verifyMimeType()

UploadBase::verifyMimeType ( $mime)
protected

Verify the MIME type.

Note
Only checks that it is not an evil MIME. The "does it have correct extension given its MIME type?" check is in verifyFile. in verifyFile() that MIME type and file extension correlate.
Parameters
string$mimeRepresenting the MIME
Returns
array|bool True if the file is verified, an array otherwise

Definition at line 450 of file UploadBase.php.

References $mime, and wfDebug().

Referenced by verifyPartialFile().

◆ verifyPartialFile()

UploadBase::verifyPartialFile ( )
protected

A verification routine suitable for partial files.

Runs the blacklist checks, but not any checks that may assume the entire file is present.

Returns
array|true True if the file is valid, else an array with error message key.

Definition at line 553 of file UploadBase.php.

References $mime, detectScriptInSvg(), detectVirus(), getTitle(), and verifyMimeType().

Referenced by verifyFile().

◆ verifyPermissions()

UploadBase::verifyPermissions ( Authority $performer)

Alias for verifyTitlePermissions.

The function was originally 'verifyPermissions', but that suggests it's checking the user, when it's really checking the title + user combination.

Parameters
Authority$performerto verify the permissions against
Returns
array|bool An array as returned by getPermissionErrors or true in case the user has proper permissions.

Definition at line 625 of file UploadBase.php.

References verifyTitlePermissions().

◆ verifyTitlePermissions()

UploadBase::verifyTitlePermissions ( Authority $performer)

Check whether the user can edit, upload and create the image.

This checks only against the current title; if it returns errors, it may very well be that another title will not give errors. Therefore isAllowed() should be called as well for generic is-user-blocked or can-user-upload checking.

Parameters
Authority$performerto verify the permissions against
Returns
array|bool An array as returned by getPermissionErrors or true in case the user has proper permissions.

Definition at line 640 of file UploadBase.php.

References MediaWiki\Permissions\Authority\authorizeWrite(), and getTitle().

Referenced by verifyPermissions().

◆ verifyUpload()

UploadBase::verifyUpload ( )

Verify whether the upload is sensible.

Return a status array representing the outcome of the verification. Possible keys are:

  • 'status': set to self::OK in case of success, or to one of the error constants defined in this class in case of failure
  • 'max': set to the maximum allowed file size ($wgMaxUploadSize) if the upload is too large
  • 'details': set to error details if the file type is valid but contents are corrupt
  • 'filtered': set to the sanitized file name if the requested file name is invalid
  • 'finalExt': set to the file's file extension if it is not an allowed file extension
  • 'blacklistedExt': set to the list of blacklisted file extensions if the current file extension is not allowed for uploads and the blacklist is not empty
Stability: stable
to override
Returns
mixed[] array representing the result of the verification

Reimplemented in UploadFromFile.

Definition at line 371 of file UploadBase.php.

References getSourceType(), isEmptyFile(), validateName(), and verifyFile().

◆ zipEntryCallback()

UploadBase::zipEntryCallback ( $entry)

Callback for ZipDirectoryReader to detect Java class files.

Parameters
array$entry

Definition at line 596 of file UploadBase.php.

Member Data Documentation

◆ $mBlackListedExtensions

string [] UploadBase::$mBlackListedExtensions
protected

Definition at line 81 of file UploadBase.php.

◆ $mDesiredDestName

string null UploadBase::$mDesiredDestName
protected

Definition at line 57 of file UploadBase.php.

◆ $mDestName

string null UploadBase::$mDestName
protected

Definition at line 59 of file UploadBase.php.

◆ $mFileProps

array null UploadBase::$mFileProps
protected

Definition at line 79 of file UploadBase.php.

◆ $mFileSize

int null UploadBase::$mFileSize
protected

Definition at line 77 of file UploadBase.php.

◆ $mFilteredName

string null UploadBase::$mFilteredName
protected

Definition at line 69 of file UploadBase.php.

◆ $mFinalExtension

string null UploadBase::$mFinalExtension
protected

Definition at line 71 of file UploadBase.php.

◆ $mJavaDetected

bool null UploadBase::$mJavaDetected
protected

Definition at line 83 of file UploadBase.php.

◆ $mLocalFile

LocalFile null UploadBase::$mLocalFile
protected

Definition at line 73 of file UploadBase.php.

◆ $mRemoveTempFile

bool null UploadBase::$mRemoveTempFile
protected

Definition at line 61 of file UploadBase.php.

◆ $mSourceType

string null UploadBase::$mSourceType
protected

Definition at line 63 of file UploadBase.php.

◆ $mStashFile

UploadStashFile null UploadBase::$mStashFile
protected

Definition at line 75 of file UploadBase.php.

Referenced by UploadFromChunks\doStashFile().

◆ $mSVGNSError

string false UploadBase::$mSVGNSError
protected

Definition at line 85 of file UploadBase.php.

◆ $mTempPath

string null UploadBase::$mTempPath
protected

Local file system path to the file to upload (or a local copy)

Definition at line 53 of file UploadBase.php.

Referenced by UploadFromChunks\addChunk().

◆ $mTitle

Title bool null UploadBase::$mTitle = false
protected

Definition at line 65 of file UploadBase.php.

◆ $mTitleError

int UploadBase::$mTitleError = 0
protected

Definition at line 67 of file UploadBase.php.

◆ $safeXmlEncodings

UploadBase::$safeXmlEncodings
staticprotected
Initial value:
= [
'UTF-8',
'US-ASCII',
'ISO-8859-1',
'ISO-8859-2',
'UTF-16',
'UTF-32',
'WINDOWS-1250',
'WINDOWS-1251',
'WINDOWS-1252',
'WINDOWS-1253',
'WINDOWS-1254',
'WINDOWS-1255',
'WINDOWS-1256',
'WINDOWS-1257',
'WINDOWS-1258',
]

Definition at line 87 of file UploadBase.php.

◆ $tempFileObj

TempFSFile null UploadBase::$tempFileObj
protected

Wrapper to handle deleting the temp file.

Definition at line 55 of file UploadBase.php.

◆ EMPTY_FILE

const UploadBase::EMPTY_FILE = 3

Definition at line 107 of file UploadBase.php.

◆ FILE_TOO_LARGE

const UploadBase::FILE_TOO_LARGE = 12

Definition at line 115 of file UploadBase.php.

Referenced by UploadFromFile\verifyUpload().

◆ FILENAME_TOO_LONG

const UploadBase::FILENAME_TOO_LONG = 14

Definition at line 117 of file UploadBase.php.

◆ FILETYPE_BADTYPE

const UploadBase::FILETYPE_BADTYPE = 9

Definition at line 112 of file UploadBase.php.

◆ FILETYPE_MISSING

const UploadBase::FILETYPE_MISSING = 8

Definition at line 111 of file UploadBase.php.

◆ HOOK_ABORTED

const UploadBase::HOOK_ABORTED = 11

Definition at line 114 of file UploadBase.php.

◆ ILLEGAL_FILENAME

const UploadBase::ILLEGAL_FILENAME = 5

Definition at line 109 of file UploadBase.php.

◆ MIN_LENGTH_PARTNAME

const UploadBase::MIN_LENGTH_PARTNAME = 4

Definition at line 108 of file UploadBase.php.

◆ OK

const UploadBase::OK = 0

Definition at line 106 of file UploadBase.php.

Referenced by UploadFromChunks\concatenateChunks().

◆ OVERWRITE_EXISTING_FILE

const UploadBase::OVERWRITE_EXISTING_FILE = 7

Definition at line 110 of file UploadBase.php.

◆ SUCCESS

const UploadBase::SUCCESS = 0

Definition at line 105 of file UploadBase.php.

◆ VERIFICATION_ERROR

const UploadBase::VERIFICATION_ERROR = 10

Definition at line 113 of file UploadBase.php.

◆ WINDOWS_NONASCII_FILENAME

const UploadBase::WINDOWS_NONASCII_FILENAME = 13

Definition at line 116 of file UploadBase.php.


The documentation for this class was generated from the following file: