UploadBase and subclasses are the backend of MediaWiki's file uploads. More...

Inheritance diagram for UploadBase:

[legend]

Collaboration diagram for UploadBase:

[legend]

Public Member Functions
	__construct ()
	Stable to call.

	checkSvgScriptCallback ( $element, $attribs, $data=null)

	checkWarnings ( $user=null)
	Check for non fatal problems with the file.

	cleanupTempFile ()
	If we've modified the upload file we need to manually remove it on exit to clean up.

	convertVerifyErrorToStatus ( $error)

	fetchFile ()
	Fetch the file.

	getFileSize ()
	Return the file size.

	getImageInfo ( $result)
	Gets image info about the file just uploaded.

	getLocalFile ()
	Return the local file and initializes if necessary.

	getRealPath ( $srcPath)

	getSourceType ()
	Returns the upload type.

	getStashFile ()

	getTempFileSha1Base36 ()
	Get the base 36 SHA1 of the file Stable to override.

	getTempPath ()

	getTitle ()
	Returns the title of the file to be uploaded.

	getVerificationErrorCode ( $error)

	initializeFromRequest (&$request)
	Initialize from a WebRequest.

	initializePathInfo ( $name, $tempPath, $fileSize, $removeTempFile=false)

	isEmptyFile ()
	Return true if the file is empty.

	performUpload ( $comment, $pageText, $watch, $user, $tags=[], ?string $watchlistExpiry=null)
	Really perform the upload.

	postProcessUpload ()
	Perform extra steps after a successful upload.

	stashFile (User $user=null)
	If the user does not supply all necessary information in the first upload form submission (either by accident or by design) then we may want to stash the file temporarily, get more information, and publish the file later.

	tryStashFile (User $user, $isPartial=false)
	Like stashFile(), but respects extensions' wishes to prevent the stashing.

	validateName ()
	Verify that the name is valid and, if necessary, that we can overwrite.

	verifyPermissions ( $user)
	Alias for verifyTitlePermissions.

	verifyTitlePermissions ( $user)
	Check whether the user can edit, upload and create the image.

	verifyUpload ()
	Verify whether the upload is sane.

	zipEntryCallback ( $entry)
	Callback for ZipDirectoryReader to detect Java class files.

Static Public Member Functions
static	checkFileExtension ( $ext, $list)
	Perform case-insensitive match against a list of file extensions.

static	checkFileExtensionList ( $ext, $list)
	Perform case-insensitive match against a list of file extensions.

static	checkSvgExternalDTD ( $type, $publicId, $systemId)
	Verify that DTD urls referenced are only the standard dtds.

static	checkSvgPICallback ( $target, $data)
	Callback to filter SVG Processing Instructions.

static	checkXMLEncodingMissmatch ( $file)
	Check a whitelist of xml encodings that are known not to be interpreted differently by the server's xml parser (expat) and some common browsers.

static	createFromRequest (&$request, $type=null)
	Create a form of UploadBase depending on wpSourceType and initializes it.

static	detectScript ( $file, $mime, $extension)
	Heuristic for detecting files that could contain JavaScript instructions or things that may look like HTML to a browser and are thus potentially harmful.

static	detectVirus ( $file)
	Generic wrapper function for a virus scanner program.

static	getExistsWarning ( $file)
	Helper function that does various existence checks for a file.

static	getFilenamePrefixBlacklist ()
	Get a list of blacklisted filename prefixes from [[MediaWiki:Filename-prefix-blacklist]].

static	getMaxPhpUploadSize ()
	Get the PHP maximum uploaded file size, based on ini settings.

static	getMaxUploadSize ( $forType=null)
	Get MediaWiki's maximum uploaded file size for given type of upload, based on $wgMaxUploadSize.

static	getSessionStatus (User $user, $statusKey)
	Get the current status of a chunked upload (used for polling)

static	isAllowed (UserIdentity $user)
	Returns true if the user can use this upload module or else a string identifying the missing permission.

static	isEnabled ()
	Returns true if uploads are enabled.

static	isThrottled ( $user)
	Returns true if the user has surpassed the upload rate limit, false otherwise.

static	isThumbName ( $filename)
	Helper function that checks whether the filename looks like a thumbnail.

static	isValidRequest ( $request)
	Check whether a request if valid for this handler.

static	makeWarningsSerializable ( $warnings)
	Convert the warnings array returned by checkWarnings() to something that can be serialized.

static	setSessionStatus (User $user, $statusKey, $value)
	Set the current status of a chunked upload (used for polling)

static	splitExtensions ( $filename)
	Split a file into a base name and all dot-delimited 'extensions' on the end.

static	userCanReUpload (User $user, File $img)
	Check if a user is the last uploader.

static	verifyExtension ( $mime, $extension)
	Checks if the MIME type of the uploaded file matches the file extension.

Public Attributes
const	EMPTY_FILE = 3

const	FILE_TOO_LARGE = 12

const	FILENAME_TOO_LONG = 14

const	FILETYPE_BADTYPE = 9

const	FILETYPE_MISSING = 8

const	HOOK_ABORTED = 11

const	ILLEGAL_FILENAME = 5

const	MIN_LENGTH_PARTNAME = 4

const	OK = 0

const	OVERWRITE_EXISTING_FILE = 7

const	SUCCESS = 0

const	VERIFICATION_ERROR = 10

const	WINDOWS_NONASCII_FILENAME = 13

Protected Member Functions
	detectScriptInSvg ( $filename, $partial)

	doStashFile (User $user=null)
	Implementation for stashFile() and tryStashFile().

	runUploadStashFileHook (User $user)

	setTempFile ( $tempPath, $fileSize=null)

	verifyFile ()
	Verifies that it's ok to include the uploaded file.

	verifyMimeType ( $mime)
	Verify the MIME type.

	verifyPartialFile ()
	A verification routine suitable for partial files.

Protected Attributes
string[]	$mBlackListedExtensions

string null	$mDesiredDestName

string null	$mDestName

array null	$mFileProps

int null	$mFileSize

string null	$mFilteredName

string null	$mFinalExtension

bool null	$mJavaDetected

LocalFile null	$mLocalFile

string null	$mRemoveTempFile

string null	$mSourceType

UploadStashFile null	$mStashFile

string null	$mSVGNSError

string	$mTempPath
	Local file system path to the file to upload (or a local copy)

Title bool	$mTitle = false

int	$mTitleError = 0

TempFSFile null	$tempFileObj
	Wrapper to handle deleting the temp file.

Static Protected Attributes
static	$safeXmlEncodings

Private Member Functions
	checkAgainstArchiveDupes ( $hash, User $user)

	checkAgainstExistingDupes ( $hash, $ignoreLocalDupes)

	checkBadFileName ( $filename, $desiredFileName)
	Check whether the resulting filename is different from the desired one, but ignore things like ucfirst() and spaces/underscore things.

	checkFileSize ( $fileSize)

	checkLocalFileExists (LocalFile $localFile, $hash)

	checkLocalFileWasDeleted (LocalFile $localFile)

	checkOverwrite ( $user)
	Check if there's an overwrite conflict and, if so, if restrictions forbid this user from performing the upload.

	checkUnwantedFileExtensions ( $fileExtension)

	stripXmlNamespace ( $name)

Static Private Member Functions
static	checkCssFragment ( $value)
	Check a block of CSS or CSS fragment for anything that looks like it is bringing in remote code.

static	getUploadSessionKey (BagOStuff $store, User $user, $statusKey)

static	getUploadSessionStore ()

static	splitXmlNamespace ( $element)
	Divide the element name passed by the xml parser to the callback into URI and prifix.

Static Private Attributes
static	$uploadHandlers = [ 'Stash', 'File', 'Url' ]

Detailed Description

UploadBase and subclasses are the backend of MediaWiki's file uploads.

The frontends are formed by ApiUpload and SpecialUpload.

Stable to extend

Author: Brion Vibber; Bryan Tong Minh; Michael Dale

Definition at line 45 of file UploadBase.php.

Constructor & Destructor Documentation

◆ __construct()

UploadBase::__construct ( )

Stable to call.

Definition at line 238 of file UploadBase.php.

Member Function Documentation

◆ checkAgainstArchiveDupes()

UploadBase::checkAgainstArchiveDupes	(		$hash,
		User	$user )

private

Parameters

string	$hash	sha1 hash of the file to check
User	$user

Returns: string|null Name of the dupe or empty string if discovered (depending on visibility) null if the check discovered no dupes.

Definition at line 898 of file UploadBase.php.

Referenced by checkWarnings().

◆ checkAgainstExistingDupes()

UploadBase::checkAgainstExistingDupes	(		$hash,
			$ignoreLocalDupes )

private

Parameters

string	$hash	sha1 hash of the file to check
bool	$ignoreLocalDupes	True to ignore local duplicates

Returns: File[] Duplicate files, if found.

Definition at line 875 of file UploadBase.php.

References $title, and getTitle().

Referenced by checkWarnings().

◆ checkBadFileName()

UploadBase::checkBadFileName	(		$filename,
			$desiredFileName )

private

Check whether the resulting filename is different from the desired one, but ignore things like ucfirst() and spaces/underscore things.

Parameters

string	$filename
string	$desiredFileName

Returns: string|null String that was determined to be bad or null if the filename is okay

Definition at line 775 of file UploadBase.php.

References NS_FILE.

Referenced by checkWarnings().

◆ checkCssFragment()

static UploadBase::checkCssFragment ( $value )

staticprivate

Check a block of CSS or CSS fragment for anything that looks like it is bringing in remote code.

Parameters

string $value a string of CSS

Returns: bool true if the CSS contains an illegal string, false if otherwise

Definition at line 1821 of file UploadBase.php.

References $matches.

◆ checkFileExtension()

static UploadBase::checkFileExtension	(		$ext,
			$list )

static

Perform case-insensitive match against a list of file extensions.

Returns true if the extension is in the list.

Parameters

string	$ext
array	$list

Returns: bool

Definition at line 1264 of file UploadBase.php.

References $ext.

Referenced by checkUnwantedFileExtensions(), getTitle(), and verifyMimeType().

◆ checkFileExtensionList()

static UploadBase::checkFileExtensionList	(		$ext,
			$list )

static

Perform case-insensitive match against a list of file extensions.

Returns an array of matching extensions.

Parameters

string[]	$ext
string[]	$list

Returns: string[]

Definition at line 1276 of file UploadBase.php.

References $ext.

Referenced by getTitle().

◆ checkFileSize()

UploadBase::checkFileSize ( $fileSize )

private

Parameters

int $fileSize

Returns: array warnings

Definition at line 816 of file UploadBase.php.

References $wgUploadSizeWarning, and Message\sizeParam().

Referenced by checkWarnings().

◆ checkLocalFileExists()

UploadBase::checkLocalFileExists	(	LocalFile	$localFile,
			$hash )

private

Parameters

LocalFile	$localFile
string	$hash	sha1 hash of the file to check

Returns: array warnings

Definition at line 841 of file UploadBase.php.

References LocalFile\getHistory(), and LocalFile\getSha1().

Referenced by checkWarnings().

◆ checkLocalFileWasDeleted()

UploadBase::checkLocalFileWasDeleted ( LocalFile $localFile )

private

Definition at line 865 of file UploadBase.php.

References LocalFile\exists(), and File\wasDeleted().

Referenced by checkWarnings().

◆ checkOverwrite()

UploadBase::checkOverwrite ( $user )

private

Check if there's an overwrite conflict and, if so, if restrictions forbid this user from performing the upload.

Parameters

User $user

Returns: bool|array

Definition at line 1994 of file UploadBase.php.

Referenced by verifyTitlePermissions().

◆ checkSvgExternalDTD()

static UploadBase::checkSvgExternalDTD	(	$type,
		$publicId,
		$systemId )

static

Verify that DTD urls referenced are only the standard dtds.

Browsers seem to ignore external dtds. However just to be on the safe side, only allow dtds from the svg standard.

Parameters

string	$type	PUBLIC or SYSTEM
string	$publicId	The well-known public identifier for the dtd
string	$systemId	The url for the external dtd

Returns: bool|array

Definition at line 1561 of file UploadBase.php.

References $type.

◆ checkSvgPICallback()

static UploadBase::checkSvgPICallback	(		$target,
			$data )

static

Callback to filter SVG Processing Instructions.

Parameters

string	$target	Processing instruction name
string	$data	Processing instruction attribute and value

Returns: bool|array

Definition at line 1541 of file UploadBase.php.

◆ checkSvgScriptCallback()

UploadBase::checkSvgScriptCallback	(	$element,
		$attribs,
		$data = null )

Todo: Replace this with a whitelist filter!

Parameters

string	$element
array	$attribs
string \| null	$data

Returns: bool|array

Definition at line 1588 of file UploadBase.php.

References splitXmlNamespace(), stripXmlNamespace(), and wfDebug().

◆ checkUnwantedFileExtensions()

UploadBase::checkUnwantedFileExtensions ( $fileExtension )

private

Parameters

string $fileExtension The file extension to check

Returns: array|null array with the following keys: 0 => string The final extension being used 1 => string[] The extensions that are allowed 2 => int The number of extensions that are allowed.

Definition at line 794 of file UploadBase.php.

References $wgCheckFileExtensions, $wgFileExtensions, $wgLang, and checkFileExtension().

Referenced by checkWarnings().

◆ checkWarnings()

UploadBase::checkWarnings ( $user = null )

Check for non fatal problems with the file.

This should not assume that mTempPath is set.

Parameters

User | null $user Accepted since 1.35

Returns: mixed[] Array of warnings

Definition at line 686 of file UploadBase.php.

References checkAgainstArchiveDupes(), checkAgainstExistingDupes(), checkBadFileName(), checkFileSize(), checkLocalFileExists(), checkLocalFileWasDeleted(), checkUnwantedFileExtensions(), getLocalFile(), and getTempFileSha1Base36().

◆ checkXMLEncodingMissmatch()

static UploadBase::checkXMLEncodingMissmatch ( $file )

static

Check a whitelist of xml encodings that are known not to be interpreted differently by the server's xml parser (expat) and some common browsers.

Parameters

string $file Pathname to the temporary upload file

Returns: bool True if the file contains an encoding that could be misinterpreted

Definition at line 1451 of file UploadBase.php.

References $file, $matches, $wgSVGMetadataCutoff, and wfDebug().

◆ cleanupTempFile()

UploadBase::cleanupTempFile ( )

If we've modified the upload file we need to manually remove it on exit to clean up.

Definition at line 1228 of file UploadBase.php.

References wfDebug().

◆ convertVerifyErrorToStatus()

UploadBase::convertVerifyErrorToStatus ( $error )

Parameters

array $error

Returns: Status

Definition at line 2215 of file UploadBase.php.

References getVerificationErrorCode().

◆ createFromRequest()

static UploadBase::createFromRequest	(	&	$request,
			$type = null )

static

Create a form of UploadBase depending on wpSourceType and initializes it.

Parameters

WebRequest	&$request
string \| null	$type

Returns: null|self

Definition at line 186 of file UploadBase.php.

References $type, and wfDebug().

◆ detectScript()

static UploadBase::detectScript	(	$file,
		$mime,
		$extension )

static

Heuristic for detecting files that could contain JavaScript instructions or things that may look like HTML to a browser and are thus potentially harmful.

The present implementation will produce false positives in some situations.

Parameters

string	$file	Pathname to the temporary upload file
string	$mime	The MIME type of the file
string	$extension	The extension of the file

Returns: bool True if the file contains something looking like embedded scripts

Definition at line 1340 of file UploadBase.php.

References $file, $mime, and wfDebug().

◆ detectScriptInSvg()

UploadBase::detectScriptInSvg	(		$filename,
			$partial )

protected

Parameters

string	$filename
bool	$partial

Returns: bool|array

Definition at line 1509 of file UploadBase.php.

Referenced by verifyFile(), and verifyPartialFile().

◆ detectVirus()

static UploadBase::detectVirus ( $file )

static

Generic wrapper function for a virus scanner program.

This relies on the $wgAntivirus and $wgAntivirusSetup variables. $wgAntivirusRequired may be used to deny upload if the scan fails.

Parameters

string $file Pathname to the temporary upload file

Returns: bool|null|string False if not virus is found, null if the scan fails or is disabled, or a string containing feedback from the virus scanner if a virus was found. If textual feedback is missing but a virus was found, this function returns true.

Definition at line 1900 of file UploadBase.php.

References $command, $file, $wgAntivirus, $wgAntivirusRequired, $wgAntivirusSetup, $wgOut, AV_NO_VIRUS, AV_SCAN_ABORTED, AV_SCAN_FAILED, wfDebug(), wfMessage(), and wfShellExecWithStderr().

Referenced by verifyPartialFile().

◆ doStashFile()

UploadBase::doStashFile ( User $user = null )

protected

Implementation for stashFile() and tryStashFile().

Stable to override

Parameters

User | null $user

Returns: UploadStashFile Stashed file

Reimplemented in UploadFromChunks.

Definition at line 1215 of file UploadBase.php.

References $file, and getSourceType().

Referenced by stashFile(), and tryStashFile().

◆ fetchFile()

UploadBase::fetchFile ( )

Fetch the file.

Usually a no-op Stable to override

Returns: Status

Definition at line 298 of file UploadBase.php.

◆ getExistsWarning()

static UploadBase::getExistsWarning ( $file )

static

Helper function that does various existence checks for a file.

The following checks are performed:

The file exists
Article with the same name as the file exists
File exists with normalized extension
The file looks like a thumbnail and the original exists

Parameters

File $file The File object to check

Returns: array|bool False if the file does not exist, else an array

Definition at line 2056 of file UploadBase.php.

◆ getFilenamePrefixBlacklist()

static UploadBase::getFilenamePrefixBlacklist ( )

static

Get a list of blacklisted filename prefixes from [[MediaWiki:Filename-prefix-blacklist]].

Returns: array List of prefixes

Definition at line 2161 of file UploadBase.php.

References $line, $lines, and wfMessage().

◆ getFileSize()

UploadBase::getFileSize ( )

Return the file size.

Returns: int

Definition at line 314 of file UploadBase.php.

◆ getImageInfo()

UploadBase::getImageInfo ( $result )

Gets image info about the file just uploaded.

Also has the effect of setting metadata to be an 'indexed tag name' in returned API result if 'metadata' was requested. Oddly, we have to pass the "result" object down just so it can do that with the appropriate format, presumably.

Parameters

ApiResult $result

Returns: array Image info

Definition at line 2195 of file UploadBase.php.

References ApiQueryImageInfo\getInfo(), getLocalFile(), ApiQueryImageInfo\getPropertyNames(), ApiQueryStashImageInfo\getPropertyNames(), and getStashFile().

◆ getLocalFile()

UploadBase::getLocalFile ( )

Return the local file and initializes if necessary.

Stable to override

Returns: LocalFile|null

Definition at line 1124 of file UploadBase.php.

References getTitle().

Referenced by checkWarnings(), getImageInfo(), performUpload(), and validateName().

◆ getMaxPhpUploadSize()

static UploadBase::getMaxPhpUploadSize ( )

static

Get the PHP maximum uploaded file size, based on ini settings.

If there is no limit or the limit can't be guessed, returns a very large number (PHP_INT_MAX).

Since: 1.27

Returns: int

Definition at line 2250 of file UploadBase.php.

References wfShorthandToInteger().

◆ getMaxUploadSize()

static UploadBase::getMaxUploadSize ( $forType = null )

static

Get MediaWiki's maximum uploaded file size for given type of upload, based on $wgMaxUploadSize.

Parameters

null | string $forType

Returns: int

Definition at line 2229 of file UploadBase.php.

References $wgMaxUploadSize.

Referenced by UploadFromChunks\addChunk().

◆ getRealPath()

UploadBase::getRealPath ( $srcPath )

Parameters

string $srcPath The source path

Returns: string|bool The real path if it was a virtual URL Returns false on failure

Definition at line 331 of file UploadBase.php.

References $path, and FileRepo\isVirtualUrl().

Referenced by UploadFromChunks\continueChunks(), and UploadFromStash\initialize().

◆ getSessionStatus()

static UploadBase::getSessionStatus	(	User	$user,
			$statusKey )

static

Get the current status of a chunked upload (used for polling)

The value will be read from cache.

Parameters

User	$user
string	$statusKey

Returns: Status[]|bool

Definition at line 2271 of file UploadBase.php.

◆ getSourceType()

UploadBase::getSourceType ( )

Returns the upload type.

Should be overridden by child classes

Since: 1.18 Stable to override

Returns: string

Reimplemented in UploadFromFile, UploadFromStash, and UploadFromUrl.

Definition at line 248 of file UploadBase.php.

Referenced by doStashFile(), and verifyUpload().

◆ getStashFile()

UploadBase::getStashFile ( )

Returns: UploadStashFile|null

Definition at line 1138 of file UploadBase.php.

Referenced by getImageInfo().

◆ getTempFileSha1Base36()

UploadBase::getTempFileSha1Base36 ( )

Get the base 36 SHA1 of the file Stable to override.

Returns: string

Reimplemented in UploadFromStash.

Definition at line 323 of file UploadBase.php.

References FSFile\getSha1Base36FromPath().

Referenced by checkWarnings().

◆ getTempPath()

UploadBase::getTempPath ( )

Definition at line 1236 of file UploadBase.php.

◆ getTitle()

UploadBase::getTitle ( )

Returns the title of the file to be uploaded.

Sets mTitleError in case the name was illegal.

Returns: Title|null The title of the file or null in case the name was illegal

Definition at line 986 of file UploadBase.php.

References $ext, $mime, $mTitle, $title, $wgCheckFileExtensions, $wgFileBlacklist, $wgFileExtensions, $wgStrictFileExtensions, checkFileExtension(), checkFileExtensionList(), Title\getDBkey(), NS_FILE, splitExtensions(), and wfStripIllegalFilenameChars().

◆ getUploadSessionKey()

static UploadBase::getUploadSessionKey	(	BagOStuff	$store,
		User	$user,
			$statusKey )

staticprivate

Parameters

BagOStuff	$store
User	$user
string	$statusKey

Returns: string

Definition at line 2307 of file UploadBase.php.

References User\getId(), User\getName(), and BagOStuff\makeKey().

◆ getUploadSessionStore()

static UploadBase::getUploadSessionStore ( )

staticprivate

Returns: BagOStuff

Definition at line 2318 of file UploadBase.php.

◆ getVerificationErrorCode()

UploadBase::getVerificationErrorCode ( $error )

Parameters

int $error

Returns: string

Definition at line 118 of file UploadBase.php.

Referenced by UploadFromChunks\concatenateChunks(), and convertVerifyErrorToStatus().

◆ initializeFromRequest()

UploadBase::initializeFromRequest ( & $request )

abstract

Initialize from a WebRequest.

Override this in a subclass.

Parameters

WebRequest &$request

Reimplemented in UploadFromFile, UploadFromStash, and UploadFromUrl.

◆ initializePathInfo()

UploadBase::initializePathInfo	(	$name,
		$tempPath,
		$fileSize,
		$removeTempFile = false )

Parameters

string	$name	The desired destination name
string \| null	$tempPath
int \| null	$fileSize
bool	$removeTempFile	(false) remove the temporary file?

Exceptions

MWException

Definition at line 259 of file UploadBase.php.

References FileBackend\isStoragePath(), and setTempFile().

Referenced by UploadFromChunks\continueChunks(), UploadFromStash\initialize(), UploadFromUrl\initialize(), and UploadFromFile\initialize().

◆ isAllowed()

static UploadBase::isAllowed ( UserIdentity $user )

static

Returns true if the user can use this upload module or else a string identifying the missing permission.

Can be overridden by subclasses.

Parameters

UserIdentity $user

Returns: bool|string

Reimplemented in UploadFromUrl.

Definition at line 155 of file UploadBase.php.

◆ isEmptyFile()

UploadBase::isEmptyFile ( )

Return true if the file is empty.

Returns: bool

Definition at line 306 of file UploadBase.php.

Referenced by verifyUpload(), and UploadFromFile\verifyUpload().

◆ isEnabled()

static UploadBase::isEnabled ( )

static

Returns true if uploads are enabled.

Can be override by subclasses. Stable to override

Returns: bool

Reimplemented in UploadFromUrl.

Definition at line 141 of file UploadBase.php.

References $wgEnableUploads, and wfIniGetBool().

◆ isThrottled()

static UploadBase::isThrottled ( $user )

static

Returns true if the user has surpassed the upload rate limit, false otherwise.

Parameters

User $user

Returns: bool

Definition at line 172 of file UploadBase.php.

◆ isThumbName()

static UploadBase::isThumbName ( $filename )

static

Helper function that checks whether the filename looks like a thumbnail.

Parameters

string $filename

Returns: bool

Definition at line 2145 of file UploadBase.php.

◆ isValidRequest()

static UploadBase::isValidRequest ( $request )

static

Check whether a request if valid for this handler.

Parameters

WebRequest $request

Returns: bool

Reimplemented in UploadFromFile, UploadFromStash, and UploadFromUrl.

Definition at line 231 of file UploadBase.php.

◆ makeWarningsSerializable()

static UploadBase::makeWarningsSerializable ( $warnings )

static

Convert the warnings array returned by checkWarnings() to something that can be serialized.

File objects will be converted to an associative array with the following keys:

fileName: The name of the file
timestamp: The upload timestamp

Parameters

mixed[] $warnings

Returns: mixed[]

Definition at line 750 of file UploadBase.php.

◆ performUpload()

UploadBase::performUpload	(		$comment,
			$pageText,
			$watch,
			$user,
			$tags = [],
		?string	$watchlistExpiry = null )

Really perform the upload.

Stores the file in the local repo, watches if necessary and runs the UploadComplete hook.

Parameters

string	$comment
string	$pageText
bool	$watch	Whether the file page should be added to user's watchlist. (This doesn't check $user's permissions.)
User	$user
string[]	$tags	Change tags to add to the log entry and page revision. (This doesn't check $user's permissions.)
string \| null	$watchlistExpiry	Optional watchlist expiry timestamp in any format acceptable to wfTimestamp().

Returns: Status Indicating the whether the upload succeeded.

Since: 1.35 Accepts $watchlistExpiry parameter.

Definition at line 928 of file UploadBase.php.

References WatchAction\doWatch(), getLocalFile(), getTitle(), and postProcessUpload().

◆ postProcessUpload()

UploadBase::postProcessUpload ( )

Perform extra steps after a successful upload.

Stable to override

Since: 1.25

Reimplemented in UploadFromStash.

Definition at line 977 of file UploadBase.php.

Referenced by performUpload().

◆ runUploadStashFileHook()

UploadBase::runUploadStashFileHook ( User $user )

protected

Parameters

User $user

Returns: array|null Error message and parameters, null if there's no error

Definition at line 1173 of file UploadBase.php.

Referenced by UploadFromChunks\concatenateChunks(), and tryStashFile().

◆ setSessionStatus()

static UploadBase::setSessionStatus	(	User	$user,
			$statusKey,
			$value )

static

Set the current status of a chunked upload (used for polling)

The value will be set in cache for 1 day

Avoid triggering this method on HTTP GET/HEAD requests

Parameters

User	$user
string	$statusKey
array \| bool	$value

Returns: void

Definition at line 2290 of file UploadBase.php.

◆ setTempFile()

UploadBase::setTempFile	(		$tempPath,
			$fileSize = null )

protected

Parameters

string \| null	$tempPath	File system path to temporary file containing the upload
int \| null	$fileSize

Definition at line 280 of file UploadBase.php.

Referenced by UploadFromChunks\concatenateChunks(), and initializePathInfo().

◆ splitExtensions()

static UploadBase::splitExtensions ( $filename )

static

Split a file into a base name and all dot-delimited 'extensions' on the end.

Some web server configurations will fall back to earlier pseudo-'extensions' to determine type and execute scripts, so the blacklist needs to check them all.

Parameters

string $filename

Returns: array [ string, string[] ]

Definition at line 1249 of file UploadBase.php.

Referenced by getTitle().

◆ splitXmlNamespace()

static UploadBase::splitXmlNamespace ( $element )

staticprivate

Divide the element name passed by the xml parser to the callback into URI and prifix.

Parameters

string $element

Returns: array Containing the namespace URI and prefix

Definition at line 1870 of file UploadBase.php.

Referenced by checkSvgScriptCallback().

◆ stashFile()

UploadBase::stashFile ( User $user = null )

If the user does not supply all necessary information in the first upload form submission (either by accident or by design) then we may want to stash the file temporarily, get more information, and publish the file later.

This method will stash a file in a temporary directory for later processing, and save the necessary descriptive info into the database. This method returns the file object, which also has a 'fileKey' property which can be passed through a form or API request to find this stashed file again.

Deprecated: since 1.28 Use tryStashFile() instead

Parameters

User | null $user

Returns: UploadStashFile Stashed file

Exceptions

UploadStashBadPathException
UploadStashFileException
UploadStashNotLoggedInException

Reimplemented in UploadFromChunks.

Definition at line 1202 of file UploadBase.php.

References doStashFile(), and wfDeprecated().

◆ stripXmlNamespace()

UploadBase::stripXmlNamespace ( $name )

private

Parameters

string $name

Returns: string

Definition at line 1883 of file UploadBase.php.

Referenced by checkSvgScriptCallback().

◆ tryStashFile()

UploadBase::tryStashFile	(	User	$user,
			$isPartial = false )

Like stashFile(), but respects extensions' wishes to prevent the stashing.

verifyUpload() must be called before calling this method (unless $isPartial is true).

Upload stash exceptions are also caught and converted to an error status.

Since: 1.28 Stable to override

Parameters

User	$user
bool	$isPartial	Pass `true` if this is a part of a chunked upload (not a complete file).

Returns: Status If successful, value is an UploadStashFile instance

Reimplemented in UploadFromChunks.

Definition at line 1154 of file UploadBase.php.

References $file, doStashFile(), and runUploadStashFileHook().

◆ userCanReUpload()

static UploadBase::userCanReUpload	(	User	$user,
		File	$img )

static

Check if a user is the last uploader.

Parameters

User	$user
File	$img

Returns: bool

Definition at line 2028 of file UploadBase.php.

◆ validateName()

UploadBase::validateName ( )

Verify that the name is valid and, if necessary, that we can overwrite.

Returns: array|bool True if valid, otherwise an array with 'status' and other keys

Definition at line 415 of file UploadBase.php.

References getLocalFile(), and getTitle().

Referenced by verifyUpload().

◆ verifyExtension()

static UploadBase::verifyExtension	(		$mime,
			$extension )

static

Checks if the MIME type of the uploaded file matches the file extension.

Parameters

string	$mime	The MIME type of the uploaded file
string	$extension	The filename extension that the file is to be served with

Returns: bool

Definition at line 1287 of file UploadBase.php.

References $mime, and wfDebug().

Referenced by verifyFile().

◆ verifyFile()

UploadBase::verifyFile ( )

protected

Verifies that it's ok to include the uploaded file.

Returns: array|bool True of the file is verified, array otherwise.

Definition at line 479 of file UploadBase.php.

References $mime, $wgDisableUploadScriptChecks, $wgVerifyMimeType, detectScriptInSvg(), MediaHandler\getHandler(), verifyExtension(), verifyPartialFile(), and wfDebug().

Referenced by verifyUpload().

◆ verifyMimeType()

UploadBase::verifyMimeType ( $mime )

protected

Verify the MIME type.

Note: Only checks that it is not an evil MIME. The "does it have correct extension given its MIME type?" check is in verifyFile. in verifyFile() that MIME type and file extension correlate.

Parameters

string $mime Representing the MIME

Returns: array|bool True if the file is verified, an array otherwise

Definition at line 445 of file UploadBase.php.

References $mime, $wgMimeTypeBlacklist, $wgVerifyMimeType, $wgVerifyMimeTypeIE, checkFileExtension(), and wfDebug().

Referenced by verifyPartialFile().

◆ verifyPartialFile()

UploadBase::verifyPartialFile ( )

protected

A verification routine suitable for partial files.

Runs the blacklist checks, but not any checks that may assume the entire file is present.

Returns: array|bool True if the file is valid, else an array with error message key.

Definition at line 540 of file UploadBase.php.

References $mime, $wgAllowJavaUploads, $wgDisableUploadScriptChecks, detectScriptInSvg(), detectVirus(), getTitle(), ZipDirectoryReader\read(), and verifyMimeType().

Referenced by UploadFromChunks\verifyChunk(), and verifyFile().

◆ verifyPermissions()

UploadBase::verifyPermissions ( $user )

Alias for verifyTitlePermissions.

The function was originally 'verifyPermissions', but that suggests it's checking the user, when it's really checking the title + user combination.

Parameters

User $user User object to verify the permissions against

Returns: array|bool An array as returned by getPermissionErrors or true in case the user has proper permissions.

Definition at line 630 of file UploadBase.php.

References verifyTitlePermissions().

◆ verifyTitlePermissions()

UploadBase::verifyTitlePermissions ( $user )

Check whether the user can edit, upload and create the image.

This checks only against the current title; if it returns errors, it may very well be that another title will not give errors. Therefore isAllowed() should be called as well for generic is-user-blocked or can-user-upload checking.

Parameters

User $user User object to verify the permissions against

Returns: array|bool An array as returned by getPermissionErrors or true in case the user has proper permissions.

Definition at line 645 of file UploadBase.php.

References checkOverwrite(), getTitle(), and wfArrayDiff2().

Referenced by verifyPermissions().

◆ verifyUpload()

UploadBase::verifyUpload ( )

Verify whether the upload is sane.

Return a status array representing the outcome of the verification. Possible keys are:

'status': set to self::OK in case of success, or to one of the error constants defined in this class in case of failure
'max': set to the maximum allowed file size ($wgMaxUploadSize) if the upload is too large
'details': set to error details if the file type is valid but contents are corrupt
'filtered': set to the sanitized file name if the requested file name is invalid
'finalExt': set to the file's file extension if it is not an allowed file extension
'blacklistedExt': set to the list of blacklisted file extensions if the current file extension is not allowed for uploads and the blacklist is not empty

Stable to override

Returns: mixed[] array representing the result of the verification

Reimplemented in UploadFromFile.

Definition at line 366 of file UploadBase.php.

References getSourceType(), isEmptyFile(), validateName(), and verifyFile().

◆ zipEntryCallback()

UploadBase::zipEntryCallback ( $entry )

Callback for ZipDirectoryReader to detect Java class files.

Parameters

array $entry

Definition at line 601 of file UploadBase.php.

Member Data Documentation

◆ $mBlackListedExtensions

string [] UploadBase::$mBlackListedExtensions

protected

Definition at line 77 of file UploadBase.php.

◆ $mDesiredDestName

string null UploadBase::$mDesiredDestName

protected

Definition at line 53 of file UploadBase.php.

Referenced by UploadFromChunks\verifyChunk().

◆ $mDestName

string null UploadBase::$mDestName

protected

Definition at line 55 of file UploadBase.php.

◆ $mFileProps

array null UploadBase::$mFileProps

protected

Definition at line 75 of file UploadBase.php.

◆ $mFileSize

int null UploadBase::$mFileSize

protected

Definition at line 73 of file UploadBase.php.

◆ $mFilteredName

string null UploadBase::$mFilteredName

protected

Definition at line 65 of file UploadBase.php.

◆ $mFinalExtension

string null UploadBase::$mFinalExtension

protected

Definition at line 67 of file UploadBase.php.

◆ $mJavaDetected

bool null UploadBase::$mJavaDetected

protected

Definition at line 79 of file UploadBase.php.

◆ $mLocalFile

LocalFile null UploadBase::$mLocalFile

protected

Definition at line 69 of file UploadBase.php.

◆ $mRemoveTempFile

string null UploadBase::$mRemoveTempFile

protected

Definition at line 57 of file UploadBase.php.

◆ $mSourceType

string null UploadBase::$mSourceType

protected

Definition at line 59 of file UploadBase.php.

◆ $mStashFile

UploadStashFile null UploadBase::$mStashFile

protected

Definition at line 71 of file UploadBase.php.

Referenced by UploadFromChunks\doStashFile().

◆ $mSVGNSError

string null UploadBase::$mSVGNSError

protected

Definition at line 81 of file UploadBase.php.

◆ $mTempPath

string UploadBase::$mTempPath

protected

Local file system path to the file to upload (or a local copy)

Definition at line 49 of file UploadBase.php.

Referenced by UploadFromChunks\addChunk().

◆ $mTitle

Title bool UploadBase::$mTitle = false

protected

Definition at line 61 of file UploadBase.php.

◆ $mTitleError

int UploadBase::$mTitleError = 0

protected

Definition at line 63 of file UploadBase.php.

◆ $safeXmlEncodings

UploadBase::$safeXmlEncodings

staticprotected

Initial value:

= [
        'UTF-8',
        'ISO-8859-1',
        'ISO-8859-2',
        'UTF-16',
        'UTF-32',
        'WINDOWS-1250',
        'WINDOWS-1251',
        'WINDOWS-1252',
        'WINDOWS-1253',
        'WINDOWS-1254',
        'WINDOWS-1255',
        'WINDOWS-1256',
        'WINDOWS-1257',
        'WINDOWS-1258',
    ]

Definition at line 83 of file UploadBase.php.

◆ $tempFileObj

TempFSFile null UploadBase::$tempFileObj

protected

Wrapper to handle deleting the temp file.

Definition at line 51 of file UploadBase.php.

◆ $uploadHandlers

UploadBase::$uploadHandlers = [ 'Stash', 'File', 'Url' ]

staticprivate

Definition at line 177 of file UploadBase.php.

◆ EMPTY_FILE

const UploadBase::EMPTY_FILE = 3

Definition at line 102 of file UploadBase.php.

◆ FILE_TOO_LARGE

const UploadBase::FILE_TOO_LARGE = 12

Definition at line 110 of file UploadBase.php.

Referenced by UploadFromFile\verifyUpload().

◆ FILENAME_TOO_LONG

const UploadBase::FILENAME_TOO_LONG = 14

Definition at line 112 of file UploadBase.php.

◆ FILETYPE_BADTYPE

const UploadBase::FILETYPE_BADTYPE = 9

Definition at line 107 of file UploadBase.php.

◆ FILETYPE_MISSING

const UploadBase::FILETYPE_MISSING = 8

Definition at line 106 of file UploadBase.php.

◆ HOOK_ABORTED

const UploadBase::HOOK_ABORTED = 11

Definition at line 109 of file UploadBase.php.

◆ ILLEGAL_FILENAME

const UploadBase::ILLEGAL_FILENAME = 5

Definition at line 104 of file UploadBase.php.

◆ MIN_LENGTH_PARTNAME

const UploadBase::MIN_LENGTH_PARTNAME = 4

Definition at line 103 of file UploadBase.php.

◆ OK

const UploadBase::OK = 0

Definition at line 101 of file UploadBase.php.

Referenced by UploadFromChunks\concatenateChunks().

◆ OVERWRITE_EXISTING_FILE

const UploadBase::OVERWRITE_EXISTING_FILE = 7

Definition at line 105 of file UploadBase.php.

◆ SUCCESS

const UploadBase::SUCCESS = 0

Definition at line 100 of file UploadBase.php.

◆ VERIFICATION_ERROR

const UploadBase::VERIFICATION_ERROR = 10

Definition at line 108 of file UploadBase.php.

◆ WINDOWS_NONASCII_FILENAME

const UploadBase::WINDOWS_NONASCII_FILENAME = 13

Definition at line 111 of file UploadBase.php.

The documentation for this class was generated from the following file:

includes/upload/UploadBase.php

Public Member Functions

Static Public Member Functions

Public Attributes

Protected Member Functions

Protected Attributes

Static Protected Attributes

Private Member Functions

Static Private Member Functions

Static Private Attributes

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ checkAgainstArchiveDupes()

◆ checkAgainstExistingDupes()

◆ checkBadFileName()

◆ checkCssFragment()

◆ checkFileExtension()

◆ checkFileExtensionList()

◆ checkFileSize()

◆ checkLocalFileExists()

◆ checkLocalFileWasDeleted()

◆ checkOverwrite()

◆ checkSvgExternalDTD()

◆ checkSvgPICallback()

◆ checkSvgScriptCallback()

◆ checkUnwantedFileExtensions()

◆ checkWarnings()

◆ checkXMLEncodingMissmatch()

◆ cleanupTempFile()

◆ convertVerifyErrorToStatus()

◆ createFromRequest()

◆ detectScript()

◆ detectScriptInSvg()

◆ detectVirus()

◆ doStashFile()

◆ fetchFile()

◆ getExistsWarning()

◆ getFilenamePrefixBlacklist()

◆ getFileSize()

◆ getImageInfo()

◆ getLocalFile()

◆ getMaxPhpUploadSize()

◆ getMaxUploadSize()

◆ getRealPath()

◆ getSessionStatus()

◆ getSourceType()

◆ getStashFile()

◆ getTempFileSha1Base36()

◆ getTempPath()

◆ getTitle()

◆ getUploadSessionKey()

◆ getUploadSessionStore()

◆ getVerificationErrorCode()

◆ initializeFromRequest()

◆ initializePathInfo()

◆ isAllowed()

◆ isEmptyFile()

◆ isEnabled()

◆ isThrottled()

◆ isThumbName()

◆ isValidRequest()

◆ makeWarningsSerializable()

◆ performUpload()

◆ postProcessUpload()

◆ runUploadStashFileHook()

◆ setSessionStatus()

◆ setTempFile()

◆ splitExtensions()

◆ splitXmlNamespace()

◆ stashFile()

◆ stripXmlNamespace()

◆ tryStashFile()

◆ userCanReUpload()

◆ validateName()

◆ verifyExtension()

◆ verifyFile()

◆ verifyMimeType()

◆ verifyPartialFile()

◆ verifyPermissions()