master/php/UploadFromUrl_8php_source.html

<?php

namespace MediaWiki\Upload;


use MediaWiki\Context\RequestContext;

use MediaWiki\HookContainer\HookRunner;

use MediaWiki\Http\MWHttpRequest;

use MediaWiki\MainConfigNames;

use MediaWiki\MediaWikiServices;

use MediaWiki\Permissions\Authority;

use MediaWiki\Request\WebRequest;

use MediaWiki\Status\Status;


class UploadFromUrl extends UploadBase {

    protected $mUrl;


    protected $mTmpHandle;


    protected static $allowedUrls = [];


    public static function isAllowed( Authority $performer ) {

        if ( !$performer->isAllowed( 'upload_by_url' ) ) {

            return 'upload_by_url';

        }


        return parent::isAllowed( $performer );

    }


    public static function isEnabled() {

        $allowCopyUploads = MediaWikiServices::getInstance()->getMainConfig()->get( MainConfigNames::AllowCopyUploads );


        return $allowCopyUploads && parent::isEnabled();

    }


    public static function isAllowedHost( $url ) {

        $urlUtils = MediaWikiServices::getInstance()->getURLUtils();

        $domains = self::getAllowedHosts();

        if ( !count( $domains ) ) {

            return true;

        }

        $parsedUrl = $urlUtils->parse( $url );

        if ( !$parsedUrl ) {

            return false;

        }

        $valid = false;

        foreach ( $domains as $domain ) {

            // See if the domain for the upload matches this allowed domain

            $domainPieces = explode( '.', $domain );

            $uploadDomainPieces = explode( '.', $parsedUrl['host'] );

            if ( count( $domainPieces ) === count( $uploadDomainPieces ) ) {

                $valid = true;

                // See if all the pieces match or not (excluding wildcards)

                foreach ( $domainPieces as $index => $piece ) {

                    if ( $piece !== '*' && $piece !== $uploadDomainPieces[$index] ) {

                        $valid = false;

                    }

                }

                if ( $valid ) {

                    // We found a match, so quit comparing against the list

                    break;

                }

            }

            /* Non-wildcard test

            if ( $parsedUrl['host'] === $domain ) {

                $valid = true;

                break;

            }

            */

        }


        return $valid;

    }


    public static function getCacheKey( $params ) {

        if ( !isset( $params['filename'] ) || !isset( $params['url'] ) ) {

            return "";

        } else {

            // We use sha1 here to ensure we have a fixed-length string of printable

            // characters. There is no cryptography involved, so we just need a

            // relatively fast function.

            return sha1( sprintf( "%s|||%s", $params['filename'], $params['url'] ) );

        }

    }


    public static function getCacheKeyFromRequest( &$request ) {

        $uploadCacheKey = $request->getText( 'wpCacheKey', $request->getText( 'key', '' ) );

        if ( $uploadCacheKey !== '' ) {

            return $uploadCacheKey;

        }

        $desiredDestName = $request->getText( 'wpDestFile' );

        if ( !$desiredDestName ) {

            $desiredDestName = $request->getText( 'wpUploadFileURL' );

        }

        return self::getCacheKey(

            [

                'filename' => $desiredDestName,

                'url' => trim( $request->getVal( 'wpUploadFileURL' ) )

            ]

        );

    }


    public static function getAllowedHosts(): array {

        $config = MediaWikiServices::getInstance()->getMainConfig();

        $domains = $config->get( MainConfigNames::CopyUploadsDomains );


        if ( $config->get( MainConfigNames::CopyUploadAllowOnWikiDomainConfig ) ) {

            $page = wfMessage( 'copyupload-allowed-domains' )->inContentLanguage()->plain();


            foreach ( explode( "\n", $page ) as $line ) {

                // Strip comments

                $line = preg_replace( "/^\\s*([^#]*)\\s*((.*)?)$/", "\\1", $line );

                // Trim whitespace

                $line = trim( $line );


                if ( $line !== '' ) {

                    $domains[] = $line;

                }

            }

        }


        return $domains;

    }


    public static function isAllowedUrl( $url ) {

        if ( !isset( self::$allowedUrls[$url] ) ) {

            $allowed = true;

            ( new HookRunner( MediaWikiServices::getInstance()->getHookContainer() ) )

                ->onIsUploadAllowedFromUrl( $url, $allowed );

            self::$allowedUrls[$url] = $allowed;

        }


        return self::$allowedUrls[$url];

    }


    public function getUrl() {

        return $this->mUrl;

    }


    public function initialize( $name, $url, $initTempFile = true ) {

        $this->mUrl = $url;


        $tempPath = $initTempFile ? $this->makeTemporaryFile() : null;

        $fileSize = $initTempFile ? 0 : null;

        # File size and removeTempFile will be filled in later

        $this->initializePathInfo( $name, $tempPath, $fileSize, false );

    }


    public function initializeFromRequest( &$request ) {

        $desiredDestName = $request->getText( 'wpDestFile' );

        if ( !$desiredDestName ) {

            $desiredDestName = $request->getText( 'wpUploadFileURL' );

        }

        $this->initialize(

            $desiredDestName,

            trim( $request->getVal( 'wpUploadFileURL' ) )

        );

    }


    public static function isValidRequest( $request ) {

        $user = RequestContext::getMain()->getUser();


        $url = $request->getVal( 'wpUploadFileURL' );


        return $url

            && MediaWikiServices::getInstance()

                ->getPermissionManager()

                ->userHasRight( $user, 'upload_by_url' );

    }


    public function getSourceType() {

        return 'url';

    }


    public function fetchFile( $httpOptions = [] ) {

        $status = $this->canFetchFile();

        if ( !$status->isGood() ) {

            return $status;

        }

        return $this->reallyFetchFile( $httpOptions );

    }


    public function canFetchFile() {

        if ( !MWHttpRequest::isValidURI( $this->mUrl ) ) {

            return Status::newFatal( 'http-invalid-url', $this->mUrl );

        }


        if ( !self::isAllowedHost( $this->mUrl ) ) {

            return Status::newFatal( 'upload-copy-upload-invalid-domain' );

        }

        if ( !self::isAllowedUrl( $this->mUrl ) ) {

            return Status::newFatal( 'upload-copy-upload-invalid-url' );

        }

        return Status::newGood();

    }


    protected function makeTemporaryFile() {

        $tmpFile = MediaWikiServices::getInstance()->getTempFSFileFactory()

            ->newTempFSFile( 'URL', 'urlupload_' );

        $tmpFile->bind( $this );


        return $tmpFile->getPath();

    }


    public function saveTempFileChunk( $req, $buffer ) {

        wfDebugLog( 'fileupload', 'Received chunk of ' . strlen( $buffer ) . ' bytes' );

        $nbytes = fwrite( $this->mTmpHandle, $buffer );


        if ( $nbytes == strlen( $buffer ) ) {

            $this->mFileSize += $nbytes;

        } else {

            // Well... that's not good!

            wfDebugLog(

                'fileupload',

                'Short write ' . $nbytes . '/' . strlen( $buffer ) .

                ' bytes, aborting with ' . $this->mFileSize . ' uploaded so far'

            );

            fclose( $this->mTmpHandle );

            $this->mTmpHandle = false;

        }


        return $nbytes;

    }


    protected function reallyFetchFile( $httpOptions = [] ) {

        $copyUploadProxy = MediaWikiServices::getInstance()->getMainConfig()->get( MainConfigNames::CopyUploadProxy );

        $copyUploadTimeout = MediaWikiServices::getInstance()->getMainConfig()

            ->get( MainConfigNames::CopyUploadTimeout );


        // Note the temporary file should already be created by makeTemporaryFile()

        $this->mTmpHandle = fopen( $this->mTempPath, 'wb' );

        if ( !$this->mTmpHandle ) {

            return Status::newFatal( 'tmp-create-error' );

        }

        wfDebugLog( 'fileupload', 'Temporary file created "' . $this->mTempPath . '"' );


        $this->mRemoveTempFile = true;

        $this->mFileSize = 0;


        $options = $httpOptions + [ 'followRedirects' => false ];


        if ( $copyUploadProxy !== false ) {

            $options['proxy'] = $copyUploadProxy;

        }


        if ( $copyUploadTimeout && !isset( $options['timeout'] ) ) {

            $options['timeout'] = $copyUploadTimeout;

        }

        wfDebugLog(

            'fileupload',

            'Starting download from "' . $this->mUrl . '" ' .

            '<' . implode( ',', array_keys( array_filter( $options ) ) ) . '>'

        );


        // Manually follow any redirects up to the limit and reset the output file before each new request to prevent

        // capturing the redirect response as part of the file.

        $attemptsLeft = $options['maxRedirects'] ?? 5;

        $targetUrl = $this->mUrl;

        $requestFactory = MediaWikiServices::getInstance()->getHttpRequestFactory();

        while ( $attemptsLeft > 0 ) {

            $req = $requestFactory->create( $targetUrl, $options, __METHOD__ );

            $req->setCallback( $this->saveTempFileChunk( ... ) );

            $status = $req->execute();

            if ( !$req->isRedirect() ) {

                break;

            }

            $targetUrl = $req->getFinalUrl();

            // Remove redirect response content from file.

            ftruncate( $this->mTmpHandle, 0 );

            rewind( $this->mTmpHandle );

            $attemptsLeft--;

        }


        if ( $attemptsLeft == 0 ) {

            return Status::newFatal( 'upload-too-many-redirects' );

        }


        if ( $this->mTmpHandle ) {

            // File got written ok...

            fclose( $this->mTmpHandle );

            $this->mTmpHandle = null;

        } else {

            // We encountered a write error during the download...

            return Status::newFatal( 'tmp-write-error' );

        }


        // @phan-suppress-next-line PhanPossiblyUndeclaredVariable Always set after loop

        if ( $status->isOK() ) {

            wfDebugLog( 'fileupload', 'Download by URL completed successfully.' );

        } else {

            // @phan-suppress-next-line PhanPossiblyUndeclaredVariable Always set after loop

            wfDebugLog( 'fileupload', $status->getWikiText( false, false, 'en' ) );

            wfDebugLog(

                'fileupload',

                // @phan-suppress-next-line PhanPossiblyUndeclaredVariable Always set after loop

                'Download by URL completed with HTTP status ' . $req->getStatus()

            );

        }


        // @phan-suppress-next-line PhanPossiblyUndeclaredVariable Always set after loop

        return $status;

    }


}


class_alias( UploadFromUrl::class, 'UploadFromUrl' );

wfDebugLog
wfDebugLog( $logGroup, $text, $dest='all', array $context=[])
Send a line to a supplementary debug log file, if configured, or main debug log if not.
Definition GlobalFunctions.php:478

wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition GlobalFunctions.php:602

MediaWiki\Context\RequestContext
Group all the pieces relevant to the context of a request into one instance.
Definition RequestContext.php:51

MediaWiki\HookContainer\HookRunner
This class provides an implementation of the core hook interfaces, forwarding hook calls to HookConta...
Definition HookRunner.php:596

MediaWiki\Http\MWHttpRequest
This wrapper class will call out to curl (if available) or fallback to regular PHP if necessary for h...
Definition MWHttpRequest.php:31

MediaWiki\Http\MWHttpRequest\isValidURI
static isValidURI( $uri)
Check that the given URI is a valid one.
Definition MWHttpRequest.php:693

MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22

MediaWiki\MainConfigNames\CopyUploadTimeout
const CopyUploadTimeout
Name constant for the CopyUploadTimeout setting, for use with Config::get()
Definition MainConfigNames.php:420

MediaWiki\MainConfigNames\AllowCopyUploads
const AllowCopyUploads
Name constant for the AllowCopyUploads setting, for use with Config::get()
Definition MainConfigNames.php:396

MediaWiki\MainConfigNames\CopyUploadProxy
const CopyUploadProxy
Name constant for the CopyUploadProxy setting, for use with Config::get()
Definition MainConfigNames.php:414

MediaWiki\MainConfigNames\CopyUploadAllowOnWikiDomainConfig
const CopyUploadAllowOnWikiDomainConfig
Name constant for the CopyUploadAllowOnWikiDomainConfig setting, for use with Config::get()
Definition MainConfigNames.php:426

MediaWiki\MainConfigNames\CopyUploadsDomains
const CopyUploadsDomains
Name constant for the CopyUploadsDomains setting, for use with Config::get()
Definition MainConfigNames.php:402

MediaWiki\MediaWikiServices
Service locator for MediaWiki core services.
Definition MediaWikiServices.php:267

MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition MediaWikiServices.php:355

MediaWiki\Request\WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form,...
Definition WebRequest.php:40

MediaWiki\Status\Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:44

MediaWiki\Upload\UploadBase
UploadBase and subclasses are the backend of MediaWiki's file uploads.
Definition UploadBase.php:62

MediaWiki\Upload\UploadFromUrl
Implements uploading from a HTTP resource.
Definition UploadFromUrl.php:28

MediaWiki\Upload\UploadFromUrl\reallyFetchFile
reallyFetchFile( $httpOptions=[])
Download the file, save it to the temporary file and update the file size and set $mRemoveTempFile to...
Definition UploadFromUrl.php:340

MediaWiki\Upload\UploadFromUrl\initializeFromRequest
initializeFromRequest(&$request)
Entry point for SpecialUpload.
Definition UploadFromUrl.php:226

MediaWiki\Upload\UploadFromUrl\fetchFile
fetchFile( $httpOptions=[])
Download the file.
Definition UploadFromUrl.php:266

MediaWiki\Upload\UploadFromUrl\saveTempFileChunk
saveTempFileChunk( $req, $buffer)
Callback: save a chunk of the result of a HTTP request to the temporary file.
Definition UploadFromUrl.php:313

MediaWiki\Upload\UploadFromUrl\isAllowedUrl
static isAllowedUrl( $url)
Checks whether the URL is not allowed.
Definition UploadFromUrl.php:187

MediaWiki\Upload\UploadFromUrl\$mUrl
string $mUrl
Definition UploadFromUrl.php:30

MediaWiki\Upload\UploadFromUrl\$allowedUrls
static array< string, bool > $allowedUrls
Definition UploadFromUrl.php:36

MediaWiki\Upload\UploadFromUrl\getCacheKeyFromRequest
static getCacheKeyFromRequest(&$request)
Get the caching key from a web request.
Definition UploadFromUrl.php:138

MediaWiki\Upload\UploadFromUrl\isEnabled
static isEnabled()
Checks if the upload from URL feature is enabled.
Definition UploadFromUrl.php:59

MediaWiki\Upload\UploadFromUrl\canFetchFile
canFetchFile()
verify we can actually download the file
Definition UploadFromUrl.php:279

MediaWiki\Upload\UploadFromUrl\getUrl
getUrl()
Get the URL of the file to be uploaded.
Definition UploadFromUrl.php:202

MediaWiki\Upload\UploadFromUrl\$mTmpHandle
resource null false $mTmpHandle
Definition UploadFromUrl.php:33

MediaWiki\Upload\UploadFromUrl\makeTemporaryFile
makeTemporaryFile()
Create a new temporary file in the URL subdirectory of wfTempDir().
Definition UploadFromUrl.php:298

MediaWiki\Upload\UploadFromUrl\isAllowedHost
static isAllowedHost( $url)
Checks whether the URL is for an allowed host The domains in the allowlist can include wildcard chara...
Definition UploadFromUrl.php:73

MediaWiki\Upload\UploadFromUrl\getSourceType
getSourceType()
Definition UploadFromUrl.php:255

MediaWiki\Upload\UploadFromUrl\isAllowed
static isAllowed(Authority $performer)
Checks if the user is allowed to use the upload-by-URL feature.
Definition UploadFromUrl.php:47

MediaWiki\Upload\UploadFromUrl\initialize
initialize( $name, $url, $initTempFile=true)
Entry point for API upload.
Definition UploadFromUrl.php:213

MediaWiki\Upload\UploadFromUrl\getCacheKey
static getCacheKey( $params)
Provides a caching key for an upload from url set of parameters Used to set the status of an async jo...
Definition UploadFromUrl.php:121

MediaWiki\Upload\UploadFromUrl\getAllowedHosts
static getAllowedHosts()
Definition UploadFromUrl.php:159

MediaWiki\Upload\UploadFromUrl\isValidRequest
static isValidRequest( $request)
Definition UploadFromUrl.php:241

MediaWiki\Permissions\Authority
This interface represents the authority associated with the current execution context,...
Definition Authority.php:23

MediaWiki\Permissions\Authority\isAllowed
isAllowed(string $permission, ?PermissionStatus $status=null)
Checks whether this authority has the given permission in general.

MediaWiki\Upload

$request
$request
Definition opensearch_desc.php:24

$url
$url
Definition opensearch_desc.php:23