MediaWiki  master
UploadFromUrl.php
Go to the documentation of this file.
1 <?php
26 
34 class UploadFromUrl extends UploadBase {
35  protected $mUrl;
36 
37  protected $mTempPath, $mTmpHandle;
38 
39  protected static $allowedUrls = [];
40 
50  public static function isAllowed( Authority $performer ) {
51  if ( !$performer->isAllowed( 'upload_by_url' )
52  ) {
53  return 'upload_by_url';
54  }
55 
56  return parent::isAllowed( $performer );
57  }
58 
63  public static function isEnabled() {
64  global $wgAllowCopyUploads;
65 
66  return $wgAllowCopyUploads && parent::isEnabled();
67  }
68 
77  public static function isAllowedHost( $url ) {
78  global $wgCopyUploadsDomains;
79  if ( !count( $wgCopyUploadsDomains ) ) {
80  return true;
81  }
82  $parsedUrl = wfParseUrl( $url );
83  if ( !$parsedUrl ) {
84  return false;
85  }
86  $valid = false;
87  foreach ( $wgCopyUploadsDomains as $domain ) {
88  // See if the domain for the upload matches this allowed domain
89  $domainPieces = explode( '.', $domain );
90  $uploadDomainPieces = explode( '.', $parsedUrl['host'] );
91  if ( count( $domainPieces ) === count( $uploadDomainPieces ) ) {
92  $valid = true;
93  // See if all the pieces match or not (excluding wildcards)
94  foreach ( $domainPieces as $index => $piece ) {
95  if ( $piece !== '*' && $piece !== $uploadDomainPieces[$index] ) {
96  $valid = false;
97  }
98  }
99  if ( $valid ) {
100  // We found a match, so quit comparing against the list
101  break;
102  }
103  }
104  /* Non-wildcard test
105  if ( $parsedUrl['host'] === $domain ) {
106  $valid = true;
107  break;
108  }
109  */
110  }
111 
112  return $valid;
113  }
114 
121  public static function isAllowedUrl( $url ) {
122  if ( !isset( self::$allowedUrls[$url] ) ) {
123  $allowed = true;
124  Hooks::runner()->onIsUploadAllowedFromUrl( $url, $allowed );
125  self::$allowedUrls[$url] = $allowed;
126  }
127 
128  return self::$allowedUrls[$url];
129  }
130 
138  public function initialize( $name, $url ) {
139  $this->mUrl = $url;
140 
141  $tempPath = $this->makeTemporaryFile();
142  # File size and removeTempFile will be filled in later
143  $this->initializePathInfo( $name, $tempPath, 0, false );
144  }
145 
150  public function initializeFromRequest( &$request ) {
151  $desiredDestName = $request->getText( 'wpDestFile' );
152  if ( !$desiredDestName ) {
153  $desiredDestName = $request->getText( 'wpUploadFileURL' );
154  }
155  $this->initialize(
156  $desiredDestName,
157  trim( $request->getVal( 'wpUploadFileURL' ) )
158  );
159  }
160 
165  public static function isValidRequest( $request ) {
166  $user = RequestContext::getMain()->getUser();
167 
168  $url = $request->getVal( 'wpUploadFileURL' );
169 
170  return !empty( $url )
171  && MediaWikiServices::getInstance()
172  ->getPermissionManager()
173  ->userHasRight( $user, 'upload_by_url' );
174  }
175 
179  public function getSourceType() {
180  return 'url';
181  }
182 
190  public function fetchFile( $httpOptions = [] ) {
191  if ( !MWHttpRequest::isValidURI( $this->mUrl ) ) {
192  return Status::newFatal( 'http-invalid-url', $this->mUrl );
193  }
194 
195  if ( !self::isAllowedHost( $this->mUrl ) ) {
196  return Status::newFatal( 'upload-copy-upload-invalid-domain' );
197  }
198  if ( !self::isAllowedUrl( $this->mUrl ) ) {
199  return Status::newFatal( 'upload-copy-upload-invalid-url' );
200  }
201  return $this->reallyFetchFile( $httpOptions );
202  }
203 
209  protected function makeTemporaryFile() {
210  $tmpFile = MediaWikiServices::getInstance()->getTempFSFileFactory()
211  ->newTempFSFile( 'URL', 'urlupload_' );
212  $tmpFile->bind( $this );
213 
214  return $tmpFile->getPath();
215  }
216 
224  public function saveTempFileChunk( $req, $buffer ) {
225  wfDebugLog( 'fileupload', 'Received chunk of ' . strlen( $buffer ) . ' bytes' );
226  $nbytes = fwrite( $this->mTmpHandle, $buffer );
227 
228  if ( $nbytes == strlen( $buffer ) ) {
229  $this->mFileSize += $nbytes;
230  } else {
231  // Well... that's not good!
232  wfDebugLog(
233  'fileupload',
234  'Short write ' . $nbytes . '/' . strlen( $buffer ) .
235  ' bytes, aborting with ' . $this->mFileSize . ' uploaded so far'
236  );
237  fclose( $this->mTmpHandle );
238  $this->mTmpHandle = false;
239  }
240 
241  return $nbytes;
242  }
243 
251  protected function reallyFetchFile( $httpOptions = [] ) {
253  if ( $this->mTempPath === false ) {
254  return Status::newFatal( 'tmp-create-error' );
255  }
256 
257  // Note the temporary file should already be created by makeTemporaryFile()
258  $this->mTmpHandle = fopen( $this->mTempPath, 'wb' );
259  if ( !$this->mTmpHandle ) {
260  return Status::newFatal( 'tmp-create-error' );
261  }
262  wfDebugLog( 'fileupload', 'Temporary file created "' . $this->mTempPath . '"' );
263 
264  $this->mRemoveTempFile = true;
265  $this->mFileSize = 0;
266 
267  $options = $httpOptions + [ 'followRedirects' => false ];
268 
269  if ( $wgCopyUploadProxy !== false ) {
270  $options['proxy'] = $wgCopyUploadProxy;
271  }
272 
273  if ( $wgCopyUploadTimeout && !isset( $options['timeout'] ) ) {
274  $options['timeout'] = $wgCopyUploadTimeout;
275  }
276  wfDebugLog(
277  'fileupload',
278  'Starting download from "' . $this->mUrl . '" ' .
279  '<' . implode( ',', array_keys( array_filter( $options ) ) ) . '>'
280  );
281 
282  // Manually follow any redirects up to the limit and reset the output file before each new request to prevent
283  // capturing the redirect response as part of the file.
284  $attemptsLeft = $options['maxRedirects'] ?? 5;
285  $targetUrl = $this->mUrl;
286  $requestFactory = MediaWikiServices::getInstance()->getHttpRequestFactory();
287  while ( $attemptsLeft > 0 ) {
288  $req = $requestFactory->create( $targetUrl, $options, __METHOD__ );
289  $req->setCallback( [ $this, 'saveTempFileChunk' ] );
290  $status = $req->execute();
291  if ( !$req->isRedirect() ) {
292  break;
293  }
294  $targetUrl = $req->getFinalUrl();
295  // Remove redirect response content from file.
296  ftruncate( $this->mTmpHandle, 0 );
297  rewind( $this->mTmpHandle );
298  $attemptsLeft--;
299  }
300 
301  if ( $attemptsLeft == 0 ) {
302  return Status::newFatal( 'upload-too-many-redirects' );
303  }
304 
305  if ( $this->mTmpHandle ) {
306  // File got written ok...
307  fclose( $this->mTmpHandle );
308  $this->mTmpHandle = null;
309  } else {
310  // We encountered a write error during the download...
311  return Status::newFatal( 'tmp-write-error' );
312  }
313 
314  wfDebugLog( 'fileupload', $status );
315  if ( $status->isOK() ) {
316  wfDebugLog( 'fileupload', 'Download by URL completed successfully.' );
317  } else {
318  wfDebugLog(
319  'fileupload',
320  'Download by URL completed with HTTP status ' . $req->getStatus()
321  );
322  }
323 
324  return $status;
325  }
326 }
UploadBase
UploadBase and subclasses are the backend of MediaWiki's file uploads.
Definition: UploadBase.php:47
StatusValue\newFatal
static newFatal( $message,... $parameters)
Factory function for fatal errors.
Definition: StatusValue.php:70
UploadFromUrl\$mUrl
$mUrl
Definition: UploadFromUrl.php:35
$wgCopyUploadsDomains
$wgCopyUploadsDomains
A list of domains copy uploads can come from.
Definition: DefaultSettings.php:983
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition: MediaWikiServices.php:193
$wgCopyUploadTimeout
int bool $wgCopyUploadTimeout
Different timeout for upload by url This could be useful since when fetching large files,...
Definition: DefaultSettings.php:1008
UploadFromUrl\$mTmpHandle
$mTmpHandle
Definition: UploadFromUrl.php:37
wfDebugLog
wfDebugLog( $logGroup, $text, $dest='all', array $context=[])
Send a line to a supplementary debug log file, if configured, or main debug log if not.
Definition: GlobalFunctions.php:958
UploadFromUrl\saveTempFileChunk
saveTempFileChunk( $req, $buffer)
Callback: save a chunk of the result of a HTTP request to the temporary file.
Definition: UploadFromUrl.php:224
UploadFromUrl\initialize
initialize( $name, $url)
Entry point for API upload.
Definition: UploadFromUrl.php:138
wfParseUrl
wfParseUrl( $url)
parse_url() work-alike, but non-broken.
Definition: GlobalFunctions.php:776
UploadFromUrl
Implements uploading from a HTTP resource.
Definition: UploadFromUrl.php:34
UploadFromUrl\$mTempPath
$mTempPath
Definition: UploadFromUrl.php:37
UploadFromUrl\makeTemporaryFile
makeTemporaryFile()
Create a new temporary file in the URL subdirectory of wfTempDir().
Definition: UploadFromUrl.php:209
UploadFromUrl\isEnabled
static isEnabled()
Checks if the upload from URL feature is enabled.
Definition: UploadFromUrl.php:63
UploadFromUrl\isValidRequest
static isValidRequest( $request)
Definition: UploadFromUrl.php:165
UploadFromUrl\getSourceType
getSourceType()
Definition: UploadFromUrl.php:179
UploadFromUrl\$allowedUrls
static $allowedUrls
Definition: UploadFromUrl.php:39
UploadFromUrl\isAllowed
static isAllowed(Authority $performer)
Checks if the user is allowed to use the upload-by-URL feature.
Definition: UploadFromUrl.php:50
$wgCopyUploadProxy
$wgCopyUploadProxy
Proxy to use for copy upload requests.
Definition: DefaultSettings.php:996
MediaWiki\Permissions\Authority
This interface represents the authority associated the current execution context, such as a web reque...
Definition: Authority.php:37
UploadFromUrl\isAllowedUrl
static isAllowedUrl( $url)
Checks whether the URL is not allowed.
Definition: UploadFromUrl.php:121
Hooks\runner
static runner()
Get a HookRunner instance for calling hooks using the new interfaces.
Definition: Hooks.php:173
UploadFromUrl\isAllowedHost
static isAllowedHost( $url)
Checks whether the URL is for an allowed host The domains in the allowlist can include wildcard chara...
Definition: UploadFromUrl.php:77
RequestContext\getMain
static getMain()
Get the RequestContext object associated with the main request.
Definition: RequestContext.php:484
UploadBase\initializePathInfo
initializePathInfo( $name, $tempPath, $fileSize, $removeTempFile=false)
Definition: UploadBase.php:260
MediaWiki\Permissions\Authority\isAllowed
isAllowed(string $permission)
Checks whether this authority has the given permission in general.
UploadFromUrl\fetchFile
fetchFile( $httpOptions=[])
Download the file.
Definition: UploadFromUrl.php:190
MWHttpRequest\isValidURI
static isValidURI( $uri)
Check that the given URI is a valid one.
Definition: MWHttpRequest.php:699
$wgAllowCopyUploads
$wgAllowCopyUploads
Allow for upload to be copied from an URL.
Definition: DefaultSettings.php:976
UploadFromUrl\reallyFetchFile
reallyFetchFile( $httpOptions=[])
Download the file, save it to the temporary file and update the file size and set $mRemoveTempFile to...
Definition: UploadFromUrl.php:251
UploadFromUrl\initializeFromRequest
initializeFromRequest(&$request)
Entry point for SpecialUpload.
Definition: UploadFromUrl.php:150