MediaWiki  master
UploadStash.php
Go to the documentation of this file.
1 <?php
53 class UploadStash {
54  // Format of the key for files -- has to be suitable as a filename itself (e.g. ab12cd34ef.jpg)
55  const KEY_FORMAT_REGEX = '/^[\w\-\.]+\.\w*$/';
56  const MAX_US_PROPS_SIZE = 65535;
57 
64  public $repo;
65 
66  // array of initialized repo objects
67  protected $files = [];
68 
69  // cache of the file metadata that's stored in the database
70  protected $fileMetadata = [];
71 
72  // fileprops cache
73  protected $fileProps = [];
74 
75  // current user
76  protected $user, $userId, $isLoggedIn;
77 
86  public function __construct( FileRepo $repo, $user = null ) {
87  // this might change based on wiki's configuration.
88  $this->repo = $repo;
89 
90  // if a user was passed, use it. otherwise, attempt to use the global.
91  // this keeps FileRepo from breaking when it creates an UploadStash object
92  if ( $user ) {
93  $this->user = $user;
94  } else {
95  global $wgUser;
96  $this->user = $wgUser;
97  }
98 
99  if ( is_object( $this->user ) ) {
100  $this->userId = $this->user->getId();
101  $this->isLoggedIn = $this->user->isLoggedIn();
102  }
103  }
104 
118  public function getFile( $key, $noAuth = false ) {
119  if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
120  throw new UploadStashBadPathException(
121  wfMessage( 'uploadstash-bad-path-bad-format', $key )
122  );
123  }
124 
125  if ( !$noAuth && !$this->isLoggedIn ) {
127  wfMessage( 'uploadstash-not-logged-in' )
128  );
129  }
130 
131  if ( !isset( $this->fileMetadata[$key] ) ) {
132  if ( !$this->fetchFileMetadata( $key ) ) {
133  // If nothing was received, it's likely due to replication lag.
134  // Check the master to see if the record is there.
135  $this->fetchFileMetadata( $key, DB_MASTER );
136  }
137 
138  if ( !isset( $this->fileMetadata[$key] ) ) {
140  wfMessage( 'uploadstash-file-not-found', $key )
141  );
142  }
143 
144  // create $this->files[$key]
145  $this->initFile( $key );
146 
147  // fetch fileprops
148  if ( strlen( $this->fileMetadata[$key]['us_props'] ) ) {
149  $this->fileProps[$key] = unserialize( $this->fileMetadata[$key]['us_props'] );
150  } else { // b/c for rows with no us_props
151  wfDebug( __METHOD__ . " fetched props for $key from file\n" );
152  $path = $this->fileMetadata[$key]['us_path'];
153  $this->fileProps[$key] = $this->repo->getFileProps( $path );
154  }
155  }
156 
157  if ( !$this->files[$key]->exists() ) {
158  wfDebug( __METHOD__ . " tried to get file at $key, but it doesn't exist\n" );
159  // @todo Is this not an UploadStashFileNotFoundException case?
160  throw new UploadStashBadPathException(
161  wfMessage( 'uploadstash-bad-path' )
162  );
163  }
164 
165  if ( !$noAuth && $this->fileMetadata[$key]['us_user'] != $this->userId ) {
167  wfMessage( 'uploadstash-wrong-owner', $key )
168  );
169  }
170 
171  return $this->files[$key];
172  }
173 
180  public function getMetadata( $key ) {
181  $this->getFile( $key );
182 
183  return $this->fileMetadata[$key];
184  }
185 
192  public function getFileProps( $key ) {
193  $this->getFile( $key );
194 
195  return $this->fileProps[$key];
196  }
197 
210  public function stashFile( $path, $sourceType = null ) {
211  if ( !is_file( $path ) ) {
212  wfDebug( __METHOD__ . " tried to stash file at '$path', but it doesn't exist\n" );
213  throw new UploadStashBadPathException(
214  wfMessage( 'uploadstash-bad-path' )
215  );
216  }
217 
218  $mwProps = new MWFileProps( MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer() );
219  $fileProps = $mwProps->getPropsFromPath( $path, true );
220  wfDebug( __METHOD__ . " stashing file at '$path'\n" );
221 
222  // we will be initializing from some tmpnam files that don't have extensions.
223  // most of MediaWiki assumes all uploaded files have good extensions. So, we fix this.
224  $extension = self::getExtensionForPath( $path );
225  if ( !preg_match( "/\\.\\Q$extension\\E$/", $path ) ) {
226  $pathWithGoodExtension = "$path.$extension";
227  } else {
228  $pathWithGoodExtension = $path;
229  }
230 
231  // If no key was supplied, make one. a mysql insertid would be totally
232  // reasonable here, except that for historical reasons, the key is this
233  // random thing instead. At least it's not guessable.
234  // Some things that when combined will make a suitably unique key.
235  // see: http://www.jwz.org/doc/mid.html
236  list( $usec, $sec ) = explode( ' ', microtime() );
237  $usec = substr( $usec, 2 );
238  $key = Wikimedia\base_convert( $sec . $usec, 10, 36 ) . '.' .
239  Wikimedia\base_convert( mt_rand(), 10, 36 ) . '.' .
240  $this->userId . '.' .
241  $extension;
242 
243  $this->fileProps[$key] = $fileProps;
244 
245  if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
246  throw new UploadStashBadPathException(
247  wfMessage( 'uploadstash-bad-path-bad-format', $key )
248  );
249  }
250 
251  wfDebug( __METHOD__ . " key for '$path': $key\n" );
252 
253  // if not already in a temporary area, put it there
254  $storeStatus = $this->repo->storeTemp( basename( $pathWithGoodExtension ), $path );
255 
256  if ( !$storeStatus->isOK() ) {
257  // It is a convention in MediaWiki to only return one error per API
258  // exception, even if multiple errors are available. We use reset()
259  // to pick the "first" thing that was wrong, preferring errors to
260  // warnings. This is a bit lame, as we may have more info in the
261  // $storeStatus and we're throwing it away, but to fix it means
262  // redesigning API errors significantly.
263  // $storeStatus->value just contains the virtual URL (if anything)
264  // which is probably useless to the caller.
265  $error = $storeStatus->getErrorsArray();
266  $error = reset( $error );
267  if ( !count( $error ) ) {
268  $error = $storeStatus->getWarningsArray();
269  $error = reset( $error );
270  if ( !count( $error ) ) {
271  $error = [ 'unknown', 'no error recorded' ];
272  }
273  }
274  // At this point, $error should contain the single "most important"
275  // error, plus any parameters.
276  $errorMsg = array_shift( $error );
277  throw new UploadStashFileException( wfMessage( $errorMsg, $error ) );
278  }
279  $stashPath = $storeStatus->value;
280 
281  // fetch the current user ID
282  if ( !$this->isLoggedIn ) {
284  wfMessage( 'uploadstash-not-logged-in' )
285  );
286  }
287 
288  // insert the file metadata into the db.
289  wfDebug( __METHOD__ . " inserting $stashPath under $key\n" );
290  $dbw = $this->repo->getMasterDB();
291 
292  $serializedFileProps = serialize( $fileProps );
293  if ( strlen( $serializedFileProps ) > self::MAX_US_PROPS_SIZE ) {
294  // Database is going to truncate this and make the field invalid.
295  // Prioritize important metadata over file handler metadata.
296  // File handler should be prepared to regenerate invalid metadata if needed.
297  $fileProps['metadata'] = false;
298  $serializedFileProps = serialize( $fileProps );
299  }
300 
301  $this->fileMetadata[$key] = [
302  'us_user' => $this->userId,
303  'us_key' => $key,
304  'us_orig_path' => $path,
305  'us_path' => $stashPath, // virtual URL
306  'us_props' => $dbw->encodeBlob( $serializedFileProps ),
307  'us_size' => $fileProps['size'],
308  'us_sha1' => $fileProps['sha1'],
309  'us_mime' => $fileProps['mime'],
310  'us_media_type' => $fileProps['media_type'],
311  'us_image_width' => $fileProps['width'],
312  'us_image_height' => $fileProps['height'],
313  'us_image_bits' => $fileProps['bits'],
314  'us_source_type' => $sourceType,
315  'us_timestamp' => $dbw->timestamp(),
316  'us_status' => 'finished'
317  ];
318 
319  $dbw->insert(
320  'uploadstash',
321  $this->fileMetadata[$key],
322  __METHOD__
323  );
324 
325  // store the insertid in the class variable so immediate retrieval
326  // (possibly laggy) isn't necessary.
327  $this->fileMetadata[$key]['us_id'] = $dbw->insertId();
328 
329  # create the UploadStashFile object for this file.
330  $this->initFile( $key );
331 
332  return $this->getFile( $key );
333  }
334 
342  public function clear() {
343  if ( !$this->isLoggedIn ) {
345  wfMessage( 'uploadstash-not-logged-in' )
346  );
347  }
348 
349  wfDebug( __METHOD__ . ' clearing all rows for user ' . $this->userId . "\n" );
350  $dbw = $this->repo->getMasterDB();
351  $dbw->delete(
352  'uploadstash',
353  [ 'us_user' => $this->userId ],
354  __METHOD__
355  );
356 
357  # destroy objects.
358  $this->files = [];
359  $this->fileMetadata = [];
360 
361  return true;
362  }
363 
372  public function removeFile( $key ) {
373  if ( !$this->isLoggedIn ) {
375  wfMessage( 'uploadstash-not-logged-in' )
376  );
377  }
378 
379  $dbw = $this->repo->getMasterDB();
380 
381  // this is a cheap query. it runs on the master so that this function
382  // still works when there's lag. It won't be called all that often.
383  $row = $dbw->selectRow(
384  'uploadstash',
385  'us_user',
386  [ 'us_key' => $key ],
387  __METHOD__
388  );
389 
390  if ( !$row ) {
392  wfMessage( 'uploadstash-no-such-key', $key )
393  );
394  }
395 
396  if ( $row->us_user != $this->userId ) {
398  wfMessage( 'uploadstash-wrong-owner', $key )
399  );
400  }
401 
402  return $this->removeFileNoAuth( $key );
403  }
404 
411  public function removeFileNoAuth( $key ) {
412  wfDebug( __METHOD__ . " clearing row $key\n" );
413 
414  // Ensure we have the UploadStashFile loaded for this key
415  $this->getFile( $key, true );
416 
417  $dbw = $this->repo->getMasterDB();
418 
419  $dbw->delete(
420  'uploadstash',
421  [ 'us_key' => $key ],
422  __METHOD__
423  );
424 
428  $this->files[$key]->remove();
429 
430  unset( $this->files[$key] );
431  unset( $this->fileMetadata[$key] );
432 
433  return true;
434  }
435 
442  public function listFiles() {
443  if ( !$this->isLoggedIn ) {
445  wfMessage( 'uploadstash-not-logged-in' )
446  );
447  }
448 
449  $dbr = $this->repo->getReplicaDB();
450  $res = $dbr->select(
451  'uploadstash',
452  'us_key',
453  [ 'us_user' => $this->userId ],
454  __METHOD__
455  );
456 
457  if ( !is_object( $res ) || $res->numRows() == 0 ) {
458  // nothing to do.
459  return false;
460  }
461 
462  // finish the read before starting writes.
463  $keys = [];
464  foreach ( $res as $row ) {
465  array_push( $keys, $row->us_key );
466  }
467 
468  return $keys;
469  }
470 
481  public static function getExtensionForPath( $path ) {
482  global $wgFileBlacklist;
483  // Does this have an extension?
484  $n = strrpos( $path, '.' );
485  $extension = null;
486  if ( $n !== false ) {
487  $extension = $n ? substr( $path, $n + 1 ) : '';
488  } else {
489  // If not, assume that it should be related to the MIME type of the original file.
490  $magic = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer();
491  $mimeType = $magic->guessMimeType( $path );
492  $extensions = explode( ' ', $magic->getExtensionsForType( $mimeType ) );
493  if ( count( $extensions ) ) {
494  $extension = $extensions[0];
495  }
496  }
497 
498  if ( is_null( $extension ) ) {
499  throw new UploadStashFileException(
500  wfMessage( 'uploadstash-no-extension' )
501  );
502  }
503 
504  $extension = File::normalizeExtension( $extension );
505  if ( in_array( $extension, $wgFileBlacklist ) ) {
506  // The file should already be checked for being evil.
507  // However, if somehow we got here, we definitely
508  // don't want to give it an extension of .php and
509  // put it in a web accesible directory.
510  return '';
511  }
512 
513  return $extension;
514  }
515 
523  protected function fetchFileMetadata( $key, $readFromDB = DB_REPLICA ) {
524  // populate $fileMetadata[$key]
525  $dbr = null;
526  if ( $readFromDB === DB_MASTER ) {
527  // sometimes reading from the master is necessary, if there's replication lag.
528  $dbr = $this->repo->getMasterDB();
529  } else {
530  $dbr = $this->repo->getReplicaDB();
531  }
532 
533  $row = $dbr->selectRow(
534  'uploadstash',
535  [
536  'us_user', 'us_key', 'us_orig_path', 'us_path', 'us_props',
537  'us_size', 'us_sha1', 'us_mime', 'us_media_type',
538  'us_image_width', 'us_image_height', 'us_image_bits',
539  'us_source_type', 'us_timestamp', 'us_status',
540  ],
541  [ 'us_key' => $key ],
542  __METHOD__
543  );
544 
545  if ( !is_object( $row ) ) {
546  // key wasn't present in the database. this will happen sometimes.
547  return false;
548  }
549 
550  $this->fileMetadata[$key] = (array)$row;
551  $this->fileMetadata[$key]['us_props'] = $dbr->decodeBlob( $row->us_props );
552 
553  return true;
554  }
555 
563  protected function initFile( $key ) {
564  $file = new UploadStashFile( $this->repo, $this->fileMetadata[$key]['us_path'], $key );
565  if ( $file->getSize() === 0 ) {
567  wfMessage( 'uploadstash-zero-length' )
568  );
569  }
570  $this->files[$key] = $file;
571 
572  return true;
573  }
574 }
The wiki should then use memcached to cache various data To use multiple just add more items to the array To increase the weight of a make its entry a array("192.168.0.1:11211", 2))
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
Definition: deferred.txt:11
const KEY_FORMAT_REGEX
Definition: UploadStash.php:55
clear()
Remove all files from the stash.
serialize()
if(PHP_SAPI !='cli-server') if(!isset( $_SERVER['SCRIPT_FILENAME'])) $file
Definition: router.php:42
getMetadata( $key)
Getter for file metadata.
listFiles()
List all files in the stash.
getFile( $key, $noAuth=false)
Get a file and its metadata from the stash.
getFileProps( $key)
Getter for fileProps.
A helper class for throttling authentication attempts.
stashFile( $path, $sourceType=null)
Stash a file in a temp directory and record that we did this in the database, along with other metada...
static getInstance()
Returns the global default instance of the top level service locator.
const DB_MASTER
Definition: defines.php:26
static getExtensionForPath( $path)
Find or guess extension – ensuring that our extension matches our MIME type.
__construct(FileRepo $repo, $user=null)
Represents a temporary filestore, with metadata in the database.
Definition: UploadStash.php:86
either a unescaped string or a HtmlArmor object after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation use $formDescriptor instead default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock() - offset Set to overwrite offset parameter in $wgRequest set to '' to unset offset - wrap String Wrap the message in html(usually something like "&lt
$res
Definition: database.txt:21
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
const MAX_US_PROPS_SIZE
Definition: UploadStash.php:56
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such and we might be restricted by PHP settings such as safe mode or open_basedir We cannot assume that the software even has read access anywhere useful Many shared hosts run all users web applications under the same user
Wikitext formatted, in the key only.
Definition: distributors.txt:9
unserialize( $serialized)
removeFile( $key)
Remove a particular file from the stash.
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that When $user is not null
Definition: hooks.txt:780
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
UploadStash is intended to accomplish a few things:
Definition: UploadStash.php:53
initFile( $key)
Helper function: Initialize the UploadStashFile for a given file.
fetchFileMetadata( $key, $readFromDB=DB_REPLICA)
Helper function: do the actual database query to fetch file metadata.
Base class for file repositories.
Definition: FileRepo.php:39
MimeMagic helper wrapper.
Definition: MWFileProps.php:28
const DB_REPLICA
Definition: defines.php:25
static normalizeExtension( $extension)
Normalize a file extension to the common form, making it lowercase and checking some synonyms...
Definition: File.php:225
$wgFileBlacklist
Files with these extensions will never be allowed as uploads.
LocalRepo $repo
repository that this uses to store temp files public because we sometimes need to get a LocalFile wit...
Definition: UploadStash.php:64
as see the revision history and available at free of to any person obtaining a copy of this software and associated documentation files(the "Software")
removeFileNoAuth( $key)
Remove a file (see removeFile), but doesn&#39;t check ownership first.