MediaWiki master
UploadStash.php
Go to the documentation of this file.
1<?php
9namespace MediaWiki\Upload;
10
11use MediaWiki\Context\RequestContext;
12use MediaWiki\FileRepo\File\File;
13use MediaWiki\FileRepo\LocalRepo;
14use MediaWiki\MainConfigNames;
15use MediaWiki\MediaWikiServices;
16use MediaWiki\Upload\Exception\UploadStashBadPathException;
17use MediaWiki\Upload\Exception\UploadStashFileException;
18use MediaWiki\Upload\Exception\UploadStashFileNotFoundException;
19use MediaWiki\Upload\Exception\UploadStashNoSuchKeyException;
20use MediaWiki\Upload\Exception\UploadStashNotLoggedInException;
21use MediaWiki\Upload\Exception\UploadStashWrongOwnerException;
22use MediaWiki\Upload\Exception\UploadStashZeroLengthFileException;
23use MediaWiki\User\UserIdentity;
24use MediaWiki\Utils\MWFileProps;
25
56class UploadStash {
57 // Format of the key for files -- has to be suitable as a filename itself (e.g. ab12cd34ef.jpg)
58 public const KEY_FORMAT_REGEX = '/^[\w\-\.]+\.\w*$/';
59 private const MAX_US_PROPS_SIZE = 65535;
60
67 public $repo;
68
70 protected $files = [];
71
73 protected $fileMetadata = [];
74
76 protected $fileProps = [];
77
79 private $user;
80
89 public function __construct( LocalRepo $repo, ?UserIdentity $user = null ) {
90 // this might change based on wiki's configuration.
91 $this->repo = $repo;
92
93 // if a user was passed, use it. otherwise, attempt to use the global request context.
94 // this keeps LocalRepo from breaking when it creates an UploadStash object
95 $this->user = $user ?? RequestContext::getMain()->getUser();
96 }
97
111 public function getFile( $key, $noAuth = false ) {
112 if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
113 throw new UploadStashBadPathException(
114 wfMessage( 'uploadstash-bad-path-bad-format', $key )
115 );
116 }
117
118 if ( !$noAuth && !$this->user->isRegistered() ) {
119 throw new UploadStashNotLoggedInException(
120 wfMessage( 'uploadstash-not-logged-in' )
121 );
122 }
123
124 if ( !isset( $this->fileMetadata[$key] ) ) {
125 if ( !$this->fetchFileMetadata( $key ) ) {
126 // If nothing was received, it's likely due to replication lag.
127 // Check the primary DB to see if the record is there.
128 $this->fetchFileMetadata( $key, DB_PRIMARY );
129 }
130
131 if ( !isset( $this->fileMetadata[$key] ) ) {
132 throw new UploadStashFileNotFoundException(
133 wfMessage( 'uploadstash-file-not-found', $key )
134 );
135 }
136
137 // create $this->files[$key]
138 $this->initFile( $key );
139
140 // fetch fileprops
141 if (
142 isset( $this->fileMetadata[$key]['us_props'] ) && strlen( $this->fileMetadata[$key]['us_props'] )
143 ) {
144 $this->fileProps[$key] = unserialize( $this->fileMetadata[$key]['us_props'] );
145 } else { // b/c for rows with no us_props
146 wfDebug( __METHOD__ . " fetched props for $key from file" );
147 $path = $this->fileMetadata[$key]['us_path'];
148 $this->fileProps[$key] = $this->repo->getFileProps( $path );
149 }
150 }
151
152 if ( !$this->files[$key]->exists() ) {
153 wfDebug( __METHOD__ . " tried to get file at $key, but it doesn't exist" );
154 // @todo Is this not an UploadStashFileNotFoundException case?
155 throw new UploadStashBadPathException(
156 wfMessage( 'uploadstash-bad-path' )
157 );
158 }
159
160 if ( !$noAuth && $this->fileMetadata[$key]['us_user'] != $this->user->getId() ) {
161 throw new UploadStashWrongOwnerException(
162 wfMessage( 'uploadstash-wrong-owner', $key )
163 );
164 }
165
166 return $this->files[$key];
167 }
168
175 public function getMetadata( $key ) {
176 $this->getFile( $key );
177
178 return $this->fileMetadata[$key];
179 }
180
187 public function getFileProps( $key ) {
188 $this->getFile( $key );
189
190 return $this->fileProps[$key];
191 }
192
206 public function stashFile( $path, $sourceType = null, $fileProps = null ) {
207 if ( !is_file( $path ) ) {
208 wfDebug( __METHOD__ . " tried to stash file at '$path', but it doesn't exist" );
209 throw new UploadStashBadPathException(
210 wfMessage( 'uploadstash-bad-path' )
211 );
212 }
213
214 // File props is expensive to generate for large files, so reuse if possible.
215 if ( !$fileProps ) {
216 $mwProps = new MWFileProps( MediaWikiServices::getInstance()->getMimeAnalyzer() );
217 $fileProps = $mwProps->getPropsFromPath( $path, true );
218 }
219 wfDebug( __METHOD__ . " stashing file at '$path'" );
220
221 // we will be initializing from some tmpnam files that don't have extensions.
222 // most of MediaWiki assumes all uploaded files have good extensions. So, we fix this.
223 $extension = self::getExtensionForPath( $path );
224 if ( !preg_match( "/\\.\\Q$extension\\E$/", $path ) ) {
225 $pathWithGoodExtension = "$path.$extension";
226 } else {
227 $pathWithGoodExtension = $path;
228 }
229
230 // If no key was supplied, make one. a mysql insertid would be totally
231 // reasonable here, except that for historical reasons, the key is this
232 // random thing instead. At least it's not guessable.
233 // Some things that when combined will make a suitably unique key.
234 // see: http://www.jwz.org/doc/mid.html
235 [ $usec, $sec ] = explode( ' ', microtime() );
236 $usec = substr( $usec, 2 );
237 $key = \Wikimedia\base_convert( $sec . $usec, 10, 36 ) . '.' .
238 \Wikimedia\base_convert( (string)mt_rand(), 10, 36 ) . '.' .
239 $this->user->getId() . '.' .
240 $extension;
241
242 $this->fileProps[$key] = $fileProps;
243
244 if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
245 throw new UploadStashBadPathException(
246 wfMessage( 'uploadstash-bad-path-bad-format', $key )
247 );
248 }
249
250 wfDebug( __METHOD__ . " key for '$path': $key" );
251
252 // if not already in a temporary area, put it there
253 $storeStatus = $this->repo->storeTemp( basename( $pathWithGoodExtension ), $path );
254
255 if ( !$storeStatus->isOK() ) {
256 // It is a convention in MediaWiki to only return one error per API
257 // exception, even if multiple errors are available.[citation needed]
258 // Pick the "first" thing that was wrong, preferring errors to warnings.
259 // This is a bit lame, as we may have more info in the
260 // $storeStatus and we're throwing it away, but to fix it means
261 // redesigning API errors significantly.
262 // $storeStatus->value just contains the virtual URL (if anything)
263 // which is probably useless to the caller.
264 foreach ( $storeStatus->getMessages( 'error' ) as $msg ) {
265 throw new UploadStashFileException( $msg );
266 }
267 foreach ( $storeStatus->getMessages( 'warning' ) as $msg ) {
268 throw new UploadStashFileException( $msg );
269 }
270 // XXX: This isn't a real message, hopefully this case is unreachable
271 throw new UploadStashFileException( [ 'unknown', 'no error recorded' ] );
272 }
273 $stashPath = $storeStatus->value;
274
275 // fetch the current user ID
276 if ( !$this->user->isRegistered() ) {
277 throw new UploadStashNotLoggedInException(
278 wfMessage( 'uploadstash-not-logged-in' )
279 );
280 }
281
282 // insert the file metadata into the db.
283 wfDebug( __METHOD__ . " inserting $stashPath under $key" );
284 $dbw = $this->repo->getPrimaryDB();
285
286 $serializedFileProps = serialize( $fileProps );
287 if ( strlen( $serializedFileProps ) > self::MAX_US_PROPS_SIZE ) {
288 // Database is going to truncate this and make the field invalid.
289 // Prioritize important metadata over file handler metadata.
290 // File handler should be prepared to regenerate invalid metadata if needed.
291 $fileProps['metadata'] = [];
292 $serializedFileProps = serialize( $fileProps );
293 }
294
295 $insertRow = [
296 'us_user' => $this->user->getId(),
297 'us_key' => $key,
298 'us_orig_path' => $path,
299 'us_path' => $stashPath, // virtual URL
300 'us_props' => $dbw->encodeBlob( $serializedFileProps ),
301 'us_size' => $fileProps['size'],
302 'us_sha1' => $fileProps['sha1'],
303 'us_mime' => $fileProps['mime'],
304 'us_media_type' => $fileProps['media_type'],
305 'us_image_width' => $fileProps['width'],
306 'us_image_height' => $fileProps['height'],
307 'us_image_bits' => $fileProps['bits'],
308 'us_source_type' => $sourceType,
309 'us_timestamp' => $dbw->timestamp(),
310 'us_status' => 'finished'
311 ];
312
313 $dbw->newInsertQueryBuilder()
314 ->insertInto( 'uploadstash' )
315 ->row( $insertRow )
316 ->caller( __METHOD__ )->execute();
317
318 // store the insertid in the class variable so immediate retrieval
319 // (possibly laggy) isn't necessary.
320 $insertRow['us_id'] = $dbw->insertId();
321
322 $this->fileMetadata[$key] = $insertRow;
323
324 # create the UploadStashFile object for this file.
325 $this->initFile( $key );
326
327 return $this->getFile( $key );
328 }
329
337 public function clear() {
338 if ( !$this->user->isRegistered() ) {
339 throw new UploadStashNotLoggedInException(
340 wfMessage( 'uploadstash-not-logged-in' )
341 );
342 }
343
344 wfDebug( __METHOD__ . ' clearing all rows for user ' . $this->user->getId() );
345 $dbw = $this->repo->getPrimaryDB();
346 $dbw->newDeleteQueryBuilder()
347 ->deleteFrom( 'uploadstash' )
348 ->where( [ 'us_user' => $this->user->getId() ] )
349 ->caller( __METHOD__ )->execute();
350
351 # destroy objects.
352 $this->files = [];
353 $this->fileMetadata = [];
354
355 return true;
356 }
357
366 public function removeFile( $key ) {
367 if ( !$this->user->isRegistered() ) {
368 throw new UploadStashNotLoggedInException(
369 wfMessage( 'uploadstash-not-logged-in' )
370 );
371 }
372
373 $dbw = $this->repo->getPrimaryDB();
374
375 // this is a cheap query. it runs on the primary DB so that this function
376 // still works when there's lag. It won't be called all that often.
377 $row = $dbw->newSelectQueryBuilder()
378 ->select( 'us_user' )
379 ->from( 'uploadstash' )
380 ->where( [ 'us_key' => $key ] )
381 ->caller( __METHOD__ )->fetchRow();
382
383 if ( !$row ) {
384 throw new UploadStashNoSuchKeyException(
385 wfMessage( 'uploadstash-no-such-key', $key )
386 );
387 }
388
389 if ( $row->us_user != $this->user->getId() ) {
390 throw new UploadStashWrongOwnerException(
391 wfMessage( 'uploadstash-wrong-owner', $key )
392 );
393 }
394
395 return $this->removeFileNoAuth( $key );
396 }
397
404 public function removeFileNoAuth( $key ) {
405 wfDebug( __METHOD__ . " clearing row $key" );
406
407 // Ensure we have the UploadStashFile loaded for this key
408 $this->getFile( $key, true );
409
410 $dbw = $this->repo->getPrimaryDB();
411
412 $dbw->newDeleteQueryBuilder()
413 ->deleteFrom( 'uploadstash' )
414 ->where( [ 'us_key' => $key ] )
415 ->caller( __METHOD__ )->execute();
416
420 $this->files[$key]->remove();
421
422 unset( $this->files[$key] );
423 unset( $this->fileMetadata[$key] );
424
425 return true;
426 }
427
434 public function listFiles(): array {
435 if ( !$this->user->isRegistered() ) {
436 throw new UploadStashNotLoggedInException(
437 wfMessage( 'uploadstash-not-logged-in' )
438 );
439 }
440
441 return $this->repo->getReplicaDB()->newSelectQueryBuilder()
442 ->select( 'us_key' )
443 ->from( 'uploadstash' )
444 ->where( [ 'us_user' => $this->user->getId() ] )
445 ->caller( __METHOD__ )
446 ->fetchFieldValues();
447 }
448
458 public static function getExtensionForPath( $path ) {
459 $prohibitedFileExtensions = MediaWikiServices::getInstance()
460 ->getMainConfig()->get( MainConfigNames::ProhibitedFileExtensions );
461 // Does this have an extension?
462 $n = strrpos( $path, '.' );
463
464 if ( $n !== false ) {
465 $extension = $n ? substr( $path, $n + 1 ) : '';
466 } else {
467 // If not, assume that it should be related to the MIME type of the original file.
468 $magic = MediaWikiServices::getInstance()->getMimeAnalyzer();
469 $mimeType = $magic->guessMimeType( $path );
470 $extension = $magic->getExtensionFromMimeTypeOrNull( $mimeType ) ?? '';
471 }
472
473 $extension = File::normalizeExtension( $extension );
474 if ( in_array( $extension, $prohibitedFileExtensions ) ) {
475 // The file should already be checked for being evil.
476 // However, if somehow we got here, we definitely
477 // don't want to give it an extension of .php and
478 // put it in a web accessible directory.
479 return '';
480 }
481
482 return $extension;
483 }
484
492 protected function fetchFileMetadata( $key, $readFromDB = DB_REPLICA ) {
493 // populate $fileMetadata[$key]
494 if ( $readFromDB === DB_PRIMARY ) {
495 // sometimes reading from the primary DB is necessary, if there's replication lag.
496 $dbr = $this->repo->getPrimaryDB();
497 } else {
498 $dbr = $this->repo->getReplicaDB();
499 }
500
501 $row = $dbr->newSelectQueryBuilder()
502 ->select( [
503 'us_user', 'us_key', 'us_orig_path', 'us_path', 'us_props',
504 'us_size', 'us_sha1', 'us_mime', 'us_media_type',
505 'us_image_width', 'us_image_height', 'us_image_bits',
506 'us_source_type', 'us_timestamp', 'us_status',
507 ] )
508 ->from( 'uploadstash' )
509 ->where( [ 'us_key' => $key ] )
510 ->caller( __METHOD__ )->fetchRow();
511
512 if ( !is_object( $row ) ) {
513 // key wasn't present in the database. this will happen sometimes.
514 return false;
515 }
516
517 $this->fileMetadata[$key] = (array)$row;
518 $this->fileMetadata[$key]['us_props'] = $dbr->decodeBlob( $row->us_props );
519
520 return true;
521 }
522
530 protected function initFile( $key ) {
531 $file = new UploadStashFile(
532 $this->repo,
533 $this->fileMetadata[$key]['us_path'],
534 $key,
535 $this->fileMetadata[$key]['us_sha1'],
536 $this->fileMetadata[$key]['us_mime'] ?? false
537 );
538 if ( $file->getSize() === 0 ) {
539 throw new UploadStashZeroLengthFileException(
540 wfMessage( 'uploadstash-zero-length' )
541 );
542 }
543 $this->files[$key] = $file;
544
545 return true;
546 }
547}
548
550class_alias( UploadStash::class, 'UploadStash' );
wfDebug
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Definition GlobalFunctions.php:414
wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition GlobalFunctions.php:602
DB_REPLICA
const DB_REPLICA
Definition defines.php:26
DB_PRIMARY
const DB_PRIMARY
Definition defines.php:28
if
if(!defined('MW_SETUP_CALLBACK'))
Definition WebStart.php:69
MediaWiki\Context\RequestContext
Group all the pieces relevant to the context of a request into one instance.
Definition RequestContext.php:51
MediaWiki\FileRepo\File\File
Implements some public methods and some protected utility functions which are required by multiple ch...
Definition File.php:80
MediaWiki\FileRepo\LocalRepo
Local repository that stores files in the local filesystem and registers them in the wiki's own datab...
Definition LocalRepo.php:45
MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22
MediaWiki\MainConfigNames\ProhibitedFileExtensions
const ProhibitedFileExtensions
Name constant for the ProhibitedFileExtensions setting, for use with Config::get()
Definition MainConfigNames.php:486
MediaWiki\MediaWikiServices
Service locator for MediaWiki core services.
Definition MediaWikiServices.php:264
MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition MediaWikiServices.php:352
MediaWiki\Upload\UploadStash
UploadStash is intended to accomplish a few things:
Definition UploadStash.php:56
MediaWiki\Upload\UploadStash\$repo
LocalRepo $repo
repository that this uses to store temp files public because we sometimes need to get a LocalFile wit...
Definition UploadStash.php:67
MediaWiki\Upload\UploadStash\$files
array $files
array of initialized repo objects
Definition UploadStash.php:70
MediaWiki\Upload\UploadStash\getFile
getFile( $key, $noAuth=false)
Get a file and its metadata from the stash.
Definition UploadStash.php:111
MediaWiki\Upload\UploadStash\listFiles
listFiles()
List all files in the stash.
Definition UploadStash.php:434
MediaWiki\Upload\UploadStash\clear
clear()
Remove all files from the stash.
Definition UploadStash.php:337
MediaWiki\Upload\UploadStash\getFileProps
getFileProps( $key)
Getter for fileProps.
Definition UploadStash.php:187
MediaWiki\Upload\UploadStash\removeFile
removeFile( $key)
Remove a particular file from the stash.
Definition UploadStash.php:366
MediaWiki\Upload\UploadStash\getMetadata
getMetadata( $key)
Getter for file metadata.
Definition UploadStash.php:175
MediaWiki\Upload\UploadStash\getExtensionForPath
static getExtensionForPath( $path)
Find or guess extension – ensuring that our extension matches our MIME type.
Definition UploadStash.php:458
MediaWiki\Upload\UploadStash\fetchFileMetadata
fetchFileMetadata( $key, $readFromDB=DB_REPLICA)
Helper function: do the actual database query to fetch file metadata.
Definition UploadStash.php:492
MediaWiki\Upload\UploadStash\stashFile
stashFile( $path, $sourceType=null, $fileProps=null)
Stash a file in a temp directory and record that we did this in the database, along with other metada...
Definition UploadStash.php:206
MediaWiki\Upload\UploadStash\__construct
__construct(LocalRepo $repo, ?UserIdentity $user=null)
Represents a temporary filestore, with metadata in the database.
Definition UploadStash.php:89
MediaWiki\Upload\UploadStash\initFile
initFile( $key)
Helper function: Initialize the UploadStashFile for a given file.
Definition UploadStash.php:530
MediaWiki\Upload\UploadStash\removeFileNoAuth
removeFileNoAuth( $key)
Remove a file (see removeFile), but doesn't check ownership first.
Definition UploadStash.php:404
MediaWiki\Upload\UploadStash\$fileProps
array $fileProps
fileprops cache
Definition UploadStash.php:76
MediaWiki\Upload\UploadStash\$fileMetadata
array $fileMetadata
cache of the file metadata that's stored in the database
Definition UploadStash.php:73
MediaWiki\Utils\MWFileProps
MimeMagic helper wrapper.
Definition MWFileProps.php:22
MediaWiki\User\UserIdentity
Interface for objects representing user identity.
Definition UserIdentity.php:24