MediaWiki  master
UploadStash.php
Go to the documentation of this file.
1 <?php
53 class UploadStash {
54  // Format of the key for files -- has to be suitable as a filename itself (e.g. ab12cd34ef.jpg)
55  public const KEY_FORMAT_REGEX = '/^[\w\-\.]+\.\w*$/';
56  private const MAX_US_PROPS_SIZE = 65535;
57 
64  public $repo;
65 
67  protected $files = [];
68 
70  protected $fileMetadata = [];
71 
73  protected $fileProps = [];
74 
75  // current user
77 
86  public function __construct( FileRepo $repo, $user = null ) {
87  // this might change based on wiki's configuration.
88  $this->repo = $repo;
89 
90  // if a user was passed, use it. otherwise, attempt to use the global request context.
91  // this keeps FileRepo from breaking when it creates an UploadStash object
92  if ( !$user ) {
93  $user = RequestContext::getMain()->getUser();
94  }
95  $this->user = $user;
96 
97  if ( is_object( $this->user ) ) {
98  $this->userId = $this->user->getId();
99  $this->isRegistered = $this->user->isRegistered();
100  }
101  }
102 
116  public function getFile( $key, $noAuth = false ) {
117  if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
118  throw new UploadStashBadPathException(
119  wfMessage( 'uploadstash-bad-path-bad-format', $key )
120  );
121  }
122 
123  if ( !$noAuth && !$this->isRegistered ) {
125  wfMessage( 'uploadstash-not-logged-in' )
126  );
127  }
128 
129  if ( !isset( $this->fileMetadata[$key] ) ) {
130  if ( !$this->fetchFileMetadata( $key ) ) {
131  // If nothing was received, it's likely due to replication lag.
132  // Check the master to see if the record is there.
133  $this->fetchFileMetadata( $key, DB_MASTER );
134  }
135 
136  if ( !isset( $this->fileMetadata[$key] ) ) {
138  wfMessage( 'uploadstash-file-not-found', $key )
139  );
140  }
141 
142  // create $this->files[$key]
143  $this->initFile( $key );
144 
145  // fetch fileprops
146  if ( strlen( $this->fileMetadata[$key]['us_props'] ) ) {
147  $this->fileProps[$key] = unserialize( $this->fileMetadata[$key]['us_props'] );
148  } else { // b/c for rows with no us_props
149  wfDebug( __METHOD__ . " fetched props for $key from file" );
150  $path = $this->fileMetadata[$key]['us_path'];
151  $this->fileProps[$key] = $this->repo->getFileProps( $path );
152  }
153  }
154 
155  if ( !$this->files[$key]->exists() ) {
156  wfDebug( __METHOD__ . " tried to get file at $key, but it doesn't exist" );
157  // @todo Is this not an UploadStashFileNotFoundException case?
158  throw new UploadStashBadPathException(
159  wfMessage( 'uploadstash-bad-path' )
160  );
161  }
162 
163  if ( !$noAuth && $this->fileMetadata[$key]['us_user'] != $this->userId ) {
165  wfMessage( 'uploadstash-wrong-owner', $key )
166  );
167  }
168 
169  return $this->files[$key];
170  }
171 
178  public function getMetadata( $key ) {
179  $this->getFile( $key );
180 
181  return $this->fileMetadata[$key];
182  }
183 
190  public function getFileProps( $key ) {
191  $this->getFile( $key );
192 
193  return $this->fileProps[$key];
194  }
195 
208  public function stashFile( $path, $sourceType = null ) {
209  if ( !is_file( $path ) ) {
210  wfDebug( __METHOD__ . " tried to stash file at '$path', but it doesn't exist" );
211  throw new UploadStashBadPathException(
212  wfMessage( 'uploadstash-bad-path' )
213  );
214  }
215 
216  $mwProps = new MWFileProps( MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer() );
217  $fileProps = $mwProps->getPropsFromPath( $path, true );
218  wfDebug( __METHOD__ . " stashing file at '$path'" );
219 
220  // we will be initializing from some tmpnam files that don't have extensions.
221  // most of MediaWiki assumes all uploaded files have good extensions. So, we fix this.
222  $extension = self::getExtensionForPath( $path );
223  if ( !preg_match( "/\\.\\Q$extension\\E$/", $path ) ) {
224  $pathWithGoodExtension = "$path.$extension";
225  } else {
226  $pathWithGoodExtension = $path;
227  }
228 
229  // If no key was supplied, make one. a mysql insertid would be totally
230  // reasonable here, except that for historical reasons, the key is this
231  // random thing instead. At least it's not guessable.
232  // Some things that when combined will make a suitably unique key.
233  // see: http://www.jwz.org/doc/mid.html
234  list( $usec, $sec ) = explode( ' ', microtime() );
235  $usec = substr( $usec, 2 );
236  $key = Wikimedia\base_convert( $sec . $usec, 10, 36 ) . '.' .
237  Wikimedia\base_convert( mt_rand(), 10, 36 ) . '.' .
238  $this->userId . '.' .
239  $extension;
240 
241  $this->fileProps[$key] = $fileProps;
242 
243  if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
244  throw new UploadStashBadPathException(
245  wfMessage( 'uploadstash-bad-path-bad-format', $key )
246  );
247  }
248 
249  wfDebug( __METHOD__ . " key for '$path': $key" );
250 
251  // if not already in a temporary area, put it there
252  $storeStatus = $this->repo->storeTemp( basename( $pathWithGoodExtension ), $path );
253 
254  if ( !$storeStatus->isOK() ) {
255  // It is a convention in MediaWiki to only return one error per API
256  // exception, even if multiple errors are available. We use reset()
257  // to pick the "first" thing that was wrong, preferring errors to
258  // warnings. This is a bit lame, as we may have more info in the
259  // $storeStatus and we're throwing it away, but to fix it means
260  // redesigning API errors significantly.
261  // $storeStatus->value just contains the virtual URL (if anything)
262  // which is probably useless to the caller.
263  $error = $storeStatus->getErrorsArray();
264  $error = reset( $error );
265  if ( !count( $error ) ) {
266  $error = $storeStatus->getWarningsArray();
267  $error = reset( $error );
268  if ( !count( $error ) ) {
269  $error = [ 'unknown', 'no error recorded' ];
270  }
271  }
272  // At this point, $error should contain the single "most important"
273  // error, plus any parameters.
274  $errorMsg = array_shift( $error );
275  throw new UploadStashFileException( wfMessage( $errorMsg, $error ) );
276  }
277  $stashPath = $storeStatus->value;
278 
279  // fetch the current user ID
280  if ( !$this->isRegistered ) {
282  wfMessage( 'uploadstash-not-logged-in' )
283  );
284  }
285 
286  // insert the file metadata into the db.
287  wfDebug( __METHOD__ . " inserting $stashPath under $key" );
288  $dbw = $this->repo->getMasterDB();
289 
290  $serializedFileProps = serialize( $fileProps );
291  if ( strlen( $serializedFileProps ) > self::MAX_US_PROPS_SIZE ) {
292  // Database is going to truncate this and make the field invalid.
293  // Prioritize important metadata over file handler metadata.
294  // File handler should be prepared to regenerate invalid metadata if needed.
295  $fileProps['metadata'] = false;
296  $serializedFileProps = serialize( $fileProps );
297  }
298 
299  $this->fileMetadata[$key] = [
300  'us_user' => $this->userId,
301  'us_key' => $key,
302  'us_orig_path' => $path,
303  'us_path' => $stashPath, // virtual URL
304  'us_props' => $dbw->encodeBlob( $serializedFileProps ),
305  'us_size' => $fileProps['size'],
306  'us_sha1' => $fileProps['sha1'],
307  'us_mime' => $fileProps['mime'],
308  'us_media_type' => $fileProps['media_type'],
309  'us_image_width' => $fileProps['width'],
310  'us_image_height' => $fileProps['height'],
311  'us_image_bits' => $fileProps['bits'],
312  'us_source_type' => $sourceType,
313  'us_timestamp' => $dbw->timestamp(),
314  'us_status' => 'finished'
315  ];
316 
317  $dbw->insert(
318  'uploadstash',
319  $this->fileMetadata[$key],
320  __METHOD__
321  );
322 
323  // store the insertid in the class variable so immediate retrieval
324  // (possibly laggy) isn't necessary.
325  $this->fileMetadata[$key]['us_id'] = $dbw->insertId();
326 
327  # create the UploadStashFile object for this file.
328  $this->initFile( $key );
329 
330  return $this->getFile( $key );
331  }
332 
340  public function clear() {
341  if ( !$this->isRegistered ) {
343  wfMessage( 'uploadstash-not-logged-in' )
344  );
345  }
346 
347  wfDebug( __METHOD__ . ' clearing all rows for user ' . $this->userId );
348  $dbw = $this->repo->getMasterDB();
349  $dbw->delete(
350  'uploadstash',
351  [ 'us_user' => $this->userId ],
352  __METHOD__
353  );
354 
355  # destroy objects.
356  $this->files = [];
357  $this->fileMetadata = [];
358 
359  return true;
360  }
361 
370  public function removeFile( $key ) {
371  if ( !$this->isRegistered ) {
373  wfMessage( 'uploadstash-not-logged-in' )
374  );
375  }
376 
377  $dbw = $this->repo->getMasterDB();
378 
379  // this is a cheap query. it runs on the master so that this function
380  // still works when there's lag. It won't be called all that often.
381  $row = $dbw->selectRow(
382  'uploadstash',
383  'us_user',
384  [ 'us_key' => $key ],
385  __METHOD__
386  );
387 
388  if ( !$row ) {
390  wfMessage( 'uploadstash-no-such-key', $key )
391  );
392  }
393 
394  if ( $row->us_user != $this->userId ) {
396  wfMessage( 'uploadstash-wrong-owner', $key )
397  );
398  }
399 
400  return $this->removeFileNoAuth( $key );
401  }
402 
409  public function removeFileNoAuth( $key ) {
410  wfDebug( __METHOD__ . " clearing row $key" );
411 
412  // Ensure we have the UploadStashFile loaded for this key
413  $this->getFile( $key, true );
414 
415  $dbw = $this->repo->getMasterDB();
416 
417  $dbw->delete(
418  'uploadstash',
419  [ 'us_key' => $key ],
420  __METHOD__
421  );
422 
426  $this->files[$key]->remove();
427 
428  unset( $this->files[$key] );
429  unset( $this->fileMetadata[$key] );
430 
431  return true;
432  }
433 
440  public function listFiles() {
441  if ( !$this->isRegistered ) {
443  wfMessage( 'uploadstash-not-logged-in' )
444  );
445  }
446 
447  $dbr = $this->repo->getReplicaDB();
448  $res = $dbr->select(
449  'uploadstash',
450  'us_key',
451  [ 'us_user' => $this->userId ],
452  __METHOD__
453  );
454 
455  if ( !is_object( $res ) || $res->numRows() == 0 ) {
456  // nothing to do.
457  return false;
458  }
459 
460  // finish the read before starting writes.
461  $keys = [];
462  foreach ( $res as $row ) {
463  array_push( $keys, $row->us_key );
464  }
465 
466  return $keys;
467  }
468 
478  public static function getExtensionForPath( $path ) {
479  global $wgFileBlacklist;
480  // Does this have an extension?
481  $n = strrpos( $path, '.' );
482 
483  if ( $n !== false ) {
484  $extension = $n ? substr( $path, $n + 1 ) : '';
485  } else {
486  // If not, assume that it should be related to the MIME type of the original file.
487  $magic = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer();
488  $mimeType = $magic->guessMimeType( $path );
489  $extension = $magic->getExtensionFromMimeTypeOrNull( $mimeType );
490  }
491 
492  $extension = File::normalizeExtension( $extension );
493  if ( in_array( $extension, $wgFileBlacklist ) ) {
494  // The file should already be checked for being evil.
495  // However, if somehow we got here, we definitely
496  // don't want to give it an extension of .php and
497  // put it in a web accessible directory.
498  return '';
499  }
500 
501  return $extension;
502  }
503 
511  protected function fetchFileMetadata( $key, $readFromDB = DB_REPLICA ) {
512  // populate $fileMetadata[$key]
513  $dbr = null;
514  if ( $readFromDB === DB_MASTER ) {
515  // sometimes reading from the master is necessary, if there's replication lag.
516  $dbr = $this->repo->getMasterDB();
517  } else {
518  $dbr = $this->repo->getReplicaDB();
519  }
520 
521  $row = $dbr->selectRow(
522  'uploadstash',
523  [
524  'us_user', 'us_key', 'us_orig_path', 'us_path', 'us_props',
525  'us_size', 'us_sha1', 'us_mime', 'us_media_type',
526  'us_image_width', 'us_image_height', 'us_image_bits',
527  'us_source_type', 'us_timestamp', 'us_status',
528  ],
529  [ 'us_key' => $key ],
530  __METHOD__
531  );
532 
533  if ( !is_object( $row ) ) {
534  // key wasn't present in the database. this will happen sometimes.
535  return false;
536  }
537 
538  $this->fileMetadata[$key] = (array)$row;
539  $this->fileMetadata[$key]['us_props'] = $dbr->decodeBlob( $row->us_props );
540 
541  return true;
542  }
543 
551  protected function initFile( $key ) {
552  $file = new UploadStashFile( $this->repo, $this->fileMetadata[$key]['us_path'], $key );
553  if ( $file->getSize() === 0 ) {
555  wfMessage( 'uploadstash-zero-length' )
556  );
557  }
558  $this->files[$key] = $file;
559 
560  return true;
561  }
562 }
UploadStash\removeFileNoAuth
removeFileNoAuth( $key)
Remove a file (see removeFile), but doesn't check ownership first.
Definition: UploadStash.php:409
UploadStash\$userId
$userId
Definition: UploadStash.php:76
$wgFileBlacklist
$wgFileBlacklist
Files with these extensions will never be allowed as uploads.
Definition: DefaultSettings.php:1029
UploadStashNotLoggedInException
@newable
Definition: UploadStashNotLoggedInException.php:27
UploadStashBadPathException
@newable
Definition: UploadStashBadPathException.php:27
UploadStash\KEY_FORMAT_REGEX
const KEY_FORMAT_REGEX
Definition: UploadStash.php:55
UploadStash\listFiles
listFiles()
List all files in the stash.
Definition: UploadStash.php:440
UploadStashWrongOwnerException
@newable
Definition: UploadStashWrongOwnerException.php:27
UploadStash
UploadStash is intended to accomplish a few things:
Definition: UploadStash.php:53
UploadStash\getExtensionForPath
static getExtensionForPath( $path)
Find or guess extension – ensuring that our extension matches our MIME type.
Definition: UploadStash.php:478
UploadStash\getFile
getFile( $key, $noAuth=false)
Get a file and its metadata from the stash.
Definition: UploadStash.php:116
UploadStash\getMetadata
getMetadata( $key)
Getter for file metadata.
Definition: UploadStash.php:178
UploadStash\stashFile
stashFile( $path, $sourceType=null)
Stash a file in a temp directory and record that we did this in the database, along with other metada...
Definition: UploadStash.php:208
$file
if(PHP_SAPI !='cli-server') if(!isset( $_SERVER['SCRIPT_FILENAME'])) $file
Item class for a filearchive table row.
Definition: router.php:42
UploadStashFile
Definition: UploadStashFile.php:24
wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition: GlobalFunctions.php:1230
UploadStashFileException
@newable
Definition: UploadStashFileException.php:27
$res
$res
Definition: testCompression.php:57
serialize
serialize()
Definition: ApiMessageTrait.php:138
$dbr
$dbr
Definition: testCompression.php:54
FileRepo
Base class for file repositories.
Definition: FileRepo.php:41
MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition: MediaWikiServices.php:198
UploadStash\$fileProps
array $fileProps
fileprops cache
Definition: UploadStash.php:73
UploadStash\getFileProps
getFileProps( $key)
Getter for fileProps.
Definition: UploadStash.php:190
File\normalizeExtension
static normalizeExtension( $extension)
Normalize a file extension to the common form, making it lowercase and checking some synonyms,...
Definition: File.php:239
UploadStashZeroLengthFileException
@newable
Definition: UploadStashZeroLengthFileException.php:27
UploadStash\__construct
__construct(FileRepo $repo, $user=null)
Represents a temporary filestore, with metadata in the database.
Definition: UploadStash.php:86
MediaWiki
A helper class for throttling authentication attempts.
MWFileProps
MimeMagic helper wrapper.
Definition: MWFileProps.php:28
DB_REPLICA
const DB_REPLICA
Definition: defines.php:25
DB_MASTER
const DB_MASTER
Definition: defines.php:26
wfDebug
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Definition: GlobalFunctions.php:914
UploadStash\MAX_US_PROPS_SIZE
const MAX_US_PROPS_SIZE
Definition: UploadStash.php:56
UploadStashNoSuchKeyException
@newable
Definition: UploadStashNoSuchKeyException.php:27
UploadStash\removeFile
removeFile( $key)
Remove a particular file from the stash.
Definition: UploadStash.php:370
UploadStash\$user
$user
Definition: UploadStash.php:76
UploadStash\$files
array $files
array of initialized repo objects
Definition: UploadStash.php:67
UploadStashFileNotFoundException
@newable
Definition: UploadStashFileNotFoundException.php:27
UploadStash\initFile
initFile( $key)
Helper function: Initialize the UploadStashFile for a given file.
Definition: UploadStash.php:551
UploadStash\fetchFileMetadata
fetchFileMetadata( $key, $readFromDB=DB_REPLICA)
Helper function: do the actual database query to fetch file metadata.
Definition: UploadStash.php:511
RequestContext\getMain
static getMain()
Get the RequestContext object associated with the main request.
Definition: RequestContext.php:476
unserialize
unserialize( $serialized)
Definition: ApiMessageTrait.php:146
$path
$path
Definition: NoLocalSettings.php:25
$keys
$keys
Definition: testCompression.php:72
UploadStash\clear
clear()
Remove all files from the stash.
Definition: UploadStash.php:340
UploadStash\$repo
LocalRepo $repo
repository that this uses to store temp files public because we sometimes need to get a LocalFile wit...
Definition: UploadStash.php:64
UploadStash\$isRegistered
$isRegistered
Definition: UploadStash.php:76
LocalRepo
A repository that stores files in the local filesystem and registers them in the wiki's own database.
Definition: LocalRepo.php:37
UploadStash\$fileMetadata
array $fileMetadata
cache of the file metadata that's stored in the database
Definition: UploadStash.php:70