MediaWiki  master
UploadStash.php
Go to the documentation of this file.
1 <?php
24 
55 class UploadStash {
56  // Format of the key for files -- has to be suitable as a filename itself (e.g. ab12cd34ef.jpg)
57  public const KEY_FORMAT_REGEX = '/^[\w\-\.]+\.\w*$/';
58  private const MAX_US_PROPS_SIZE = 65535;
59 
66  public $repo;
67 
69  protected $files = [];
70 
72  protected $fileMetadata = [];
73 
75  protected $fileProps = [];
76 
78  private $user;
79 
88  public function __construct( FileRepo $repo, UserIdentity $user = null ) {
89  // this might change based on wiki's configuration.
90  $this->repo = $repo;
91 
92  // if a user was passed, use it. otherwise, attempt to use the global request context.
93  // this keeps FileRepo from breaking when it creates an UploadStash object
94  $this->user = $user ?? RequestContext::getMain()->getUser();
95  }
96 
110  public function getFile( $key, $noAuth = false ) {
111  if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
112  throw new UploadStashBadPathException(
113  wfMessage( 'uploadstash-bad-path-bad-format', $key )
114  );
115  }
116 
117  if ( !$noAuth && !$this->user->isRegistered() ) {
119  wfMessage( 'uploadstash-not-logged-in' )
120  );
121  }
122 
123  if ( !isset( $this->fileMetadata[$key] ) ) {
124  if ( !$this->fetchFileMetadata( $key ) ) {
125  // If nothing was received, it's likely due to replication lag.
126  // Check the primary DB to see if the record is there.
127  $this->fetchFileMetadata( $key, DB_PRIMARY );
128  }
129 
130  if ( !isset( $this->fileMetadata[$key] ) ) {
132  wfMessage( 'uploadstash-file-not-found', $key )
133  );
134  }
135 
136  // create $this->files[$key]
137  $this->initFile( $key );
138 
139  // fetch fileprops
140  if ( strlen( $this->fileMetadata[$key]['us_props'] ) ) {
141  $this->fileProps[$key] = unserialize( $this->fileMetadata[$key]['us_props'] );
142  } else { // b/c for rows with no us_props
143  wfDebug( __METHOD__ . " fetched props for $key from file" );
144  $path = $this->fileMetadata[$key]['us_path'];
145  $this->fileProps[$key] = $this->repo->getFileProps( $path );
146  }
147  }
148 
149  if ( !$this->files[$key]->exists() ) {
150  wfDebug( __METHOD__ . " tried to get file at $key, but it doesn't exist" );
151  // @todo Is this not an UploadStashFileNotFoundException case?
152  throw new UploadStashBadPathException(
153  wfMessage( 'uploadstash-bad-path' )
154  );
155  }
156 
157  if ( !$noAuth && $this->fileMetadata[$key]['us_user'] != $this->user->getId() ) {
159  wfMessage( 'uploadstash-wrong-owner', $key )
160  );
161  }
162 
163  return $this->files[$key];
164  }
165 
172  public function getMetadata( $key ) {
173  $this->getFile( $key );
174 
175  return $this->fileMetadata[$key];
176  }
177 
184  public function getFileProps( $key ) {
185  $this->getFile( $key );
186 
187  return $this->fileProps[$key];
188  }
189 
202  public function stashFile( $path, $sourceType = null ) {
203  if ( !is_file( $path ) ) {
204  wfDebug( __METHOD__ . " tried to stash file at '$path', but it doesn't exist" );
205  throw new UploadStashBadPathException(
206  wfMessage( 'uploadstash-bad-path' )
207  );
208  }
209 
210  $mwProps = new MWFileProps( MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer() );
211  $fileProps = $mwProps->getPropsFromPath( $path, true );
212  wfDebug( __METHOD__ . " stashing file at '$path'" );
213 
214  // we will be initializing from some tmpnam files that don't have extensions.
215  // most of MediaWiki assumes all uploaded files have good extensions. So, we fix this.
216  $extension = self::getExtensionForPath( $path );
217  if ( !preg_match( "/\\.\\Q$extension\\E$/", $path ) ) {
218  $pathWithGoodExtension = "$path.$extension";
219  } else {
220  $pathWithGoodExtension = $path;
221  }
222 
223  // If no key was supplied, make one. a mysql insertid would be totally
224  // reasonable here, except that for historical reasons, the key is this
225  // random thing instead. At least it's not guessable.
226  // Some things that when combined will make a suitably unique key.
227  // see: http://www.jwz.org/doc/mid.html
228  list( $usec, $sec ) = explode( ' ', microtime() );
229  $usec = substr( $usec, 2 );
230  $key = Wikimedia\base_convert( $sec . $usec, 10, 36 ) . '.' .
231  Wikimedia\base_convert( mt_rand(), 10, 36 ) . '.' .
232  $this->user->getId() . '.' .
233  $extension;
234 
235  $this->fileProps[$key] = $fileProps;
236 
237  if ( !preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
238  throw new UploadStashBadPathException(
239  wfMessage( 'uploadstash-bad-path-bad-format', $key )
240  );
241  }
242 
243  wfDebug( __METHOD__ . " key for '$path': $key" );
244 
245  // if not already in a temporary area, put it there
246  $storeStatus = $this->repo->storeTemp( basename( $pathWithGoodExtension ), $path );
247 
248  if ( !$storeStatus->isOK() ) {
249  // It is a convention in MediaWiki to only return one error per API
250  // exception, even if multiple errors are available. We use reset()
251  // to pick the "first" thing that was wrong, preferring errors to
252  // warnings. This is a bit lame, as we may have more info in the
253  // $storeStatus and we're throwing it away, but to fix it means
254  // redesigning API errors significantly.
255  // $storeStatus->value just contains the virtual URL (if anything)
256  // which is probably useless to the caller.
257  $error = $storeStatus->getErrorsArray();
258  $error = reset( $error );
259  if ( !count( $error ) ) {
260  $error = $storeStatus->getWarningsArray();
261  $error = reset( $error );
262  if ( !count( $error ) ) {
263  $error = [ 'unknown', 'no error recorded' ];
264  }
265  }
266  // At this point, $error should contain the single "most important"
267  // error, plus any parameters.
268  $errorMsg = array_shift( $error );
269  throw new UploadStashFileException( wfMessage( $errorMsg, $error ) );
270  }
271  $stashPath = $storeStatus->value;
272 
273  // fetch the current user ID
274  if ( !$this->user->isRegistered() ) {
276  wfMessage( 'uploadstash-not-logged-in' )
277  );
278  }
279 
280  // insert the file metadata into the db.
281  wfDebug( __METHOD__ . " inserting $stashPath under $key" );
282  $dbw = $this->repo->getPrimaryDB();
283 
284  $serializedFileProps = serialize( $fileProps );
285  if ( strlen( $serializedFileProps ) > self::MAX_US_PROPS_SIZE ) {
286  // Database is going to truncate this and make the field invalid.
287  // Prioritize important metadata over file handler metadata.
288  // File handler should be prepared to regenerate invalid metadata if needed.
289  $fileProps['metadata'] = [];
290  $serializedFileProps = serialize( $fileProps );
291  }
292 
293  $insertRow = [
294  'us_user' => $this->user->getId(),
295  'us_key' => $key,
296  'us_orig_path' => $path,
297  'us_path' => $stashPath, // virtual URL
298  'us_props' => $dbw->encodeBlob( $serializedFileProps ),
299  'us_size' => $fileProps['size'],
300  'us_sha1' => $fileProps['sha1'],
301  'us_mime' => $fileProps['mime'],
302  'us_media_type' => $fileProps['media_type'],
303  'us_image_width' => $fileProps['width'],
304  'us_image_height' => $fileProps['height'],
305  'us_image_bits' => $fileProps['bits'],
306  'us_source_type' => $sourceType,
307  'us_timestamp' => $dbw->timestamp(),
308  'us_status' => 'finished'
309  ];
310 
311  $dbw->insert(
312  'uploadstash',
313  $insertRow,
314  __METHOD__
315  );
316 
317  // store the insertid in the class variable so immediate retrieval
318  // (possibly laggy) isn't necessary.
319  $insertRow['us_id'] = $dbw->insertId();
320 
321  $this->fileMetadata[$key] = $insertRow;
322 
323  # create the UploadStashFile object for this file.
324  $this->initFile( $key );
325 
326  return $this->getFile( $key );
327  }
328 
336  public function clear() {
337  if ( !$this->user->isRegistered() ) {
339  wfMessage( 'uploadstash-not-logged-in' )
340  );
341  }
342 
343  wfDebug( __METHOD__ . ' clearing all rows for user ' . $this->user->getId() );
344  $dbw = $this->repo->getPrimaryDB();
345  $dbw->delete(
346  'uploadstash',
347  [ 'us_user' => $this->user->getId() ],
348  __METHOD__
349  );
350 
351  # destroy objects.
352  $this->files = [];
353  $this->fileMetadata = [];
354 
355  return true;
356  }
357 
366  public function removeFile( $key ) {
367  if ( !$this->user->isRegistered() ) {
369  wfMessage( 'uploadstash-not-logged-in' )
370  );
371  }
372 
373  $dbw = $this->repo->getPrimaryDB();
374 
375  // this is a cheap query. it runs on the primary DB so that this function
376  // still works when there's lag. It won't be called all that often.
377  $row = $dbw->selectRow(
378  'uploadstash',
379  'us_user',
380  [ 'us_key' => $key ],
381  __METHOD__
382  );
383 
384  if ( !$row ) {
386  wfMessage( 'uploadstash-no-such-key', $key )
387  );
388  }
389 
390  if ( $row->us_user != $this->user->getId() ) {
392  wfMessage( 'uploadstash-wrong-owner', $key )
393  );
394  }
395 
396  return $this->removeFileNoAuth( $key );
397  }
398 
405  public function removeFileNoAuth( $key ) {
406  wfDebug( __METHOD__ . " clearing row $key" );
407 
408  // Ensure we have the UploadStashFile loaded for this key
409  $this->getFile( $key, true );
410 
411  $dbw = $this->repo->getPrimaryDB();
412 
413  $dbw->delete(
414  'uploadstash',
415  [ 'us_key' => $key ],
416  __METHOD__
417  );
418 
422  $this->files[$key]->remove();
423 
424  unset( $this->files[$key] );
425  unset( $this->fileMetadata[$key] );
426 
427  return true;
428  }
429 
436  public function listFiles() {
437  if ( !$this->user->isRegistered() ) {
439  wfMessage( 'uploadstash-not-logged-in' )
440  );
441  }
442 
443  $dbr = $this->repo->getReplicaDB();
444  $res = $dbr->select(
445  'uploadstash',
446  'us_key',
447  [ 'us_user' => $this->user->getId() ],
448  __METHOD__
449  );
450 
451  if ( !is_object( $res ) || $res->numRows() == 0 ) {
452  // nothing to do.
453  return false;
454  }
455 
456  // finish the read before starting writes.
457  $keys = [];
458  foreach ( $res as $row ) {
459  array_push( $keys, $row->us_key );
460  }
461 
462  return $keys;
463  }
464 
474  public static function getExtensionForPath( $path ) {
476  // Does this have an extension?
477  $n = strrpos( $path, '.' );
478 
479  if ( $n !== false ) {
480  $extension = $n ? substr( $path, $n + 1 ) : '';
481  } else {
482  // If not, assume that it should be related to the MIME type of the original file.
483  $magic = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer();
484  $mimeType = $magic->guessMimeType( $path );
485  $extension = $magic->getExtensionFromMimeTypeOrNull( $mimeType );
486  }
487 
488  $extension = File::normalizeExtension( $extension );
489  if ( in_array( $extension, $wgProhibitedFileExtensions ) ) {
490  // The file should already be checked for being evil.
491  // However, if somehow we got here, we definitely
492  // don't want to give it an extension of .php and
493  // put it in a web accessible directory.
494  return '';
495  }
496 
497  return $extension;
498  }
499 
507  protected function fetchFileMetadata( $key, $readFromDB = DB_REPLICA ) {
508  // populate $fileMetadata[$key]
509  $dbr = null;
510  if ( $readFromDB === DB_PRIMARY ) {
511  // sometimes reading from the primary DB is necessary, if there's replication lag.
512  $dbr = $this->repo->getPrimaryDB();
513  } else {
514  $dbr = $this->repo->getReplicaDB();
515  }
516 
517  $row = $dbr->selectRow(
518  'uploadstash',
519  [
520  'us_user', 'us_key', 'us_orig_path', 'us_path', 'us_props',
521  'us_size', 'us_sha1', 'us_mime', 'us_media_type',
522  'us_image_width', 'us_image_height', 'us_image_bits',
523  'us_source_type', 'us_timestamp', 'us_status',
524  ],
525  [ 'us_key' => $key ],
526  __METHOD__
527  );
528 
529  if ( !is_object( $row ) ) {
530  // key wasn't present in the database. this will happen sometimes.
531  return false;
532  }
533 
534  $this->fileMetadata[$key] = (array)$row;
535  $this->fileMetadata[$key]['us_props'] = $dbr->decodeBlob( $row->us_props );
536 
537  return true;
538  }
539 
547  protected function initFile( $key ) {
548  $file = new UploadStashFile( $this->repo, $this->fileMetadata[$key]['us_path'], $key );
549  if ( $file->getSize() === 0 ) {
551  wfMessage( 'uploadstash-zero-length' )
552  );
553  }
554  $this->files[$key] = $file;
555 
556  return true;
557  }
558 }
UploadStash\removeFileNoAuth
removeFileNoAuth( $key)
Remove a file (see removeFile), but doesn't check ownership first.
Definition: UploadStash.php:405
UploadStashNotLoggedInException
@newable
Definition: UploadStashNotLoggedInException.php:27
UploadStashBadPathException
@newable
Definition: UploadStashBadPathException.php:27
UploadStash\__construct
__construct(FileRepo $repo, UserIdentity $user=null)
Represents a temporary filestore, with metadata in the database.
Definition: UploadStash.php:88
UploadStash\KEY_FORMAT_REGEX
const KEY_FORMAT_REGEX
Definition: UploadStash.php:57
UploadStash\listFiles
listFiles()
List all files in the stash.
Definition: UploadStash.php:436
$wgProhibitedFileExtensions
$wgProhibitedFileExtensions
Files with these extensions will never be allowed as uploads.
Definition: DefaultSettings.php:1114
UploadStashWrongOwnerException
@newable
Definition: UploadStashWrongOwnerException.php:27
UploadStash
UploadStash is intended to accomplish a few things:
Definition: UploadStash.php:55
UploadStash\getExtensionForPath
static getExtensionForPath( $path)
Find or guess extension – ensuring that our extension matches our MIME type.
Definition: UploadStash.php:474
UploadStash\getFile
getFile( $key, $noAuth=false)
Get a file and its metadata from the stash.
Definition: UploadStash.php:110
UploadStash\getMetadata
getMetadata( $key)
Getter for file metadata.
Definition: UploadStash.php:172
UploadStash\stashFile
stashFile( $path, $sourceType=null)
Stash a file in a temp directory and record that we did this in the database, along with other metada...
Definition: UploadStash.php:202
$file
if(PHP_SAPI !='cli-server') if(!isset( $_SERVER['SCRIPT_FILENAME'])) $file
Item class for a filearchive table row.
Definition: router.php:42
UploadStashFile
Definition: UploadStashFile.php:24
wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition: GlobalFunctions.php:1182
UploadStashFileException
@newable
Definition: UploadStashFileException.php:27
$res
$res
Definition: testCompression.php:57
serialize
serialize()
Definition: ApiMessageTrait.php:138
UploadStash\$user
UserIdentity $user
Definition: UploadStash.php:78
MediaWiki\User\UserIdentity
Interface for objects representing user identity.
Definition: UserIdentity.php:39
$dbr
$dbr
Definition: testCompression.php:54
FileRepo
Base class for file repositories.
Definition: FileRepo.php:45
MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition: MediaWikiServices.php:252
UploadStash\$fileProps
array $fileProps
fileprops cache
Definition: UploadStash.php:75
UploadStash\getFileProps
getFileProps( $key)
Getter for fileProps.
Definition: UploadStash.php:184
File\normalizeExtension
static normalizeExtension( $extension)
Normalize a file extension to the common form, making it lowercase and checking some synonyms,...
Definition: File.php:254
UploadStashZeroLengthFileException
@newable
Definition: UploadStashZeroLengthFileException.php:27
MediaWiki
A helper class for throttling authentication attempts.
MWFileProps
MimeMagic helper wrapper.
Definition: MWFileProps.php:28
DB_REPLICA
const DB_REPLICA
Definition: defines.php:25
wfDebug
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Definition: GlobalFunctions.php:894
UploadStash\MAX_US_PROPS_SIZE
const MAX_US_PROPS_SIZE
Definition: UploadStash.php:58
UploadStashNoSuchKeyException
@newable
Definition: UploadStashNoSuchKeyException.php:27
UploadStash\removeFile
removeFile( $key)
Remove a particular file from the stash.
Definition: UploadStash.php:366
DB_PRIMARY
const DB_PRIMARY
Definition: defines.php:27
UploadStash\$files
array $files
array of initialized repo objects
Definition: UploadStash.php:69
UploadStashFileNotFoundException
@newable
Definition: UploadStashFileNotFoundException.php:27
UploadStash\initFile
initFile( $key)
Helper function: Initialize the UploadStashFile for a given file.
Definition: UploadStash.php:547
UploadStash\fetchFileMetadata
fetchFileMetadata( $key, $readFromDB=DB_REPLICA)
Helper function: do the actual database query to fetch file metadata.
Definition: UploadStash.php:507
RequestContext\getMain
static getMain()
Get the RequestContext object associated with the main request.
Definition: RequestContext.php:484
unserialize
unserialize( $serialized)
Definition: ApiMessageTrait.php:146
$path
$path
Definition: NoLocalSettings.php:25
$keys
$keys
Definition: testCompression.php:72
UploadStash\clear
clear()
Remove all files from the stash.
Definition: UploadStash.php:336
UploadStash\$repo
LocalRepo $repo
repository that this uses to store temp files public because we sometimes need to get a LocalFile wit...
Definition: UploadStash.php:66
LocalRepo
A repository that stores files in the local filesystem and registers them in the wiki's own database.
Definition: LocalRepo.php:41
UploadStash\$fileMetadata
array $fileMetadata
cache of the file metadata that's stored in the database
Definition: UploadStash.php:72