MediaWiki master
|
UploadBase and subclasses are the backend of MediaWiki's file uploads. More...
Inherited by UploadFromFile, UploadFromStash, and UploadFromUrl.
Public Member Functions | |
__construct () | |
canFetchFile () | |
Perform checks to see if the file can be fetched. | |
checkSvgScriptCallback ( $element, $attribs, $data=null) | |
checkWarnings ( $user=null) | |
Check for non fatal problems with the file. | |
cleanupTempFile () | |
If we've modified the upload file, then we need to manually remove it on exit to clean up. | |
convertVerifyErrorToStatus ( $error) | |
fetchFile () | |
Fetch the file. | |
getDesiredDestName () | |
Get the desired destination name. | |
getFileSize () | |
Return the file size. | |
getImageInfo ( $result=null) | |
Gets image info about the file just uploaded. | |
getLocalFile () | |
Return the local file and initializes if necessary. | |
getRealPath ( $srcPath) | |
getSourceType () | |
Returns the upload type. | |
getStashFile () | |
getTempFileSha1Base36 () | |
Get the base 36 SHA1 of the file. | |
getTempPath () | |
getTitle () | |
Returns the title of the file to be uploaded. | |
getVerificationErrorCode ( $error) | |
initializeFromRequest (&$request) | |
Initialize from a WebRequest. | |
initializePathInfo ( $name, $tempPath, $fileSize, $removeTempFile=false) | |
isEmptyFile () | |
Return true if the file is empty. | |
performUpload ( $comment, $pageText, $watch, $user, $tags=[], ?string $watchlistExpiry=null) | |
Really perform the upload. | |
postProcessUpload () | |
Perform extra steps after a successful upload. | |
tryStashFile (User $user, $isPartial=false) | |
Like stashFile(), but respects extensions' wishes to prevent the stashing. | |
validateName () | |
Verify that the name is valid and, if necessary, that we can overwrite. | |
verifyPermissions (Authority $performer) | |
Alias for verifyTitlePermissions. | |
verifyTitlePermissions (Authority $performer) | |
Check whether the user can edit, upload and create the image. | |
verifyUpload () | |
Verify whether the upload is sensible. | |
zipEntryCallback ( $entry) | |
Callback for ZipDirectoryReader to detect Java class files. | |
Static Public Member Functions | |
static | checkFileExtension ( $ext, $list) |
Perform case-insensitive match against a list of file extensions. | |
static | checkFileExtensionList ( $ext, $list) |
Perform case-insensitive match against a list of file extensions. | |
static | checkSvgExternalDTD ( $type, $publicId, $systemId) |
Verify that DTD URLs referenced are only the standard DTDs. | |
static | checkSvgPICallback ( $target, $data) |
Callback to filter SVG Processing Instructions. | |
static | checkXMLEncodingMissmatch ( $file) |
Check an allowed list of xml encodings that are known not to be interpreted differently by the server's xml parser (expat) and some common browsers. | |
static | createFromRequest (&$request, $type=null) |
Create a form of UploadBase depending on wpSourceType and initializes it. | |
static | detectScript ( $file, $mime, $extension) |
Heuristic for detecting files that could contain JavaScript instructions or things that may look like HTML to a browser and are thus potentially harmful. | |
static | detectVirus ( $file) |
Generic wrapper function for a virus scanner program. | |
static | getExistsWarning ( $file) |
Helper function that does various existence checks for a file. | |
static | getFilenamePrefixBlacklist () |
Get a list of disallowed filename prefixes from [[MediaWiki:Filename-prefix-blacklist]]. | |
static | getMaxPhpUploadSize () |
Get the PHP maximum uploaded file size, based on ini settings. | |
static | getMaxUploadSize ( $forType=null) |
Get MediaWiki's maximum uploaded file size for a given type of upload, based on $wgMaxUploadSize. | |
static | getSessionStatus (UserIdentity $user, $statusKey) |
Get the current status of a chunked upload (used for polling). | |
static | isAllowed (Authority $performer) |
Returns true if the user can use this upload module or else a string identifying the missing permission. | |
static | isEnabled () |
Returns true if uploads are enabled. | |
static | isThrottled ( $user) |
Returns true if the user has surpassed the upload rate limit, false otherwise. | |
static | isThumbName ( $filename) |
Helper function that checks whether the filename looks like a thumbnail. | |
static | isValidRequest ( $request) |
Check whether a request if valid for this handler. | |
static | makeWarningsSerializable ( $warnings) |
Convert the warnings array returned by checkWarnings() to something that can be serialized. | |
static | setSessionStatus (UserIdentity $user, $statusKey, $value) |
Set the current status of a chunked upload (used for polling). | |
static | splitExtensions ( $filename) |
Split a file into a base name and all dot-delimited 'extensions' on the end. | |
static | unserializeWarnings ( $warnings) |
Convert the serialized warnings array created by makeWarningsSerializable() back to the output of checkWarnings(). | |
static | userCanReUpload (Authority $performer, File $img) |
Check if a user is the last uploader. | |
static | verifyExtension ( $mime, $extension) |
Checks if the MIME type of the uploaded file matches the file extension. | |
Public Attributes | |
const | EMPTY_FILE = 3 |
const | FILE_TOO_LARGE = 12 |
const | FILENAME_TOO_LONG = 14 |
const | FILETYPE_BADTYPE = 9 |
const | FILETYPE_MISSING = 8 |
const | HOOK_ABORTED = 11 |
const | ILLEGAL_FILENAME = 5 |
const | MIN_LENGTH_PARTNAME = 4 |
const | OK = 0 |
const | OVERWRITE_EXISTING_FILE = 7 |
const | SUCCESS = 0 |
const | VERIFICATION_ERROR = 10 |
const | WINDOWS_NONASCII_FILENAME = 13 |
Protected Member Functions | |
detectScriptInSvg ( $filename, $partial) | |
doStashFile (User $user=null) | |
Implementation for stashFile() and tryStashFile(). | |
runUploadStashFileHook (User $user) | |
setTempFile ( $tempPath, $fileSize=null) | |
verifyFile () | |
Verifies that it's ok to include the uploaded file. | |
verifyMimeType ( $mime) | |
Verify the MIME type. | |
verifyPartialFile () | |
A verification routine suitable for partial files. | |
Protected Attributes | |
string[] | $mBlackListedExtensions |
string null | $mDesiredDestName |
string null | $mDestName |
array null | $mFileProps |
int null | $mFileSize |
string null | $mFilteredName |
string null | $mFinalExtension |
bool null | $mJavaDetected |
LocalFile null | $mLocalFile |
bool null | $mRemoveTempFile |
string null | $mSourceType |
UploadStashFile null | $mStashFile |
string false | $mSVGNSError |
string null | $mTempPath |
Local file system path to the file to upload (or a local copy) | |
Title false null | $mTitle = false |
int | $mTitleError = 0 |
TempFSFile null | $tempFileObj |
Wrapper to handle deleting the temp file. | |
Static Protected Attributes | |
static | $safeXmlEncodings |
UploadBase and subclasses are the backend of MediaWiki's file uploads.
The frontends are formed by ApiUpload and SpecialUpload.
Definition at line 60 of file UploadBase.php.
UploadBase::__construct | ( | ) |
Definition at line 262 of file UploadBase.php.
UploadBase::canFetchFile | ( | ) |
Perform checks to see if the file can be fetched.
Usually a no-op.
Reimplemented in UploadFromUrl.
Definition at line 331 of file UploadBase.php.
|
static |
Perform case-insensitive match against a list of file extensions.
string | $ext | File extension |
array | $list |
Definition at line 1283 of file UploadBase.php.
|
static |
Perform case-insensitive match against a list of file extensions.
Returns an array of matching extensions.
string[] | $ext | File extensions |
string[] | $list |
Definition at line 1295 of file UploadBase.php.
Referenced by MediaWiki\Output\StreamFile\contentTypeFromPath().
|
static |
Verify that DTD URLs referenced are only the standard DTDs.
Browsers seem to ignore external DTDs.
However, just to be on the safe side, only allow DTDs from the SVG standard.
string | $type | PUBLIC or SYSTEM |
string | $publicId | The well-known public identifier for the dtd |
string | $systemId | The url for the external dtd |
Definition at line 1588 of file UploadBase.php.
|
static |
Callback to filter SVG Processing Instructions.
string | $target | Processing instruction name |
string | $data | Processing instruction attribute and value |
Definition at line 1567 of file UploadBase.php.
UploadBase::checkSvgScriptCallback | ( | $element, | |
$attribs, | |||
$data = null ) |
string | $element | |
array | $attribs | |
string | null | $data |
Definition at line 1615 of file UploadBase.php.
References wfDebug().
UploadBase::checkWarnings | ( | $user = null | ) |
Check for non fatal problems with the file.
This should not assume that mTempPath is set.
User | null | $user | Accepted since 1.35 |
Definition at line 694 of file UploadBase.php.
References getLocalFile(), and getTempFileSha1Base36().
Referenced by AssembleUploadChunksJob\run().
|
static |
Check an allowed list of xml encodings that are known not to be interpreted differently by the server's xml parser (expat) and some common browsers.
string | $file | Pathname to the temporary upload file |
Definition at line 1472 of file UploadBase.php.
UploadBase::cleanupTempFile | ( | ) |
If we've modified the upload file, then we need to manually remove it on exit to clean up.
Definition at line 1245 of file UploadBase.php.
References wfDebug().
Referenced by AssembleUploadChunksJob\run().
UploadBase::convertVerifyErrorToStatus | ( | $error | ) |
array | $error |
Definition at line 2232 of file UploadBase.php.
References getVerificationErrorCode().
|
static |
Create a form of UploadBase depending on wpSourceType and initializes it.
WebRequest | &$request | |
string | null | $type |
Definition at line 206 of file UploadBase.php.
References wfDebug().
|
static |
Heuristic for detecting files that could contain JavaScript instructions or things that may look like HTML to a browser and are thus potentially harmful.
The present implementation will produce false positives in some situations.
string | null | $file | Pathname to the temporary upload file |
string | $mime | The MIME type of the file |
string | null | $extension | The extension of the file |
Definition at line 1359 of file UploadBase.php.
References wfDebug().
|
protected |
string | $filename | |
bool | $partial |
Definition at line 1533 of file UploadBase.php.
Referenced by verifyFile(), and verifyPartialFile().
|
static |
Generic wrapper function for a virus scanner program.
This relies on the $wgAntivirus and $wgAntivirusSetup variables. $wgAntivirusRequired may be used to deny upload if the scan fails.
string | $file | Pathname to the temporary upload file |
Definition at line 1932 of file UploadBase.php.
References $wgOut, AV_NO_VIRUS, AV_SCAN_ABORTED, AV_SCAN_FAILED, wfDebug(), wfMessage(), and wfShellExecWithStderr().
|
protected |
Implementation for stashFile() and tryStashFile().
User | null | $user |
Reimplemented in UploadFromChunks.
Definition at line 1232 of file UploadBase.php.
References getSourceType().
Referenced by tryStashFile().
UploadBase::fetchFile | ( | ) |
Fetch the file.
Usually a no-op.
Definition at line 322 of file UploadBase.php.
UploadBase::getDesiredDestName | ( | ) |
|
static |
Helper function that does various existence checks for a file.
The following checks are performed:
Definition at line 2087 of file UploadBase.php.
|
static |
Get a list of disallowed filename prefixes from [[MediaWiki:Filename-prefix-blacklist]].
Definition at line 2191 of file UploadBase.php.
References $lines, and wfMessage().
UploadBase::getFileSize | ( | ) |
UploadBase::getImageInfo | ( | $result = null | ) |
Gets image info about the file just uploaded.
?ApiResult | $result | unused since 1.42 |
Definition at line 2223 of file UploadBase.php.
References ApiUpload\getDummyInstance().
UploadBase::getLocalFile | ( | ) |
Return the local file and initializes if necessary.
Definition at line 1166 of file UploadBase.php.
References getTitle().
Referenced by checkWarnings(), performUpload(), and validateName().
|
static |
Get the PHP maximum uploaded file size, based on ini settings.
If there is no limit or the limit can't be guessed, return a very large number (PHP_INT_MAX) instead.
Definition at line 2265 of file UploadBase.php.
References wfShorthandToInteger().
|
static |
Get MediaWiki's maximum uploaded file size for a given type of upload, based on $wgMaxUploadSize.
null | string | $forType |
Definition at line 2246 of file UploadBase.php.
Referenced by UploadFromChunks\addChunk().
UploadBase::getRealPath | ( | $srcPath | ) |
string | $srcPath | The source path |
Definition at line 368 of file UploadBase.php.
References $path, and FileRepo\isVirtualUrl().
Referenced by UploadFromChunks\continueChunks(), and UploadFromStash\initialize().
|
static |
Get the current status of a chunked upload (used for polling).
This should only be called during POST requests since we fetch from dc-local MainStash, and from a GET request we can't know that the value is available or up-to-date.
UserIdentity | $user | |
string | $statusKey |
Definition at line 2288 of file UploadBase.php.
UploadBase::getSourceType | ( | ) |
Returns the upload type.
Should be overridden by child classes.
Reimplemented in UploadFromFile, UploadFromStash, and UploadFromUrl.
Definition at line 272 of file UploadBase.php.
Referenced by doStashFile(), and verifyUpload().
UploadBase::getStashFile | ( | ) |
Definition at line 1180 of file UploadBase.php.
Referenced by AssembleUploadChunksJob\run().
UploadBase::getTempFileSha1Base36 | ( | ) |
Get the base 36 SHA1 of the file.
Reimplemented in UploadFromStash.
Definition at line 356 of file UploadBase.php.
Referenced by checkWarnings().
UploadBase::getTempPath | ( | ) |
Definition at line 1256 of file UploadBase.php.
UploadBase::getTitle | ( | ) |
Returns the title of the file to be uploaded.
Sets mTitleError in case the name was illegal.
Definition at line 1023 of file UploadBase.php.
References $mTitle, MediaWiki\Title\Title\getDBkey(), NS_FILE, and wfStripIllegalFilenameChars().
UploadBase::getVerificationErrorCode | ( | $error | ) |
int | $error |
Definition at line 148 of file UploadBase.php.
Referenced by UploadFromChunks\concatenateChunks(), and convertVerifyErrorToStatus().
|
abstract |
Initialize from a WebRequest.
Override this in a subclass.
WebRequest | &$request |
Reimplemented in UploadFromFile, UploadFromStash, and UploadFromUrl.
UploadBase::initializePathInfo | ( | $name, | |
$tempPath, | |||
$fileSize, | |||
$removeTempFile = false ) |
string | $name | The desired destination name |
string | null | $tempPath | Callers should make sure this is not a storage path |
int | null | $fileSize | |
bool | $removeTempFile | (false) remove the temporary file? |
Definition at line 282 of file UploadBase.php.
References setTempFile().
Referenced by UploadFromChunks\continueChunks(), UploadFromStash\initialize(), and UploadFromFile\initialize().
|
static |
Returns true if the user can use this upload module or else a string identifying the missing permission.
Can be overridden by subclasses.
Authority | $performer |
Reimplemented in UploadFromUrl.
Definition at line 172 of file UploadBase.php.
References MediaWiki\Permissions\Authority\isAllowed().
UploadBase::isEmptyFile | ( | ) |
Return true if the file is empty.
Definition at line 339 of file UploadBase.php.
Referenced by verifyUpload(), and UploadFromFile\verifyUpload().
|
static |
Returns true if uploads are enabled.
Can be override by subclasses.
Reimplemented in UploadFromUrl.
Definition at line 158 of file UploadBase.php.
References wfIniGetBool().
|
static |
Returns true if the user has surpassed the upload rate limit, false otherwise.
User | $user |
Definition at line 191 of file UploadBase.php.
References wfDeprecated().
|
static |
Helper function that checks whether the filename looks like a thumbnail.
string | $filename |
Definition at line 2176 of file UploadBase.php.
|
static |
Check whether a request if valid for this handler.
WebRequest | $request |
Reimplemented in UploadFromFile, UploadFromStash, and UploadFromUrl.
Definition at line 247 of file UploadBase.php.
|
static |
Convert the warnings array returned by checkWarnings() to something that can be serialized.
File objects will be converted to an associative array with the following keys:
mixed[] | $warnings |
Definition at line 758 of file UploadBase.php.
UploadBase::performUpload | ( | $comment, | |
$pageText, | |||
$watch, | |||
$user, | |||
$tags = [], | |||
?string | $watchlistExpiry = null ) |
Really perform the upload.
Stores the file in the local repo, watches if necessary and runs the UploadComplete hook.
string | $comment | |
string | false | $pageText | |
bool | $watch | Whether the file page should be added to user's watchlist. (This doesn't check $user's permissions.) |
User | $user | |
string[] | $tags | Change tags to add to the log entry and page revision. (This doesn't check $user's permissions.) |
string | null | $watchlistExpiry | Optional watchlist expiry timestamp in any format acceptable to wfTimestamp(). |
Definition at line 966 of file UploadBase.php.
References getLocalFile(), getTitle(), and postProcessUpload().
UploadBase::postProcessUpload | ( | ) |
Perform extra steps after a successful upload.
Reimplemented in UploadFromStash.
Definition at line 1014 of file UploadBase.php.
Referenced by performUpload().
|
protected |
User | $user |
Definition at line 1215 of file UploadBase.php.
Referenced by UploadFromChunks\concatenateChunks(), and tryStashFile().
|
static |
Set the current status of a chunked upload (used for polling).
The value will be set in cache for 1 day.
This should only be called during POST requests.
UserIdentity | $user | |
string | $statusKey | |
array | false | $value |
Definition at line 2307 of file UploadBase.php.
References MediaWiki\User\UserIdentity\getName().
|
protected |
string | null | $tempPath | File system path to temporary file containing the upload |
int | null | $fileSize |
Definition at line 303 of file UploadBase.php.
Referenced by UploadFromChunks\concatenateChunks(), and initializePathInfo().
|
static |
Split a file into a base name and all dot-delimited 'extensions' on the end.
Some web server configurations will fall back to earlier pseudo-'extensions' to determine type and execute scripts, so we need to check them all.
string | $filename |
Definition at line 1269 of file UploadBase.php.
Referenced by MediaWiki\Output\StreamFile\contentTypeFromPath().
UploadBase::tryStashFile | ( | User | $user, |
$isPartial = false ) |
Like stashFile(), but respects extensions' wishes to prevent the stashing.
verifyUpload() must be called before calling this method (unless $isPartial is true).
Upload stash exceptions are also caught and converted to an error status.
User | $user | |
bool | $isPartial | Pass true if this is a part of a chunked upload (not a complete file). |
Reimplemented in UploadFromChunks.
Definition at line 1196 of file UploadBase.php.
References doStashFile(), and runUploadStashFileHook().
|
static |
Convert the serialized warnings array created by makeWarningsSerializable() back to the output of checkWarnings().
mixed[] | $warnings |
Definition at line 781 of file UploadBase.php.
Check if a user is the last uploader.
Authority | $performer | |
File | $img |
Definition at line 2060 of file UploadBase.php.
UploadBase::validateName | ( | ) |
Verify that the name is valid and, if necessary, that we can overwrite.
Definition at line 452 of file UploadBase.php.
References getLocalFile(), and getTitle().
Referenced by verifyUpload().
|
static |
Checks if the MIME type of the uploaded file matches the file extension.
string | $mime | The MIME type of the uploaded file |
string | $extension | The filename extension that the file is to be served with |
Definition at line 1306 of file UploadBase.php.
References wfDebug().
|
protected |
Verifies that it's ok to include the uploaded file.
Definition at line 500 of file UploadBase.php.
References detectScriptInSvg(), verifyPartialFile(), and wfDebug().
Referenced by verifyUpload().
|
protected |
Verify the MIME type.
string | $mime | Representing the MIME |
Definition at line 481 of file UploadBase.php.
References wfDebug().
Referenced by verifyPartialFile().
|
protected |
A verification routine suitable for partial files.
Runs the deny list checks, but not any checks that may assume the entire file is present.
Definition at line 569 of file UploadBase.php.
References detectScriptInSvg(), getTitle(), and verifyMimeType().
Referenced by verifyFile().
UploadBase::verifyPermissions | ( | Authority | $performer | ) |
Alias for verifyTitlePermissions.
The function was originally 'verifyPermissions', but that suggests it's checking the user, when it's really checking the title + user combination.
Authority | $performer | to verify the permissions against |
Definition at line 645 of file UploadBase.php.
References verifyTitlePermissions().
UploadBase::verifyTitlePermissions | ( | Authority | $performer | ) |
Check whether the user can edit, upload and create the image.
This checks only against the current title; if it returns errors, it may very well be that another title will not give errors. Therefore isAllowed() should be called as well for generic is-user-blocked or can-user-upload checking.
Authority | $performer | to verify the permissions against |
Definition at line 660 of file UploadBase.php.
References MediaWiki\Permissions\Authority\authorizeWrite(), and getTitle().
Referenced by verifyPermissions().
UploadBase::verifyUpload | ( | ) |
Verify whether the upload is sensible.
Return a status array representing the outcome of the verification. Possible keys are:
Reimplemented in UploadFromFile.
Definition at line 403 of file UploadBase.php.
References getSourceType(), isEmptyFile(), validateName(), and verifyFile().
UploadBase::zipEntryCallback | ( | $entry | ) |
Callback for ZipDirectoryReader to detect Java class files.
array | $entry |
Definition at line 616 of file UploadBase.php.
|
protected |
Definition at line 92 of file UploadBase.php.
|
protected |
Definition at line 68 of file UploadBase.php.
|
protected |
Definition at line 70 of file UploadBase.php.
|
protected |
Definition at line 90 of file UploadBase.php.
|
protected |
Definition at line 88 of file UploadBase.php.
|
protected |
Definition at line 80 of file UploadBase.php.
|
protected |
Definition at line 82 of file UploadBase.php.
|
protected |
Definition at line 94 of file UploadBase.php.
|
protected |
Definition at line 84 of file UploadBase.php.
|
protected |
Definition at line 72 of file UploadBase.php.
|
protected |
Definition at line 74 of file UploadBase.php.
|
protected |
Definition at line 86 of file UploadBase.php.
Referenced by UploadFromChunks\doStashFile().
|
protected |
Definition at line 96 of file UploadBase.php.
|
protected |
Local file system path to the file to upload (or a local copy)
Definition at line 64 of file UploadBase.php.
Referenced by UploadFromChunks\addChunk().
|
protected |
Definition at line 76 of file UploadBase.php.
|
protected |
Definition at line 78 of file UploadBase.php.
|
staticprotected |
Definition at line 98 of file UploadBase.php.
|
protected |
Wrapper to handle deleting the temp file.
Definition at line 66 of file UploadBase.php.
const UploadBase::EMPTY_FILE = 3 |
Definition at line 118 of file UploadBase.php.
const UploadBase::FILE_TOO_LARGE = 12 |
Definition at line 126 of file UploadBase.php.
Referenced by UploadFromFile\verifyUpload().
const UploadBase::FILENAME_TOO_LONG = 14 |
Definition at line 128 of file UploadBase.php.
const UploadBase::FILETYPE_BADTYPE = 9 |
Definition at line 123 of file UploadBase.php.
const UploadBase::FILETYPE_MISSING = 8 |
Definition at line 122 of file UploadBase.php.
const UploadBase::HOOK_ABORTED = 11 |
Definition at line 125 of file UploadBase.php.
const UploadBase::ILLEGAL_FILENAME = 5 |
Definition at line 120 of file UploadBase.php.
const UploadBase::MIN_LENGTH_PARTNAME = 4 |
Definition at line 119 of file UploadBase.php.
const UploadBase::OK = 0 |
Definition at line 117 of file UploadBase.php.
Referenced by UploadFromChunks\concatenateChunks().
const UploadBase::OVERWRITE_EXISTING_FILE = 7 |
Definition at line 121 of file UploadBase.php.
const UploadBase::SUCCESS = 0 |
Definition at line 116 of file UploadBase.php.
const UploadBase::VERIFICATION_ERROR = 10 |
Definition at line 124 of file UploadBase.php.
const UploadBase::WINDOWS_NONASCII_FILENAME = 13 |
Definition at line 127 of file UploadBase.php.