UploadBase and subclasses are the backend of MediaWiki's file uploads. More...
Public Member Functions | |
| __construct () | |
| checkSvgScriptCallback ( $element, $attribs, $data=null) | |
| checkWarnings ( $user=null) | |
| Check for non fatal problems with the file. More... | |
| cleanupTempFile () | |
| If we've modified the upload file, then we need to manually remove it on exit to clean up. More... | |
| convertVerifyErrorToStatus ( $error) | |
| fetchFile () | |
| Fetch the file. More... | |
| getFileSize () | |
| Return the file size. More... | |
| getImageInfo ( $result) | |
| Gets image info about the file just uploaded. More... | |
| getLocalFile () | |
| Return the local file and initializes if necessary. More... | |
| getRealPath ( $srcPath) | |
| getSourceType () | |
| Returns the upload type. More... | |
| getStashFile () | |
| getTempFileSha1Base36 () | |
| Get the base 36 SHA1 of the file. More... | |
| getTempPath () | |
| getTitle () | |
| Returns the title of the file to be uploaded. More... | |
| getVerificationErrorCode ( $error) | |
| initializeFromRequest (&$request) | |
| Initialize from a WebRequest. More... | |
| initializePathInfo ( $name, $tempPath, $fileSize, $removeTempFile=false) | |
| isEmptyFile () | |
| Return true if the file is empty. More... | |
| performUpload ( $comment, $pageText, $watch, $user, $tags=[], ?string $watchlistExpiry=null) | |
| Really perform the upload. More... | |
| postProcessUpload () | |
| Perform extra steps after a successful upload. More... | |
| tryStashFile (User $user, $isPartial=false) | |
| Like stashFile(), but respects extensions' wishes to prevent the stashing. More... | |
| validateName () | |
| Verify that the name is valid and, if necessary, that we can overwrite. More... | |
| verifyPermissions (Authority $performer) | |
| Alias for verifyTitlePermissions. More... | |
| verifyTitlePermissions (Authority $performer) | |
| Check whether the user can edit, upload and create the image. More... | |
| verifyUpload () | |
| Verify whether the upload is sensible. More... | |
| zipEntryCallback ( $entry) | |
| Callback for ZipDirectoryReader to detect Java class files. More... | |
Static Public Member Functions | |
| static | checkFileExtension ( $ext, $list) |
| Perform case-insensitive match against a list of file extensions. More... | |
| static | checkFileExtensionList ( $ext, $list) |
| Perform case-insensitive match against a list of file extensions. More... | |
| static | checkSvgExternalDTD ( $type, $publicId, $systemId) |
| Verify that DTD URLs referenced are only the standard DTDs. More... | |
| static | checkSvgPICallback ( $target, $data) |
| Callback to filter SVG Processing Instructions. More... | |
| static | checkXMLEncodingMissmatch ( $file) |
| Check an allowed list of xml encodings that are known not to be interpreted differently by the server's xml parser (expat) and some common browsers. More... | |
| static | createFromRequest (&$request, $type=null) |
| Create a form of UploadBase depending on wpSourceType and initializes it. More... | |
| static | detectScript ( $file, $mime, $extension) |
| Heuristic for detecting files that could contain JavaScript instructions or things that may look like HTML to a browser and are thus potentially harmful. More... | |
| static | detectVirus ( $file) |
| Generic wrapper function for a virus scanner program. More... | |
| static | getExistsWarning ( $file) |
| Helper function that does various existence checks for a file. More... | |
| static | getFilenamePrefixBlacklist () |
| Get a list of disallowed filename prefixes from [[MediaWiki:Filename-prefix-blacklist]]. More... | |
| static | getMaxPhpUploadSize () |
| Get the PHP maximum uploaded file size, based on ini settings. More... | |
| static | getMaxUploadSize ( $forType=null) |
| Get MediaWiki's maximum uploaded file size for a given type of upload, based on $wgMaxUploadSize. More... | |
| static | getSessionStatus (UserIdentity $user, $statusKey) |
| Get the current status of a chunked upload (used for polling). More... | |
| static | isAllowed (Authority $performer) |
| Returns true if the user can use this upload module or else a string identifying the missing permission. More... | |
| static | isEnabled () |
| Returns true if uploads are enabled. More... | |
| static | isThrottled ( $user) |
| Returns true if the user has surpassed the upload rate limit, false otherwise. More... | |
| static | isThumbName ( $filename) |
| Helper function that checks whether the filename looks like a thumbnail. More... | |
| static | isValidRequest ( $request) |
| Check whether a request if valid for this handler. More... | |
| static | makeWarningsSerializable ( $warnings) |
| Convert the warnings array returned by checkWarnings() to something that can be serialized. More... | |
| static | setSessionStatus (UserIdentity $user, $statusKey, $value) |
| Set the current status of a chunked upload (used for polling). More... | |
| static | splitExtensions ( $filename) |
| Split a file into a base name and all dot-delimited 'extensions' on the end. More... | |
| static | userCanReUpload (Authority $performer, File $img) |
| Check if a user is the last uploader. More... | |
| static | verifyExtension ( $mime, $extension) |
| Checks if the MIME type of the uploaded file matches the file extension. More... | |
Public Attributes | |
| const | EMPTY_FILE = 3 |
| const | FILE_TOO_LARGE = 12 |
| const | FILENAME_TOO_LONG = 14 |
| const | FILETYPE_BADTYPE = 9 |
| const | FILETYPE_MISSING = 8 |
| const | HOOK_ABORTED = 11 |
| const | ILLEGAL_FILENAME = 5 |
| const | MIN_LENGTH_PARTNAME = 4 |
| const | OK = 0 |
| const | OVERWRITE_EXISTING_FILE = 7 |
| const | SUCCESS = 0 |
| const | VERIFICATION_ERROR = 10 |
| const | WINDOWS_NONASCII_FILENAME = 13 |
Protected Member Functions | |
| detectScriptInSvg ( $filename, $partial) | |
| doStashFile (User $user=null) | |
| Implementation for stashFile() and tryStashFile(). More... | |
| runUploadStashFileHook (User $user) | |
| setTempFile ( $tempPath, $fileSize=null) | |
| verifyFile () | |
| Verifies that it's ok to include the uploaded file. More... | |
| verifyMimeType ( $mime) | |
| Verify the MIME type. More... | |
| verifyPartialFile () | |
| A verification routine suitable for partial files. More... | |
Protected Attributes | |
| string[] | $mBlackListedExtensions |
| string null | $mDesiredDestName |
| string null | $mDestName |
| array null | $mFileProps |
| int null | $mFileSize |
| string null | $mFilteredName |
| string null | $mFinalExtension |
| bool null | $mJavaDetected |
| LocalFile null | $mLocalFile |
| bool null | $mRemoveTempFile |
| string null | $mSourceType |
| UploadStashFile null | $mStashFile |
| string false | $mSVGNSError |
| string null | $mTempPath |
| Local file system path to the file to upload (or a local copy) More... | |
| Title false null | $mTitle = false |
| int | $mTitleError = 0 |
| TempFSFile null | $tempFileObj |
| Wrapper to handle deleting the temp file. More... | |
Static Protected Attributes | |
| static | $safeXmlEncodings |
Detailed Description
UploadBase and subclasses are the backend of MediaWiki's file uploads.
The frontends are formed by ApiUpload and SpecialUpload.
- Stability: stable
- to extend
Definition at line 55 of file UploadBase.php.
Constructor & Destructor Documentation
◆ __construct()
| UploadBase::__construct | ( | ) |
- Stability: stable
- to call
Definition at line 245 of file UploadBase.php.
Member Function Documentation
◆ checkFileExtension()
|
static |
Perform case-insensitive match against a list of file extensions.
- Parameters
-
string $ext File extension array $list
- Returns
- bool Returns true if the extension is in the list.
Definition at line 1222 of file UploadBase.php.
References $ext.
◆ checkFileExtensionList()
|
static |
Perform case-insensitive match against a list of file extensions.
Returns an array of matching extensions.
- Parameters
-
string[] $ext File extensions string[] $list
- Returns
- string[]
Definition at line 1234 of file UploadBase.php.
References $ext.
Referenced by MediaWiki\Output\StreamFile\contentTypeFromPath(), and getTitle().
◆ checkSvgExternalDTD()
|
static |
Verify that DTD URLs referenced are only the standard DTDs.
Browsers seem to ignore external DTDs.
However, just to be on the safe side, only allow DTDs from the SVG standard.
- Parameters
-
string $type PUBLIC or SYSTEM string $publicId The well-known public identifier for the dtd string $systemId The url for the external dtd
- Returns
- bool|array
Definition at line 1525 of file UploadBase.php.
◆ checkSvgPICallback()
|
static |
Callback to filter SVG Processing Instructions.
- Parameters
-
string $target Processing instruction name string $data Processing instruction attribute and value
- Returns
- bool|array
Definition at line 1504 of file UploadBase.php.
◆ checkSvgScriptCallback()
| UploadBase::checkSvgScriptCallback | ( | $element, | |
| $attribs, | |||
$data = null |
|||
| ) |
- Todo:
- Replace this with a allow list filter!
- Parameters
-
string $element array $attribs string | null $data
- Returns
- bool|array
Definition at line 1552 of file UploadBase.php.
References wfDebug().
◆ checkWarnings()
| UploadBase::checkWarnings | ( | $user = null | ) |
Check for non fatal problems with the file.
This should not assume that mTempPath is set.
- Parameters
-
User | null $user Accepted since 1.35
- Returns
- mixed[] Array of warnings
Definition at line 656 of file UploadBase.php.
References getLocalFile(), RequestContext\getMain(), and getTempFileSha1Base36().
◆ checkXMLEncodingMissmatch()
|
static |
Check an allowed list of xml encodings that are known not to be interpreted differently by the server's xml parser (expat) and some common browsers.
- Parameters
-
string $file Pathname to the temporary upload file
- Returns
- bool True if the file contains an encoding that could be misinterpreted
Definition at line 1411 of file UploadBase.php.
◆ cleanupTempFile()
| UploadBase::cleanupTempFile | ( | ) |
If we've modified the upload file, then we need to manually remove it on exit to clean up.
Definition at line 1184 of file UploadBase.php.
References wfDebug().
◆ convertVerifyErrorToStatus()
| UploadBase::convertVerifyErrorToStatus | ( | $error | ) |
- Parameters
-
array $error
- Returns
- Status
Definition at line 2182 of file UploadBase.php.
References getVerificationErrorCode().
◆ createFromRequest()
|
static |
Create a form of UploadBase depending on wpSourceType and initializes it.
- Parameters
-
WebRequest &$request string | null $type
- Returns
- null|self
Definition at line 197 of file UploadBase.php.
References wfDebug().
Referenced by MediaWiki\Specials\SpecialUpload\loadRequest().
◆ detectScript()
|
static |
Heuristic for detecting files that could contain JavaScript instructions or things that may look like HTML to a browser and are thus potentially harmful.
The present implementation will produce false positives in some situations.
- Parameters
-
string | null $file Pathname to the temporary upload file string $mime The MIME type of the file string | null $extension The extension of the file
- Returns
- bool True if the file contains something looking like embedded scripts
Definition at line 1298 of file UploadBase.php.
◆ detectScriptInSvg()
|
protected |
- Parameters
-
string $filename bool $partial
- Returns
- bool|array
Definition at line 1470 of file UploadBase.php.
References $mSVGNSError.
Referenced by verifyFile(), and verifyPartialFile().
◆ detectVirus()
|
static |
Generic wrapper function for a virus scanner program.
This relies on the $wgAntivirus and $wgAntivirusSetup variables. $wgAntivirusRequired may be used to deny upload if the scan fails.
- Parameters
-
string $file Pathname to the temporary upload file
- Returns
- bool|null|string False if not virus is found, null if the scan fails or is disabled, or a string containing feedback from the virus scanner if a virus was found. If textual feedback is missing but a virus was found, this function returns true.
Definition at line 1869 of file UploadBase.php.
References $file, $wgOut, AV_NO_VIRUS, AV_SCAN_ABORTED, AV_SCAN_FAILED, wfDebug(), wfMessage(), and wfShellExecWithStderr().
Referenced by verifyPartialFile().
◆ doStashFile()
|
protected |
Implementation for stashFile() and tryStashFile().
- Stability: stable
- to override
- Parameters
-
User | null $user
- Returns
- UploadStashFile Stashed file
Reimplemented in UploadFromChunks.
Definition at line 1171 of file UploadBase.php.
References $file, and getSourceType().
Referenced by tryStashFile().
◆ fetchFile()
| UploadBase::fetchFile | ( | ) |
Fetch the file.
Usually a no-op.
- Stability: stable
- to override
- Returns
- Status
Definition at line 305 of file UploadBase.php.
◆ getExistsWarning()
|
static |
Helper function that does various existence checks for a file.
The following checks are performed:
- If the file exists
- If an article with the same name as the file exists
- If a file exists with normalized extension
- If the file looks like a thumbnail and the original exists
- Returns
- array|false False if the file does not exist, else an array
Definition at line 2024 of file UploadBase.php.
Referenced by ApiQueryImageInfo\getInfo().
◆ getFilenamePrefixBlacklist()
|
static |
Get a list of disallowed filename prefixes from [[MediaWiki:Filename-prefix-blacklist]].
- Returns
- string[] List of prefixes
Definition at line 2128 of file UploadBase.php.
References $lines, and wfMessage().
◆ getFileSize()
| UploadBase::getFileSize | ( | ) |
Return the file size.
- Returns
- int
Definition at line 321 of file UploadBase.php.
References $mFileSize.
◆ getImageInfo()
| UploadBase::getImageInfo | ( | $result | ) |
Gets image info about the file just uploaded.
Also has the effect of setting metadata to be an 'indexed tag name' in returned API result if 'metadata' was requested. Oddly, we have to pass the "result" object down just so it can do that with the appropriate format, presumably.
- Parameters
-
ApiResult $result
- Returns
- array Image info
Definition at line 2162 of file UploadBase.php.
References ApiQueryImageInfo\getInfo(), getLocalFile(), ApiQueryImageInfo\getPropertyNames(), ApiQueryStashImageInfo\getPropertyNames(), and getStashFile().
◆ getLocalFile()
| UploadBase::getLocalFile | ( | ) |
Return the local file and initializes if necessary.
- Stability: stable
- to override
- Returns
- LocalFile|null
Definition at line 1105 of file UploadBase.php.
References $mLocalFile, and getTitle().
Referenced by checkWarnings(), getImageInfo(), performUpload(), and validateName().
◆ getMaxPhpUploadSize()
|
static |
Get the PHP maximum uploaded file size, based on ini settings.
If there is no limit or the limit can't be guessed, return a very large number (PHP_INT_MAX) instead.
- Since
- 1.27
- Returns
- int
Definition at line 2215 of file UploadBase.php.
References wfShorthandToInteger().
Referenced by ApiUpload\getMinUploadChunkSize(), and UploadForm\getSourceSection().
◆ getMaxUploadSize()
|
static |
Get MediaWiki's maximum uploaded file size for a given type of upload, based on $wgMaxUploadSize.
- Parameters
-
null | string $forType
- Returns
- int
Definition at line 2196 of file UploadBase.php.
Referenced by UploadFromChunks\addChunk(), UploadForm\addUploadJS(), ApiQuerySiteinfo\appendGeneralInfo(), ApiUpload\getAllowedParams(), ApiUpload\getMinUploadChunkSize(), UploadForm\getSourceSection(), ApiUpload\verifyUpload(), and verifyUpload().
◆ getRealPath()
| UploadBase::getRealPath | ( | $srcPath | ) |
- Parameters
-
string $srcPath The source path
- Returns
- string|false The real path if it was a virtual URL Returns false on failure
Definition at line 338 of file UploadBase.php.
References $path, and FileRepo\isVirtualUrl().
Referenced by UploadFromChunks\continueChunks(), and UploadFromStash\initialize().
◆ getSessionStatus()
|
static |
Get the current status of a chunked upload (used for polling).
This should only be called during POST requests since we fetch from dc-local MainStash, and from a GET request we can't know that the value is available or up-to-date.
- Parameters
-
UserIdentity $user string $statusKey
- Returns
- Status[]|false
Definition at line 2238 of file UploadBase.php.
Referenced by ApiUpload\performUpload(), and ApiUpload\selectUploadModule().
◆ getSourceType()
| UploadBase::getSourceType | ( | ) |
Returns the upload type.
Should be overridden by child classes.
- Since
- 1.18
- Stability: stable
- to override
- Returns
- string|null
Reimplemented in UploadFromUrl, UploadFromStash, and UploadFromFile.
Definition at line 255 of file UploadBase.php.
Referenced by doStashFile(), and verifyUpload().
◆ getStashFile()
| UploadBase::getStashFile | ( | ) |
- Returns
- UploadStashFile|null
Definition at line 1119 of file UploadBase.php.
References $mStashFile.
Referenced by getImageInfo().
◆ getTempFileSha1Base36()
| UploadBase::getTempFileSha1Base36 | ( | ) |
Get the base 36 SHA1 of the file.
- Stability: stable
- to override
- Returns
- string|false
Reimplemented in UploadFromStash.
Definition at line 330 of file UploadBase.php.
References FSFile\getSha1Base36FromPath().
Referenced by checkWarnings().
◆ getTempPath()
| UploadBase::getTempPath | ( | ) |
◆ getTitle()
| UploadBase::getTitle | ( | ) |
Returns the title of the file to be uploaded.
Sets mTitleError in case the name was illegal.
- Returns
- Title|null The title of the file or null in case the name was illegal
Definition at line 962 of file UploadBase.php.
References $ext, $mDesiredDestName, $mFinalExtension, $mime, $mTitle, checkFileExtensionList(), FILENAME_TOO_LONG, FILETYPE_BADTYPE, FILETYPE_MISSING, MediaWiki\Title\Title\getDBkey(), ILLEGAL_FILENAME, MIN_LENGTH_PARTNAME, NS_FILE, splitExtensions(), wfStripIllegalFilenameChars(), and WINDOWS_NONASCII_FILENAME.
Referenced by getLocalFile(), performUpload(), validateName(), verifyPartialFile(), and verifyTitlePermissions().
◆ getVerificationErrorCode()
| UploadBase::getVerificationErrorCode | ( | $error | ) |
- Parameters
-
int $error
- Returns
- string
Definition at line 143 of file UploadBase.php.
Referenced by UploadFromChunks\concatenateChunks(), and convertVerifyErrorToStatus().
◆ initializeFromRequest()
|
abstract |
Initialize from a WebRequest.
Override this in a subclass.
- Parameters
-
WebRequest &$request
Reimplemented in UploadFromUrl, UploadFromStash, and UploadFromFile.
◆ initializePathInfo()
| UploadBase::initializePathInfo | ( | $name, | |
| $tempPath, | |||
| $fileSize, | |||
$removeTempFile = false |
|||
| ) |
- Parameters
-
string $name The desired destination name string | null $tempPath int | null $fileSize bool $removeTempFile (false) remove the temporary file?
- Exceptions
-
MWException
Definition at line 266 of file UploadBase.php.
References FileBackend\isStoragePath(), and setTempFile().
Referenced by UploadFromChunks\continueChunks(), UploadFromStash\initialize(), and UploadFromFile\initialize().
◆ isAllowed()
|
static |
Returns true if the user can use this upload module or else a string identifying the missing permission.
Can be overridden by subclasses.
- Parameters
-
Authority $performer
- Returns
- bool|string
Reimplemented in UploadFromUrl.
Definition at line 167 of file UploadBase.php.
References MediaWiki\Permissions\Authority\isAllowed().
Referenced by Skin\buildNavUrls(), and MediaWiki\Specials\SpecialUpload\execute().
◆ isEmptyFile()
| UploadBase::isEmptyFile | ( | ) |
Return true if the file is empty.
- Returns
- bool
Definition at line 313 of file UploadBase.php.
References $mFileSize.
Referenced by verifyUpload(), and UploadFromFile\verifyUpload().
◆ isEnabled()
|
static |
Returns true if uploads are enabled.
Can be override by subclasses.
- Stability: stable
- to override
- Returns
- bool
Reimplemented in UploadFromUrl.
Definition at line 153 of file UploadBase.php.
References wfIniGetBool().
Referenced by ApiQuerySiteinfo\appendGeneralInfo(), Skin\buildNavUrls(), MediaWiki\Specials\SpecialUpload\execute(), ApiUpload\execute(), and MediaWiki\Specials\SpecialUpload\userCanExecute().
◆ isThrottled()
|
static |
Returns true if the user has surpassed the upload rate limit, false otherwise.
- Parameters
-
User $user
- Returns
- bool
Definition at line 183 of file UploadBase.php.
Referenced by MediaWiki\Specials\SpecialUpload\processUpload().
◆ isThumbName()
|
static |
Helper function that checks whether the filename looks like a thumbnail.
- Parameters
-
string $filename
- Returns
- bool
Definition at line 2113 of file UploadBase.php.
◆ isValidRequest()
|
static |
Check whether a request if valid for this handler.
- Parameters
-
WebRequest $request
- Returns
- bool
Reimplemented in UploadFromUrl, UploadFromStash, and UploadFromFile.
Definition at line 238 of file UploadBase.php.
◆ makeWarningsSerializable()
|
static |
Convert the warnings array returned by checkWarnings() to something that can be serialized.
File objects will be converted to an associative array with the following keys:
- fileName: The name of the file
- timestamp: The upload timestamp
- Parameters
-
mixed[] $warnings
- Returns
- mixed[]
Definition at line 720 of file UploadBase.php.
Referenced by ApiUpload\getApiWarnings(), and AssembleUploadChunksJob\run().
◆ performUpload()
| UploadBase::performUpload | ( | $comment, | |
| $pageText, | |||
| $watch, | |||
| $user, | |||
$tags = [], |
|||
| ?string | $watchlistExpiry = null |
||
| ) |
Really perform the upload.
Stores the file in the local repo, watches if necessary and runs the UploadComplete hook.
- Parameters
-
string $comment string | false $pageText bool $watch Whether the file page should be added to user's watchlist. (This doesn't check $user's permissions.) User $user string[] $tags Change tags to add to the log entry and page revision. (This doesn't check $user's permissions.) string | null $watchlistExpiry Optional watchlist expiry timestamp in any format acceptable to wfTimestamp().
- Returns
- Status Indicating the whether the upload succeeded.
- Since
- 1.35 Accepts $watchlistExpiry parameter.
Definition at line 905 of file UploadBase.php.
References $mFileProps, File\DELETE_SOURCE, getLocalFile(), getTitle(), and postProcessUpload().
◆ postProcessUpload()
| UploadBase::postProcessUpload | ( | ) |
Perform extra steps after a successful upload.
- Stability: stable
- to override
- Since
- 1.25
Reimplemented in UploadFromStash.
Definition at line 953 of file UploadBase.php.
Referenced by performUpload().
◆ runUploadStashFileHook()
|
protected |
- Parameters
-
User $user
- Returns
- array|null Error message and parameters, null if there's no error
Definition at line 1154 of file UploadBase.php.
References $mFileProps.
Referenced by UploadFromChunks\concatenateChunks(), and tryStashFile().
◆ setSessionStatus()
|
static |
Set the current status of a chunked upload (used for polling).
The value will be set in cache for 1 day.
This should only be called during POST requests.
- Parameters
-
UserIdentity $user string $statusKey array | false $value
- Returns
- void
Definition at line 2257 of file UploadBase.php.
Referenced by ApiUpload\performUpload(), AssembleUploadChunksJob\run(), and PublishStashedFileJob\run().
◆ setTempFile()
|
protected |
- Parameters
-
string | null $tempPath File system path to temporary file containing the upload int | null $fileSize
Definition at line 287 of file UploadBase.php.
Referenced by UploadFromChunks\concatenateChunks(), and initializePathInfo().
◆ splitExtensions()
|
static |
Split a file into a base name and all dot-delimited 'extensions' on the end.
Some web server configurations will fall back to earlier pseudo-'extensions' to determine type and execute scripts, so we need to check them all.
- Parameters
-
string $filename
- Returns
- array [ string, string[] ]
Definition at line 1208 of file UploadBase.php.
Referenced by MediaWiki\Output\StreamFile\contentTypeFromPath(), and getTitle().
◆ tryStashFile()
| UploadBase::tryStashFile | ( | User | $user, |
$isPartial = false |
|||
| ) |
Like stashFile(), but respects extensions' wishes to prevent the stashing.
verifyUpload() must be called before calling this method (unless $isPartial is true).
Upload stash exceptions are also caught and converted to an error status.
- Since
- 1.28
- Stability: stable
- to override
- Parameters
-
User $user bool $isPartial Pass trueif this is a part of a chunked upload (not a complete file).
- Returns
- Status If successful, value is an UploadStashFile instance
Reimplemented in UploadFromChunks.
Definition at line 1135 of file UploadBase.php.
References $file, doStashFile(), and runUploadStashFileHook().
◆ userCanReUpload()
Check if a user is the last uploader.
- Parameters
-
Authority $performer File $img
- Returns
- bool
Definition at line 1997 of file UploadBase.php.
Referenced by ImagePage\uploadLinksBox().
◆ validateName()
| UploadBase::validateName | ( | ) |
Verify that the name is valid and, if necessary, that we can overwrite.
- Returns
- array|bool True if valid, otherwise an array with 'status' and other keys
Definition at line 422 of file UploadBase.php.
References $mBlackListedExtensions, $mFilteredName, $mFinalExtension, $mTitleError, getLocalFile(), and getTitle().
Referenced by verifyUpload().
◆ verifyExtension()
|
static |
Checks if the MIME type of the uploaded file matches the file extension.
- Parameters
-
string $mime The MIME type of the uploaded file string $extension The filename extension that the file is to be served with
- Returns
- bool
Definition at line 1245 of file UploadBase.php.
◆ verifyFile()
|
protected |
Verifies that it's ok to include the uploaded file.
- Returns
- array|true True of the file is verified, array otherwise.
Definition at line 470 of file UploadBase.php.
References $mFinalExtension, $mime, detectScriptInSvg(), MediaHandler\getHandler(), verifyPartialFile(), and wfDebug().
Referenced by verifyUpload().
◆ verifyMimeType()
|
protected |
Verify the MIME type.
- Note
- Only checks that it is not an evil MIME. The "does it have the correct file extension given its MIME type?" check is in verifyFile.
- Parameters
-
string $mime Representing the MIME
- Returns
- array|bool True if the file is verified, an array otherwise
Definition at line 451 of file UploadBase.php.
References $mime, and wfDebug().
Referenced by verifyPartialFile().
◆ verifyPartialFile()
|
protected |
A verification routine suitable for partial files.
Runs the deny list checks, but not any checks that may assume the entire file is present.
- Returns
- array|true True, if the file is valid, else an array with error message key.
Definition at line 535 of file UploadBase.php.
References $mime, detectScriptInSvg(), detectVirus(), getTitle(), and verifyMimeType().
Referenced by verifyFile().
◆ verifyPermissions()
| UploadBase::verifyPermissions | ( | Authority | $performer | ) |
Alias for verifyTitlePermissions.
The function was originally 'verifyPermissions', but that suggests it's checking the user, when it's really checking the title + user combination.
- Parameters
-
Authority $performer to verify the permissions against
- Returns
- array|bool An array as returned by getPermissionErrors or true in case the user has proper permissions.
Definition at line 607 of file UploadBase.php.
References verifyTitlePermissions().
◆ verifyTitlePermissions()
| UploadBase::verifyTitlePermissions | ( | Authority | $performer | ) |
Check whether the user can edit, upload and create the image.
This checks only against the current title; if it returns errors, it may very well be that another title will not give errors. Therefore isAllowed() should be called as well for generic is-user-blocked or can-user-upload checking.
- Parameters
-
Authority $performer to verify the permissions against
- Returns
- array|bool An array as returned by getPermissionErrors or true in case the user has proper permissions.
Definition at line 622 of file UploadBase.php.
References MediaWiki\Permissions\Authority\authorizeWrite(), and getTitle().
Referenced by verifyPermissions().
◆ verifyUpload()
| UploadBase::verifyUpload | ( | ) |
Verify whether the upload is sensible.
Return a status array representing the outcome of the verification. Possible keys are:
- 'status': set to self::OK in case of success, or to one of the error constants defined in this class in case of failure
- 'max': set to the maximum allowed file size ($wgMaxUploadSize) if the upload is too large
- 'details': set to error details if the file type is valid but contents are corrupt
- 'filtered': set to the sanitized file name if the requested file name is invalid
- 'finalExt': set to the file's file extension if it is not an allowed file extension
- 'blacklistedExt': set to the list of disallowed file extensions if the current file extension is not allowed for uploads and the list is not empty
- Stability: stable
- to override
- Returns
- mixed[] array representing the result of the verification
Reimplemented in UploadFromFile.
Definition at line 373 of file UploadBase.php.
References EMPTY_FILE, FILE_TOO_LARGE, getMaxUploadSize(), getSourceType(), isEmptyFile(), OK, validateName(), VERIFICATION_ERROR, and verifyFile().
◆ zipEntryCallback()
| UploadBase::zipEntryCallback | ( | $entry | ) |
Callback for ZipDirectoryReader to detect Java class files.
- Parameters
-
array $entry
Definition at line 578 of file UploadBase.php.
Member Data Documentation
◆ $mBlackListedExtensions
|
protected |
Definition at line 87 of file UploadBase.php.
Referenced by validateName().
◆ $mDesiredDestName
|
protected |
Definition at line 63 of file UploadBase.php.
Referenced by getTitle().
◆ $mDestName
|
protected |
Definition at line 65 of file UploadBase.php.
◆ $mFileProps
|
protected |
Definition at line 85 of file UploadBase.php.
Referenced by performUpload(), and runUploadStashFileHook().
◆ $mFileSize
|
protected |
Definition at line 83 of file UploadBase.php.
Referenced by getFileSize(), and isEmptyFile().
◆ $mFilteredName
|
protected |
Definition at line 75 of file UploadBase.php.
Referenced by validateName().
◆ $mFinalExtension
|
protected |
Definition at line 77 of file UploadBase.php.
Referenced by getTitle(), validateName(), and verifyFile().
◆ $mJavaDetected
|
protected |
Definition at line 89 of file UploadBase.php.
◆ $mLocalFile
|
protected |
Definition at line 79 of file UploadBase.php.
Referenced by getLocalFile().
◆ $mRemoveTempFile
|
protected |
Definition at line 67 of file UploadBase.php.
◆ $mSourceType
|
protected |
Definition at line 69 of file UploadBase.php.
◆ $mStashFile
|
protected |
Definition at line 81 of file UploadBase.php.
Referenced by UploadFromChunks\doStashFile(), and getStashFile().
◆ $mSVGNSError
|
protected |
Definition at line 91 of file UploadBase.php.
Referenced by detectScriptInSvg().
◆ $mTempPath
|
protected |
Local file system path to the file to upload (or a local copy)
Definition at line 59 of file UploadBase.php.
Referenced by UploadFromChunks\addChunk(), and getTempPath().
◆ $mTitle
|
protected |
Definition at line 71 of file UploadBase.php.
Referenced by getTitle().
◆ $mTitleError
|
protected |
Definition at line 73 of file UploadBase.php.
Referenced by validateName().
◆ $safeXmlEncodings
|
staticprotected |
Definition at line 93 of file UploadBase.php.
◆ $tempFileObj
|
protected |
Wrapper to handle deleting the temp file.
Definition at line 61 of file UploadBase.php.
◆ EMPTY_FILE
| const UploadBase::EMPTY_FILE = 3 |
Definition at line 113 of file UploadBase.php.
Referenced by ApiUpload\checkVerification(), MediaWiki\Specials\SpecialUpload\processVerificationError(), and verifyUpload().
◆ FILE_TOO_LARGE
| const UploadBase::FILE_TOO_LARGE = 12 |
Definition at line 121 of file UploadBase.php.
Referenced by ApiUpload\checkVerification(), MediaWiki\Specials\SpecialUpload\processVerificationError(), verifyUpload(), and UploadFromFile\verifyUpload().
◆ FILENAME_TOO_LONG
| const UploadBase::FILENAME_TOO_LONG = 14 |
Definition at line 123 of file UploadBase.php.
Referenced by ApiUpload\checkVerification(), getTitle(), and MediaWiki\Specials\SpecialUpload\processVerificationError().
◆ FILETYPE_BADTYPE
| const UploadBase::FILETYPE_BADTYPE = 9 |
Definition at line 118 of file UploadBase.php.
Referenced by ApiUpload\checkVerification(), getTitle(), and MediaWiki\Specials\SpecialUpload\processVerificationError().
◆ FILETYPE_MISSING
| const UploadBase::FILETYPE_MISSING = 8 |
Definition at line 117 of file UploadBase.php.
Referenced by ApiUpload\checkVerification(), getTitle(), and MediaWiki\Specials\SpecialUpload\processVerificationError().
◆ HOOK_ABORTED
| const UploadBase::HOOK_ABORTED = 11 |
Definition at line 120 of file UploadBase.php.
Referenced by ApiUpload\checkVerification(), and MediaWiki\Specials\SpecialUpload\processVerificationError().
◆ ILLEGAL_FILENAME
| const UploadBase::ILLEGAL_FILENAME = 5 |
Definition at line 115 of file UploadBase.php.
Referenced by ApiUpload\checkVerification(), getTitle(), and MediaWiki\Specials\SpecialUpload\processVerificationError().
◆ MIN_LENGTH_PARTNAME
| const UploadBase::MIN_LENGTH_PARTNAME = 4 |
Definition at line 114 of file UploadBase.php.
Referenced by ApiUpload\checkVerification(), getTitle(), and MediaWiki\Specials\SpecialUpload\processVerificationError().
◆ OK
| const UploadBase::OK = 0 |
Definition at line 112 of file UploadBase.php.
Referenced by UploadFromChunks\concatenateChunks(), MediaWiki\Specials\SpecialUpload\processUpload(), PublishStashedFileJob\run(), ApiUpload\verifyUpload(), and verifyUpload().
◆ OVERWRITE_EXISTING_FILE
| const UploadBase::OVERWRITE_EXISTING_FILE = 7 |
Definition at line 116 of file UploadBase.php.
◆ SUCCESS
| const UploadBase::SUCCESS = 0 |
Definition at line 111 of file UploadBase.php.
◆ VERIFICATION_ERROR
| const UploadBase::VERIFICATION_ERROR = 10 |
Definition at line 119 of file UploadBase.php.
Referenced by ApiUpload\checkVerification(), MediaWiki\Specials\SpecialUpload\processVerificationError(), and verifyUpload().
◆ WINDOWS_NONASCII_FILENAME
| const UploadBase::WINDOWS_NONASCII_FILENAME = 13 |
Definition at line 122 of file UploadBase.php.
Referenced by ApiUpload\checkVerification(), getTitle(), and MediaWiki\Specials\SpecialUpload\processVerificationError().
The documentation for this class was generated from the following file:
- includes/upload/UploadBase.php
