Update to MediaWiki 1.26.0

author: Pierre Schmitz <pierre@archlinux.de> 2015-12-17 09:15:42 +0100
committer: Pierre Schmitz <pierre@archlinux.de> 2015-12-17 09:44:51 +0100
commit: a1789ddde42033f1b05cc4929491214ee6e79383 (patch)
tree: 63615735c4ddffaaabf2428946bb26f90899f7bf /includes/upload/UploadBase.php
parent: 9e06a62f265e3a2aaabecc598d4bc617e06fa32d (diff)
1 files changed, 38 insertions, 55 deletions
diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index 9e113749..e9e1f658 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -298,7 +298,6 @@ abstract class UploadBase {
 		 * If there was no filename or a zero size given, give up quick.
 		 */
 		if ( $this->isEmptyFile() ) {
-
 			return array( 'status' => self::EMPTY_FILE );
 		}
 
@@ -307,7 +306,6 @@ abstract class UploadBase {
 		 */
 		$maxSize = self::getMaxUploadSize( $this->getSourceType() );
 		if ( $this->mFileSize > $maxSize ) {
-
 			return array(
 				'status' => self::FILE_TOO_LARGE,
 				'max' => $maxSize,
@@ -321,7 +319,6 @@ abstract class UploadBase {
 		 */
 		$verification = $this->verifyFile();
 		if ( $verification !== true ) {
-
 			return array(
 				'status' => self::VERIFICATION_ERROR,
 				'details' => $verification
@@ -333,7 +330,6 @@ abstract class UploadBase {
 		 */
 		$result = $this->validateName();
 		if ( $result !== true ) {
-
 			return $result;
 		}
 
@@ -341,7 +337,6 @@ abstract class UploadBase {
 		if ( !Hooks::run( 'UploadVerification',
 			array( $this->mDestName, $this->mTempPath, &$error ) )
 		) {
-
 			return array( 'status' => self::HOOK_ABORTED, 'error' => $error );
 		}
 
@@ -390,7 +385,6 @@ abstract class UploadBase {
 			wfDebug( "mime: <$mime> extension: <{$this->mFinalExtension}>\n" );
 			global $wgMimeTypeBlacklist;
 			if ( $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) {
-
 				return array( 'filetype-badmime', $mime );
 			}
 
@@ -404,7 +398,6 @@ abstract class UploadBase {
 			$ieTypes = $magic->getIEMimeTypes( $this->mTempPath, $chunk, $extMime );
 			foreach ( $ieTypes as $ieType ) {
 				if ( $this->checkFileExtension( $ieType, $wgMimeTypeBlacklist ) ) {
-
 					return array( 'filetype-bad-ie-mime', $ieType );
 				}
 			}
@@ -423,7 +416,6 @@ abstract class UploadBase {
 
 		$status = $this->verifyPartialFile();
 		if ( $status !== true ) {
-
 			return $status;
 		}
 
@@ -433,7 +425,6 @@ abstract class UploadBase {
 		if ( $wgVerifyMimeType ) {
 			# XXX: Missing extension will be caught by validateName() via getTitle()
 			if ( $this->mFinalExtension != '' && !$this->verifyExtension( $mime, $this->mFinalExtension ) ) {
-
 				return array( 'filetype-mime-mismatch', $this->mFinalExtension, $mime );
 			}
 		}
@@ -443,7 +434,6 @@ abstract class UploadBase {
 			if ( $this->mFinalExtension == 'svg' || $mime == 'image/svg+xml' ) {
 				$svgStatus = $this->detectScriptInSvg( $this->mTempPath, false );
 				if ( $svgStatus !== false ) {
-
 					return $svgStatus;
 				}
 			}
@@ -461,7 +451,6 @@ abstract class UploadBase {
 
 		Hooks::run( 'UploadVerifyFile', array( $this, $mime, &$status ) );
 		if ( $status !== true ) {
-
 			return $status;
 		}
 
@@ -490,20 +479,17 @@ abstract class UploadBase {
 		$mime = $this->mFileProps['file-mime'];
 		$status = $this->verifyMimeType( $mime );
 		if ( $status !== true ) {
-
 			return $status;
 		}
 
 		# check for htmlish code and javascript
 		if ( !$wgDisableUploadScriptChecks ) {
 			if ( self::detectScript( $this->mTempPath, $mime, $this->mFinalExtension ) ) {
-
 				return array( 'uploadscripted' );
 			}
 			if ( $this->mFinalExtension == 'svg' || $mime == 'image/svg+xml' ) {
 				$svgStatus = $this->detectScriptInSvg( $this->mTempPath, true );
 				if ( $svgStatus !== false ) {
-
 					return $svgStatus;
 				}
 			}
@@ -519,12 +505,10 @@ abstract class UploadBase {
 				$errors = $zipStatus->getErrorsArray();
 				$error = reset( $errors );
 				if ( $error[0] !== 'zip-wrong-format' ) {
-
 					return $error;
 				}
 			}
 			if ( $this->mJavaDetected ) {
-
 				return array( 'uploadjava' );
 			}
 		}
@@ -532,7 +516,6 @@ abstract class UploadBase {
 		# Scan the uploaded file for viruses
 		$virus = $this->detectVirus( $this->mTempPath );
 		if ( $virus ) {
-
 			return array( 'uploadvirus', $virus );
 		}
 
@@ -756,11 +739,11 @@ abstract class UploadBase {
 		$file = $this->getLocalFile();
 
 		foreach ( $sizes as $size ) {
-			if ( $file->isVectorized()
-				|| $file->getWidth() > $size ) {
-					$jobs[] = new ThumbnailRenderJob( $file->getTitle(), array(
-						'transformParams' => array( 'width' => $size ),
-					) );
+			if ( $file->isVectorized() || $file->getWidth() > $size ) {
+				$jobs[] = new ThumbnailRenderJob(
+					$file->getTitle(),
+					array( 'transformParams' => array( 'width' => $size ) )
+				);
 			}
 		}
 
@@ -779,6 +762,12 @@ abstract class UploadBase {
 		if ( $this->mTitle !== false ) {
 			return $this->mTitle;
 		}
+		if ( !is_string( $this->mDesiredDestName ) ) {
+			$this->mTitleError = self::ILLEGAL_FILENAME;
+			$this->mTitle = null;
+
+			return $this->mTitle;
+		}
 		/* Assume that if a user specified File:Something.jpg, this is an error
 		 * and that the namespace prefix needs to be stripped of.
 		 */
@@ -1086,7 +1075,6 @@ abstract class UploadBase {
 		$chunk = strtolower( $chunk );
 
 		if ( !$chunk ) {
-
 			return false;
 		}
 
@@ -1110,7 +1098,6 @@ abstract class UploadBase {
 
 		# check for HTML doctype
 		if ( preg_match( "/<!DOCTYPE *X?HTML/i", $chunk ) ) {
-
 			return true;
 		}
 
@@ -1118,7 +1105,6 @@ abstract class UploadBase {
 		// PHP/expat will interpret the given encoding in the xml declaration (bug 47304)
 		if ( $extension == 'svg' || strpos( $mime, 'image/svg' ) === 0 ) {
 			if ( self::checkXMLEncodingMissmatch( $file ) ) {
-
 				return true;
 			}
 		}
@@ -1231,9 +1217,9 @@ abstract class UploadBase {
 		// detect the encoding in case is specifies an encoding not whitelisted in self::$safeXmlEncodings
 		$attemptEncodings = array( 'UTF-16', 'UTF-16BE', 'UTF-32', 'UTF-32BE' );
 		foreach ( $attemptEncodings as $encoding ) {
-			wfSuppressWarnings();
+			MediaWiki\suppressWarnings();
 			$str = iconv( $encoding, 'UTF-8', $contents );
-			wfRestoreWarnings();
+			MediaWiki\restoreWarnings();
 			if ( $str != '' && preg_match( "!<\?xml\b(.*?)\?>!si", $str, $matches ) ) {
 				if ( preg_match( $encodingRegex, $matches[1], $encMatch )
 					&& !in_array( strtoupper( $encMatch[1] ), self::$safeXmlEncodings )
@@ -1276,7 +1262,7 @@ abstract class UploadBase {
 				return array( 'uploadscriptednamespace', $this->mSVGNSError );
 			}
 
-			return array( 'uploadscripted' );
+			return $check->filterMatchType;
 		}
 
 		return false;
@@ -1291,7 +1277,7 @@ abstract class UploadBase {
 	public static function checkSvgPICallback( $target, $data ) {
 		// Don't allow external stylesheets (bug 57550)
 		if ( preg_match( '/xml-stylesheet/i', $target ) ) {
-			return true;
+			return array( 'upload-scripted-pi-callback' );
 		}
 
 		return false;
@@ -1363,7 +1349,7 @@ abstract class UploadBase {
 		if ( $strippedElement == 'script' ) {
 			wfDebug( __METHOD__ . ": Found script element '$element' in uploaded file.\n" );
 
-			return true;
+			return array( 'uploaded-script-svg', $strippedElement );
 		}
 
 		# e.g., <svg xmlns="http://www.w3.org/2000/svg">
@@ -1371,21 +1357,21 @@ abstract class UploadBase {
 		if ( $strippedElement == 'handler' ) {
 			wfDebug( __METHOD__ . ": Found scriptable element '$element' in uploaded file.\n" );
 
-			return true;
+			return array( 'uploaded-script-svg', $strippedElement );
 		}
 
 		# SVG reported in Feb '12 that used xml:stylesheet to generate javascript block
 		if ( $strippedElement == 'stylesheet' ) {
 			wfDebug( __METHOD__ . ": Found scriptable element '$element' in uploaded file.\n" );
 
-			return true;
+			return array( 'uploaded-script-svg', $strippedElement );
 		}
 
 		# Block iframes, in case they pass the namespace check
 		if ( $strippedElement == 'iframe' ) {
 			wfDebug( __METHOD__ . ": iframe in uploaded file.\n" );
 
-			return true;
+			return array( 'uploaded-script-svg', $strippedElement );
 		}
 
 		# Check <style> css
@@ -1393,7 +1379,7 @@ abstract class UploadBase {
 			&& self::checkCssFragment( Sanitizer::normalizeCss( $data ) )
 		) {
 			wfDebug( __METHOD__ . ": hostile css in style element.\n" );
-			return true;
+			return array( 'uploaded-hostile-svg' );
 		}
 
 		foreach ( $attribs as $attrib => $value ) {
@@ -1404,7 +1390,7 @@ abstract class UploadBase {
 				wfDebug( __METHOD__
 					. ": Found event-handler attribute '$attrib'='$value' in uploaded file.\n" );
 
-				return true;
+				return array( 'uploaded-event-handler-on-svg', $attrib, $value );
 			}
 
 			# href with non-local target (don't allow http://, javascript:, etc)
@@ -1418,7 +1404,7 @@ abstract class UploadBase {
 					wfDebug( __METHOD__ . ": Found href attribute <$strippedElement "
 						. "'$attrib'='$value' in uploaded file.\n" );
 
-					return true;
+					return array( 'uploaded-href-attribute-svg', $strippedElement, $attrib, $value );
 				}
 			}
 
@@ -1430,7 +1416,7 @@ abstract class UploadBase {
 				if ( !preg_match( "!^data:\s*image/(gif|jpeg|jpg|png)$parameters,!i", $value ) ) {
 					wfDebug( __METHOD__ . ": Found href to unwhitelisted data: uri "
 						. "\"<$strippedElement '$attrib'='$value'...\" in uploaded file.\n" );
-					return true;
+					return array( 'uploaded-href-unsafe-target-svg', $strippedElement, $attrib, $value );
 				}
 			}
 
@@ -1442,7 +1428,7 @@ abstract class UploadBase {
 				wfDebug( __METHOD__ . ": Found animate that might be changing href using from "
 					. "\"<$strippedElement '$attrib'='$value'...\" in uploaded file.\n" );
 
-				return true;
+				return array( 'uploaded-animate-svg', $strippedElement, $attrib, $value );
 			}
 
 			# use set/animate to add event-handler attribute to parent
@@ -1453,7 +1439,7 @@ abstract class UploadBase {
 				wfDebug( __METHOD__ . ": Found svg setting event-handler attribute with "
 					. "\"<$strippedElement $stripped='$value'...\" in uploaded file.\n" );
 
-				return true;
+				return array( 'uploaded-setting-event-handler-svg', $strippedElement, $stripped, $value );
 			}
 
 			# use set to add href attribute to parent element
@@ -1463,7 +1449,7 @@ abstract class UploadBase {
 			) {
 				wfDebug( __METHOD__ . ": Found svg setting href attribute '$value' in uploaded file.\n" );
 
-				return true;
+				return array( 'uploaded-setting-href-svg' );
 			}
 
 			# use set to add a remote / data / script target to an element
@@ -1473,7 +1459,7 @@ abstract class UploadBase {
 			) {
 				wfDebug( __METHOD__ . ": Found svg setting attribute to '$value' in uploaded file.\n" );
 
-				return true;
+				return array( 'uploaded-wrong-setting-svg', $value );
 			}
 
 			# use handler attribute with remote / data / script
@@ -1481,7 +1467,7 @@ abstract class UploadBase {
 				wfDebug( __METHOD__ . ": Found svg setting handler with remote/data/script "
 					. "'$attrib'='$value' in uploaded file.\n" );
 
-				return true;
+				return array( 'uploaded-setting-handler-svg', $attrib, $value );
 			}
 
 			# use CSS styles to bring in remote code
@@ -1490,7 +1476,7 @@ abstract class UploadBase {
 			) {
 				wfDebug( __METHOD__ . ": Found svg setting a style with "
 					. "remote url '$attrib'='$value' in uploaded file.\n" );
-				return true;
+				return array( 'uploaded-remote-url-svg', $attrib, $value );
 			}
 
 			# Several attributes can include css, css character escaping isn't allowed
@@ -1501,7 +1487,7 @@ abstract class UploadBase {
 			) {
 				wfDebug( __METHOD__ . ": Found svg setting a style with "
 					. "remote url '$attrib'='$value' in uploaded file.\n" );
-				return true;
+				return array( 'uploaded-remote-url-svg', $attrib, $value );
 			}
 
 			# image filters can pull in url, which could be svg that executes scripts
@@ -1512,7 +1498,7 @@ abstract class UploadBase {
 				wfDebug( __METHOD__ . ": Found image filter with url: "
 					. "\"<$strippedElement $stripped='$value'...\" in uploaded file.\n" );
 
-				return true;
+				return array( 'uploaded-image-filter-svg', $strippedElement, $stripped, $value );
 			}
 		}
 
@@ -1730,24 +1716,21 @@ abstract class UploadBase {
 	 * Check if a user is the last uploader
 	 *
 	 * @param User $user
-	 * @param string $img Image name
+	 * @param File $img
 	 * @return bool
 	 */
-	public static function userCanReUpload( User $user, $img ) {
+	public static function userCanReUpload( User $user, File $img ) {
 		if ( $user->isAllowed( 'reupload' ) ) {
 			return true; // non-conditional
-		}
-		if ( !$user->isAllowed( 'reupload-own' ) ) {
+		} elseif ( !$user->isAllowed( 'reupload-own' ) ) {
 			return false;
 		}
-		if ( is_string( $img ) ) {
-			$img = wfLocalFile( $img );
-		}
+
 		if ( !( $img instanceof LocalFile ) ) {
 			return false;
 		}
 
-		$img->load( File::READ_LATEST );
+		$img->load();
 
 		return $user->getId() == $img->getUser( 'id' );
 	}
@@ -1965,7 +1948,7 @@ abstract class UploadBase {
 	public static function getSessionStatus( User $user, $statusKey ) {
 		$key = wfMemcKey( 'uploadstatus', $user->getId() ?: md5( $user->getName() ), $statusKey );
 
-		return wfGetCache( CACHE_ANYTHING )->get( $key );
+		return ObjectCache::getMainStashInstance()->get( $key );
 	}
 
 	/**
@@ -1981,7 +1964,7 @@ abstract class UploadBase {
 	public static function setSessionStatus( User $user, $statusKey, $value ) {
 		$key = wfMemcKey( 'uploadstatus', $user->getId() ?: md5( $user->getName() ), $statusKey );
 
-		$cache = wfGetCache( CACHE_ANYTHING );
+		$cache = ObjectCache::getMainStashInstance();
 		if ( $value === false ) {
 			$cache->delete( $key );
 		} else {
author	Pierre Schmitz <pierre@archlinux.de>	2015-12-17 09:15:42 +0100
committer	Pierre Schmitz <pierre@archlinux.de>	2015-12-17 09:44:51 +0100
commit	a1789ddde42033f1b05cc4929491214ee6e79383 (patch)
tree	63615735c4ddffaaabf2428946bb26f90899f7bf /includes/upload/UploadBase.php
parent	9e06a62f265e3a2aaabecc598d4bc617e06fa32d (diff)