diff options
author | Pierre Schmitz <pierre@archlinux.de> | 2010-07-28 11:52:48 +0200 |
---|---|---|
committer | Pierre Schmitz <pierre@archlinux.de> | 2010-07-28 11:52:48 +0200 |
commit | 222b01f5169f1c7e69762e0e8904c24f78f71882 (patch) | |
tree | 8e932e12546bb991357ec48eb1638d1770be7a35 /includes/upload | |
parent | 00ab76a6b686e98a914afc1975812d2b1aaa7016 (diff) |
update to MediaWiki 1.16.0
Diffstat (limited to 'includes/upload')
-rw-r--r-- | includes/upload/UploadBase.php | 1091 | ||||
-rw-r--r-- | includes/upload/UploadFromFile.php | 32 | ||||
-rw-r--r-- | includes/upload/UploadFromStash.php | 84 | ||||
-rw-r--r-- | includes/upload/UploadFromUrl.php | 137 |
4 files changed, 1344 insertions, 0 deletions
diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php new file mode 100644 index 00000000..5d955b36 --- /dev/null +++ b/includes/upload/UploadBase.php @@ -0,0 +1,1091 @@ +<?php +/** + * @file + * @ingroup upload + * + * UploadBase and subclasses are the backend of MediaWiki's file uploads. + * The frontends are formed by ApiUpload and SpecialUpload. + * + * See also includes/docs/upload.txt + * + * @author Brion Vibber + * @author Bryan Tong Minh + * @author Michael Dale + */ + +abstract class UploadBase { + protected $mTempPath; + protected $mDesiredDestName, $mDestName, $mRemoveTempFile, $mSourceType; + protected $mTitle = false, $mTitleError = 0; + protected $mFilteredName, $mFinalExtension; + protected $mLocalFile; + + const SUCCESS = 0; + const OK = 0; + const EMPTY_FILE = 3; + const MIN_LENGTH_PARTNAME = 4; + const ILLEGAL_FILENAME = 5; + const OVERWRITE_EXISTING_FILE = 7; + const FILETYPE_MISSING = 8; + const FILETYPE_BADTYPE = 9; + const VERIFICATION_ERROR = 10; + const UPLOAD_VERIFICATION_ERROR = 11; + const HOOK_ABORTED = 11; + + const SESSION_VERSION = 2; + + /** + * Returns true if uploads are enabled. + * Can be override by subclasses. + */ + public static function isEnabled() { + global $wgEnableUploads; + if ( !$wgEnableUploads ) { + return false; + } + + # Check php's file_uploads setting + if( !wfIniGetBool( 'file_uploads' ) ) { + return false; + } + return true; + } + + /** + * Returns true if the user can use this upload module or else a string + * identifying the missing permission. + * Can be overriden by subclasses. + */ + public static function isAllowed( $user ) { + if( !$user->isAllowed( 'upload' ) ) { + return 'upload'; + } + return true; + } + + // Upload handlers. Should probably just be a global. + static $uploadHandlers = array( 'Stash', 'File', 'Url' ); + + /** + * Create a form of UploadBase depending on wpSourceType and initializes it + */ + public static function createFromRequest( &$request, $type = null ) { + $type = $type ? $type : $request->getVal( 'wpSourceType', 'File' ); + + if( !$type ) { + return null; + } + + // Get the upload class + $type = ucfirst( $type ); + + // Give hooks the chance to handle this request + $className = null; + wfRunHooks( 'UploadCreateFromRequest', array( $type, &$className ) ); + if ( is_null( $className ) ) { + $className = 'UploadFrom' . $type; + wfDebug( __METHOD__ . ": class name: $className\n" ); + if( !in_array( $type, self::$uploadHandlers ) ) { + return null; + } + } + + // Check whether this upload class is enabled + if( !call_user_func( array( $className, 'isEnabled' ) ) ) { + return null; + } + + // Check whether the request is valid + if( !call_user_func( array( $className, 'isValidRequest' ), $request ) ) { + return null; + } + + $handler = new $className; + + $handler->initializeFromRequest( $request ); + return $handler; + } + + /** + * Check whether a request if valid for this handler + */ + public static function isValidRequest( $request ) { + return false; + } + + public function __construct() {} + + /** + * Initialize the path information + * @param $name string the desired destination name + * @param $tempPath string the temporary path + * @param $fileSize int the file size + * @param $removeTempFile bool (false) remove the temporary file? + * @return null + */ + public function initializePathInfo( $name, $tempPath, $fileSize, $removeTempFile = false ) { + $this->mDesiredDestName = $name; + $this->mTempPath = $tempPath; + $this->mFileSize = $fileSize; + $this->mRemoveTempFile = $removeTempFile; + } + + /** + * Initialize from a WebRequest. Override this in a subclass. + */ + public abstract function initializeFromRequest( &$request ); + + /** + * Fetch the file. Usually a no-op + */ + public function fetchFile() { + return Status::newGood(); + } + + /** + * Return the file size + */ + public function isEmptyFile() { + return empty( $this->mFileSize ); + } + + /** + * @param string $srcPath the source path + * @returns the real path if it was a virtual URL + */ + function getRealPath( $srcPath ) { + $repo = RepoGroup::singleton()->getLocalRepo(); + if ( $repo->isVirtualUrl( $srcPath ) ) { + return $repo->resolveVirtualUrl( $srcPath ); + } + return $srcPath; + } + + /** + * Verify whether the upload is sane. + * Returns self::OK or else an array with error information + */ + public function verifyUpload() { + /** + * If there was no filename or a zero size given, give up quick. + */ + if( $this->isEmptyFile() ) { + return array( 'status' => self::EMPTY_FILE ); + } + + /** + * Look at the contents of the file; if we can recognize the + * type but it's corrupt or data of the wrong type, we should + * probably not accept it. + */ + $verification = $this->verifyFile(); + if( $verification !== true ) { + if( !is_array( $verification ) ) { + $verification = array( $verification ); + } + return array( + 'status' => self::VERIFICATION_ERROR, + 'details' => $verification + ); + } + + $nt = $this->getTitle(); + if( is_null( $nt ) ) { + $result = array( 'status' => $this->mTitleError ); + if( $this->mTitleError == self::ILLEGAL_FILENAME ) { + $result['filtered'] = $this->mFilteredName; + } + if ( $this->mTitleError == self::FILETYPE_BADTYPE ) { + $result['finalExt'] = $this->mFinalExtension; + } + return $result; + } + $this->mDestName = $this->getLocalFile()->getName(); + + /** + * In some cases we may forbid overwriting of existing files. + */ + $overwrite = $this->checkOverwrite(); + if( $overwrite !== true ) { + return array( + 'status' => self::OVERWRITE_EXISTING_FILE, + 'overwrite' => $overwrite + ); + } + + $error = ''; + if( !wfRunHooks( 'UploadVerification', + array( $this->mDestName, $this->mTempPath, &$error ) ) ) { + // This status needs another name... + return array( 'status' => self::HOOK_ABORTED, 'error' => $error ); + } + + return array( 'status' => self::OK ); + } + + /** + * Verifies that it's ok to include the uploaded file + * + * @return mixed true of the file is verified, a string or array otherwise. + */ + protected function verifyFile() { + $this->mFileProps = File::getPropsFromPath( $this->mTempPath, $this->mFinalExtension ); + $this->checkMacBinary(); + + # magically determine mime type + $magic = MimeMagic::singleton(); + $mime = $magic->guessMimeType( $this->mTempPath, false ); + + # check mime type, if desired + global $wgVerifyMimeType; + if ( $wgVerifyMimeType ) { + wfDebug ( "\n\nmime: <$mime> extension: <{$this->mFinalExtension}>\n\n"); + if ( !$this->verifyExtension( $mime, $this->mFinalExtension ) ) { + return array( 'filetype-mime-mismatch' ); + } + + global $wgMimeTypeBlacklist; + if ( $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) { + return array( 'filetype-badmime', $mime ); + } + + # Check IE type + $fp = fopen( $this->mTempPath, 'rb' ); + $chunk = fread( $fp, 256 ); + fclose( $fp ); + $extMime = $magic->guessTypesForExtension( $this->mFinalExtension ); + $ieTypes = $magic->getIEMimeTypes( $this->mTempPath, $chunk, $extMime ); + foreach ( $ieTypes as $ieType ) { + if ( $this->checkFileExtension( $ieType, $wgMimeTypeBlacklist ) ) { + return array( 'filetype-bad-ie-mime', $ieType ); + } + } + } + + # check for htmlish code and javascript + if( self::detectScript( $this->mTempPath, $mime, $this->mFinalExtension ) ) { + return 'uploadscripted'; + } + if( $this->mFinalExtension == 'svg' || $mime == 'image/svg+xml' ) { + if( self::detectScriptInSvg( $this->mTempPath ) ) { + return 'uploadscripted'; + } + } + + /** + * Scan the uploaded file for viruses + */ + $virus = $this->detectVirus( $this->mTempPath ); + if ( $virus ) { + return array( 'uploadvirus', $virus ); + } + wfDebug( __METHOD__ . ": all clear; passing.\n" ); + return true; + } + + /** + * Check whether the user can edit, upload and create the image. + * + * @param User $user the user to verify the permissions against + * @return mixed An array as returned by getUserPermissionsErrors or true + * in case the user has proper permissions. + */ + public function verifyPermissions( $user ) { + /** + * If the image is protected, non-sysop users won't be able + * to modify it by uploading a new revision. + */ + $nt = $this->getTitle(); + if( is_null( $nt ) ) { + return true; + } + $permErrors = $nt->getUserPermissionsErrors( 'edit', $user ); + $permErrorsUpload = $nt->getUserPermissionsErrors( 'upload', $user ); + $permErrorsCreate = ( $nt->exists() ? array() : $nt->getUserPermissionsErrors( 'create', $user ) ); + if( $permErrors || $permErrorsUpload || $permErrorsCreate ) { + $permErrors = array_merge( $permErrors, wfArrayDiff2( $permErrorsUpload, $permErrors ) ); + $permErrors = array_merge( $permErrors, wfArrayDiff2( $permErrorsCreate, $permErrors ) ); + return $permErrors; + } + return true; + } + + /** + * Check for non fatal problems with the file + * + * @return array Array of warnings + */ + public function checkWarnings() { + $warnings = array(); + + $localFile = $this->getLocalFile(); + $filename = $localFile->getName(); + $n = strrpos( $filename, '.' ); + $partname = $n ? substr( $filename, 0, $n ) : $filename; + + /** + * Check whether the resulting filename is different from the desired one, + * but ignore things like ucfirst() and spaces/underscore things + */ + $comparableName = str_replace( ' ', '_', $this->mDesiredDestName ); + $comparableName = Title::capitalize( $comparableName, NS_FILE ); + + if( $this->mDesiredDestName != $filename && $comparableName != $filename ) { + $warnings['badfilename'] = $filename; + } + + // Check whether the file extension is on the unwanted list + global $wgCheckFileExtensions, $wgFileExtensions; + if ( $wgCheckFileExtensions ) { + if ( !$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) { + $warnings['filetype-unwanted-type'] = $this->mFinalExtension; + } + } + + global $wgUploadSizeWarning; + if ( $wgUploadSizeWarning && ( $this->mFileSize > $wgUploadSizeWarning ) ) { + $warnings['large-file'] = $wgUploadSizeWarning; + } + + if ( $this->mFileSize == 0 ) { + $warnings['emptyfile'] = true; + } + + $exists = self::getExistsWarning( $localFile ); + if( $exists !== false ) { + $warnings['exists'] = $exists; + } + + // Check dupes against existing files + $hash = File::sha1Base36( $this->mTempPath ); + $dupes = RepoGroup::singleton()->findBySha1( $hash ); + $title = $this->getTitle(); + // Remove all matches against self + foreach ( $dupes as $key => $dupe ) { + if( $title->equals( $dupe->getTitle() ) ) { + unset( $dupes[$key] ); + } + } + if( $dupes ) { + $warnings['duplicate'] = $dupes; + } + + // Check dupes against archives + $archivedImage = new ArchivedFile( null, 0, "{$hash}.{$this->mFinalExtension}" ); + if ( $archivedImage->getID() > 0 ) { + $warnings['duplicate-archive'] = $archivedImage->getName(); + } + + return $warnings; + } + + /** + * Really perform the upload. Stores the file in the local repo, watches + * if necessary and runs the UploadComplete hook. + * + * @return mixed Status indicating the whether the upload succeeded. + */ + public function performUpload( $comment, $pageText, $watch, $user ) { + wfDebug( "\n\n\performUpload: sum:" . $comment . ' c: ' . $pageText . ' w:' . $watch ); + $status = $this->getLocalFile()->upload( $this->mTempPath, $comment, $pageText, + File::DELETE_SOURCE, $this->mFileProps, false, $user ); + + if( $status->isGood() && $watch ) { + $user->addWatch( $this->getLocalFile()->getTitle() ); + } + + if( $status->isGood() ) { + wfRunHooks( 'UploadComplete', array( &$this ) ); + } + + return $status; + } + + /** + * Returns the title of the file to be uploaded. Sets mTitleError in case + * the name was illegal. + * + * @return Title The title of the file or null in case the name was illegal + */ + public function getTitle() { + if ( $this->mTitle !== false ) { + return $this->mTitle; + } + + /** + * Chop off any directories in the given filename. Then + * filter out illegal characters, and try to make a legible name + * out of it. We'll strip some silently that Title would die on. + */ + $basename = $this->mDesiredDestName; + + $this->mFilteredName = wfStripIllegalFilenameChars( $basename ); + /* Normalize to title form before we do any further processing */ + $nt = Title::makeTitleSafe( NS_FILE, $this->mFilteredName ); + if( is_null( $nt ) ) { + $this->mTitleError = self::ILLEGAL_FILENAME; + return $this->mTitle = null; + } + $this->mFilteredName = $nt->getDBkey(); + + /** + * We'll want to blacklist against *any* 'extension', and use + * only the final one for the whitelist. + */ + list( $partname, $ext ) = $this->splitExtensions( $this->mFilteredName ); + + if( count( $ext ) ) { + $this->mFinalExtension = trim( $ext[count( $ext ) - 1] ); + } else { + $this->mFinalExtension = ''; + } + + /* Don't allow users to override the blacklist (check file extension) */ + global $wgCheckFileExtensions, $wgStrictFileExtensions; + global $wgFileExtensions, $wgFileBlacklist; + if ( $this->mFinalExtension == '' ) { + $this->mTitleError = self::FILETYPE_MISSING; + return $this->mTitle = null; + } elseif ( $this->checkFileExtensionList( $ext, $wgFileBlacklist ) || + ( $wgCheckFileExtensions && $wgStrictFileExtensions && + !$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) ) { + $this->mTitleError = self::FILETYPE_BADTYPE; + return $this->mTitle = null; + } + + # If there was more than one "extension", reassemble the base + # filename to prevent bogus complaints about length + if( count( $ext ) > 1 ) { + for( $i = 0; $i < count( $ext ) - 1; $i++ ) { + $partname .= '.' . $ext[$i]; + } + } + + if( strlen( $partname ) < 1 ) { + $this->mTitleError = self::MIN_LENGTH_PARTNAME; + return $this->mTitle = null; + } + + $nt = Title::makeTitleSafe( NS_FILE, $this->mFilteredName ); + if( is_null( $nt ) ) { + $this->mTitleError = self::ILLEGAL_FILENAME; + return $this->mTitle = null; + } + return $this->mTitle = $nt; + } + + /** + * Return the local file and initializes if necessary. + */ + public function getLocalFile() { + if( is_null( $this->mLocalFile ) ) { + $nt = $this->getTitle(); + $this->mLocalFile = is_null( $nt ) ? null : wfLocalFile( $nt ); + } + return $this->mLocalFile; + } + + /** + * Stash a file in a temporary directory for later processing + * after the user has confirmed it. + * + * If the user doesn't explicitly cancel or accept, these files + * can accumulate in the temp directory. + * + * @param string $saveName - the destination filename + * @param string $tempSrc - the source temporary file to save + * @return string - full path the stashed file, or false on failure + */ + protected function saveTempUploadedFile( $saveName, $tempSrc ) { + $repo = RepoGroup::singleton()->getLocalRepo(); + $status = $repo->storeTemp( $saveName, $tempSrc ); + return $status; + } + + /** + * Stash a file in a temporary directory for later processing, + * and save the necessary descriptive info into the session. + * Returns a key value which will be passed through a form + * to pick up the path info on a later invocation. + * + * @return int Session key + */ + public function stashSession() { + $status = $this->saveTempUploadedFile( $this->mDestName, $this->mTempPath ); + if( !$status->isOK() ) { + # Couldn't save the file. + return false; + } + if( !isset( $_SESSION ) ) { + session_start(); // start up the session (might have been previously closed to prevent php session locking) + } + $key = $this->getSessionKey(); + $_SESSION['wsUploadData'][$key] = array( + 'mTempPath' => $status->value, + 'mFileSize' => $this->mFileSize, + 'mFileProps' => $this->mFileProps, + 'version' => self::SESSION_VERSION, + ); + return $key; + } + + /** + * Generate a random session key from stash in cases where we want to start an upload without much information + */ + protected function getSessionKey() { + $key = mt_rand( 0, 0x7fffffff ); + $_SESSION['wsUploadData'][$key] = array(); + return $key; + } + + /** + * If we've modified the upload file we need to manually remove it + * on exit to clean up. + */ + public function cleanupTempFile() { + if ( $this->mRemoveTempFile && $this->mTempPath && file_exists( $this->mTempPath ) ) { + wfDebug( __METHOD__ . ": Removing temporary file {$this->mTempPath}\n" ); + unlink( $this->mTempPath ); + } + } + + public function getTempPath() { + return $this->mTempPath; + } + + /** + * Split a file into a base name and all dot-delimited 'extensions' + * on the end. Some web server configurations will fall back to + * earlier pseudo-'extensions' to determine type and execute + * scripts, so the blacklist needs to check them all. + * + * @return array + */ + public static function splitExtensions( $filename ) { + $bits = explode( '.', $filename ); + $basename = array_shift( $bits ); + return array( $basename, $bits ); + } + + /** + * Perform case-insensitive match against a list of file extensions. + * Returns true if the extension is in the list. + * + * @param string $ext + * @param array $list + * @return bool + */ + public static function checkFileExtension( $ext, $list ) { + return in_array( strtolower( $ext ), $list ); + } + + /** + * Perform case-insensitive match against a list of file extensions. + * Returns true if any of the extensions are in the list. + * + * @param array $ext + * @param array $list + * @return bool + */ + public static function checkFileExtensionList( $ext, $list ) { + foreach( $ext as $e ) { + if( in_array( strtolower( $e ), $list ) ) { + return true; + } + } + return false; + } + + /** + * Checks if the mime type of the uploaded file matches the file extension. + * + * @param string $mime the mime type of the uploaded file + * @param string $extension The filename extension that the file is to be served with + * @return bool + */ + public static function verifyExtension( $mime, $extension ) { + $magic = MimeMagic::singleton(); + + if ( !$mime || $mime == 'unknown' || $mime == 'unknown/unknown' ) + if ( !$magic->isRecognizableExtension( $extension ) ) { + wfDebug( __METHOD__ . ": passing file with unknown detected mime type; " . + "unrecognized extension '$extension', can't verify\n" ); + return true; + } else { + wfDebug( __METHOD__ . ": rejecting file with unknown detected mime type; ". + "recognized extension '$extension', so probably invalid file\n" ); + return false; + } + + $match = $magic->isMatchingExtension( $extension, $mime ); + + if ( $match === null ) { + wfDebug( __METHOD__ . ": no file extension known for mime type $mime, passing file\n" ); + return true; + } elseif( $match === true ) { + wfDebug( __METHOD__ . ": mime type $mime matches extension $extension, passing file\n" ); + + #TODO: if it's a bitmap, make sure PHP or ImageMagic resp. can handle it! + return true; + + } else { + wfDebug( __METHOD__ . ": mime type $mime mismatches file extension $extension, rejecting file\n" ); + return false; + } + } + + /** + * Heuristic for detecting files that *could* contain JavaScript instructions or + * things that may look like HTML to a browser and are thus + * potentially harmful. The present implementation will produce false + * positives in some situations. + * + * @param string $file Pathname to the temporary upload file + * @param string $mime The mime type of the file + * @param string $extension The extension of the file + * @return bool true if the file contains something looking like embedded scripts + */ + public static function detectScript( $file, $mime, $extension ) { + global $wgAllowTitlesInSVG; + + # ugly hack: for text files, always look at the entire file. + # For binary field, just check the first K. + + if( strpos( $mime,'text/' ) === 0 ) { + $chunk = file_get_contents( $file ); + } else { + $fp = fopen( $file, 'rb' ); + $chunk = fread( $fp, 1024 ); + fclose( $fp ); + } + + $chunk = strtolower( $chunk ); + + if( !$chunk ) { + return false; + } + + # decode from UTF-16 if needed (could be used for obfuscation). + if( substr( $chunk, 0, 2 ) == "\xfe\xff" ) { + $enc = 'UTF-16BE'; + } elseif( substr( $chunk, 0, 2 ) == "\xff\xfe" ) { + $enc = 'UTF-16LE'; + } else { + $enc = null; + } + + if( $enc ) { + $chunk = iconv( $enc, "ASCII//IGNORE", $chunk ); + } + + $chunk = trim( $chunk ); + + # FIXME: convert from UTF-16 if necessarry! + wfDebug( __METHOD__ . ": checking for embedded scripts and HTML stuff\n" ); + + # check for HTML doctype + if ( preg_match( "/<!DOCTYPE *X?HTML/i", $chunk ) ) { + return true; + } + + /** + * Internet Explorer for Windows performs some really stupid file type + * autodetection which can cause it to interpret valid image files as HTML + * and potentially execute JavaScript, creating a cross-site scripting + * attack vectors. + * + * Apple's Safari browser also performs some unsafe file type autodetection + * which can cause legitimate files to be interpreted as HTML if the + * web server is not correctly configured to send the right content-type + * (or if you're really uploading plain text and octet streams!) + * + * Returns true if IE is likely to mistake the given file for HTML. + * Also returns true if Safari would mistake the given file for HTML + * when served with a generic content-type. + */ + $tags = array( + '<a href', + '<body', + '<head', + '<html', #also in safari + '<img', + '<pre', + '<script', #also in safari + '<table' + ); + + if( !$wgAllowTitlesInSVG && $extension !== 'svg' && $mime !== 'image/svg' ) { + $tags[] = '<title'; + } + + foreach( $tags as $tag ) { + if( false !== strpos( $chunk, $tag ) ) { + return true; + } + } + + /* + * look for JavaScript + */ + + # resolve entity-refs to look at attributes. may be harsh on big files... cache result? + $chunk = Sanitizer::decodeCharReferences( $chunk ); + + # look for script-types + if( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) ) { + return true; + } + + # look for html-style script-urls + if( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) ) { + return true; + } + + # look for css-style script-urls + if( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) ) { + return true; + } + + wfDebug( __METHOD__ . ": no scripts found\n" ); + return false; + } + + protected function detectScriptInSvg( $filename ) { + $check = new XmlTypeCheck( $filename, array( $this, 'checkSvgScriptCallback' ) ); + return $check->filterMatch; + } + + /** + * @todo Replace this with a whitelist filter! + */ + public function checkSvgScriptCallback( $element, $attribs ) { + $stripped = $this->stripXmlNamespace( $element ); + + if( $stripped == 'script' ) { + wfDebug( __METHOD__ . ": Found script element '$element' in uploaded file.\n" ); + return true; + } + + foreach( $attribs as $attrib => $value ) { + $stripped = $this->stripXmlNamespace( $attrib ); + if( substr( $stripped, 0, 2 ) == 'on' ) { + wfDebug( __METHOD__ . ": Found script attribute '$attrib'='value' in uploaded file.\n" ); + return true; + } + if( $stripped == 'href' && strpos( strtolower( $value ), 'javascript:' ) !== false ) { + wfDebug( __METHOD__ . ": Found script href attribute '$attrib'='$value' in uploaded file.\n" ); + return true; + } + } + } + + private function stripXmlNamespace( $name ) { + // 'http://www.w3.org/2000/svg:script' -> 'script' + $parts = explode( ':', strtolower( $name ) ); + return array_pop( $parts ); + } + + /** + * Generic wrapper function for a virus scanner program. + * This relies on the $wgAntivirus and $wgAntivirusSetup variables. + * $wgAntivirusRequired may be used to deny upload if the scan fails. + * + * @param string $file Pathname to the temporary upload file + * @return mixed false if not virus is found, NULL if the scan fails or is disabled, + * or a string containing feedback from the virus scanner if a virus was found. + * If textual feedback is missing but a virus was found, this function returns true. + */ + public static function detectVirus( $file ) { + global $wgAntivirus, $wgAntivirusSetup, $wgAntivirusRequired, $wgOut; + + if ( !$wgAntivirus ) { + wfDebug( __METHOD__ . ": virus scanner disabled\n" ); + return null; + } + + if ( !$wgAntivirusSetup[$wgAntivirus] ) { + wfDebug( __METHOD__ . ": unknown virus scanner: $wgAntivirus\n" ); + $wgOut->wrapWikiMsg( "<div class=\"error\">\n$1</div>", array( 'virus-badscanner', $wgAntivirus ) ); + return wfMsg( 'virus-unknownscanner' ) . " $wgAntivirus"; + } + + # look up scanner configuration + $command = $wgAntivirusSetup[$wgAntivirus]['command']; + $exitCodeMap = $wgAntivirusSetup[$wgAntivirus]['codemap']; + $msgPattern = isset( $wgAntivirusSetup[$wgAntivirus]['messagepattern'] ) ? + $wgAntivirusSetup[$wgAntivirus]['messagepattern'] : null; + + if ( strpos( $command, "%f" ) === false ) { + # simple pattern: append file to scan + $command .= " " . wfEscapeShellArg( $file ); + } else { + # complex pattern: replace "%f" with file to scan + $command = str_replace( "%f", wfEscapeShellArg( $file ), $command ); + } + + wfDebug( __METHOD__ . ": running virus scan: $command \n" ); + + # execute virus scanner + $exitCode = false; + + # NOTE: there's a 50 line workaround to make stderr redirection work on windows, too. + # that does not seem to be worth the pain. + # Ask me (Duesentrieb) about it if it's ever needed. + $output = wfShellExec( "$command 2>&1", $exitCode ); + + # map exit code to AV_xxx constants. + $mappedCode = $exitCode; + if ( $exitCodeMap ) { + if ( isset( $exitCodeMap[$exitCode] ) ) { + $mappedCode = $exitCodeMap[$exitCode]; + } elseif ( isset( $exitCodeMap["*"] ) ) { + $mappedCode = $exitCodeMap["*"]; + } + } + + if ( $mappedCode === AV_SCAN_FAILED ) { + # scan failed (code was mapped to false by $exitCodeMap) + wfDebug( __METHOD__ . ": failed to scan $file (code $exitCode).\n" ); + + if ( $wgAntivirusRequired ) { + return wfMsg( 'virus-scanfailed', array( $exitCode ) ); + } else { + return null; + } + } elseif ( $mappedCode === AV_SCAN_ABORTED ) { + # scan failed because filetype is unknown (probably imune) + wfDebug( __METHOD__ . ": unsupported file type $file (code $exitCode).\n" ); + return null; + } elseif ( $mappedCode === AV_NO_VIRUS ) { + # no virus found + wfDebug( __METHOD__ . ": file passed virus scan.\n" ); + return false; + } else { + $output = trim( $output ); + + if ( !$output ) { + $output = true; #if there's no output, return true + } elseif ( $msgPattern ) { + $groups = array(); + if ( preg_match( $msgPattern, $output, $groups ) ) { + if ( $groups[1] ) { + $output = $groups[1]; + } + } + } + + wfDebug( __METHOD__ . ": FOUND VIRUS! scanner feedback: $output \n" ); + return $output; + } + } + + /** + * Check if the temporary file is MacBinary-encoded, as some uploads + * from Internet Explorer on Mac OS Classic and Mac OS X will be. + * If so, the data fork will be extracted to a second temporary file, + * which will then be checked for validity and either kept or discarded. + */ + private function checkMacBinary() { + $macbin = new MacBinary( $this->mTempPath ); + if( $macbin->isValid() ) { + $dataFile = tempnam( wfTempDir(), 'WikiMacBinary' ); + $dataHandle = fopen( $dataFile, 'wb' ); + + wfDebug( __METHOD__ . ": Extracting MacBinary data fork to $dataFile\n" ); + $macbin->extractData( $dataHandle ); + + $this->mTempPath = $dataFile; + $this->mFileSize = $macbin->dataForkLength(); + + // We'll have to manually remove the new file if it's not kept. + $this->mRemoveTempFile = true; + } + $macbin->close(); + } + + /** + * Check if there's an overwrite conflict and, if so, if restrictions + * forbid this user from performing the upload. + * + * @return mixed true on success, error string on failure + */ + private function checkOverwrite() { + global $wgUser; + // First check whether the local file can be overwritten + $file = $this->getLocalFile(); + if( $file->exists() ) { + if( !self::userCanReUpload( $wgUser, $file ) ) { + return 'fileexists-forbidden'; + } else { + return true; + } + } + + /* Check shared conflicts: if the local file does not exist, but + * wfFindFile finds a file, it exists in a shared repository. + */ + $file = wfFindFile( $this->getTitle() ); + if ( $file && !$wgUser->isAllowed( 'reupload-shared' ) ) { + return 'fileexists-shared-forbidden'; + } + + return true; + } + + /** + * Check if a user is the last uploader + * + * @param User $user + * @param string $img, image name + * @return bool + */ + public static function userCanReUpload( User $user, $img ) { + if( $user->isAllowed( 'reupload' ) ) { + return true; // non-conditional + } + if( !$user->isAllowed( 'reupload-own' ) ) { + return false; + } + if( is_string( $img ) ) { + $img = wfLocalFile( $img ); + } + if ( !( $img instanceof LocalFile ) ) { + return false; + } + + return $user->getId() == $img->getUser( 'id' ); + } + + /** + * Helper function that does various existence checks for a file. + * The following checks are performed: + * - The file exists + * - Article with the same name as the file exists + * - File exists with normalized extension + * - The file looks like a thumbnail and the original exists + * + * @param File $file The file to check + * @return mixed False if the file does not exists, else an array + */ + public static function getExistsWarning( $file ) { + if( $file->exists() ) { + return array( 'warning' => 'exists', 'file' => $file ); + } + + if( $file->getTitle()->getArticleID() ) { + return array( 'warning' => 'page-exists', 'file' => $file ); + } + + if ( $file->wasDeleted() && !$file->exists() ) { + return array( 'warning' => 'was-deleted', 'file' => $file ); + } + + if( strpos( $file->getName(), '.' ) == false ) { + $partname = $file->getName(); + $extension = ''; + } else { + $n = strrpos( $file->getName(), '.' ); + $extension = substr( $file->getName(), $n + 1 ); + $partname = substr( $file->getName(), 0, $n ); + } + $normalizedExtension = File::normalizeExtension( $extension ); + + if ( $normalizedExtension != $extension ) { + // We're not using the normalized form of the extension. + // Normal form is lowercase, using most common of alternate + // extensions (eg 'jpg' rather than 'JPEG'). + // + // Check for another file using the normalized form... + $nt_lc = Title::makeTitle( NS_FILE, "{$partname}.{$normalizedExtension}" ); + $file_lc = wfLocalFile( $nt_lc ); + + if( $file_lc->exists() ) { + return array( + 'warning' => 'exists-normalized', + 'file' => $file, + 'normalizedFile' => $file_lc + ); + } + } + + if ( self::isThumbName( $file->getName() ) ) { + # Check for filenames like 50px- or 180px-, these are mostly thumbnails + $nt_thb = Title::newFromText( substr( $partname , strpos( $partname , '-' ) +1 ) . '.' . $extension, NS_FILE ); + $file_thb = wfLocalFile( $nt_thb ); + if( $file_thb->exists() ) { + return array( + 'warning' => 'thumb', + 'file' => $file, + 'thumbFile' => $file_thb + ); + } else { + // File does not exist, but we just don't like the name + return array( + 'warning' => 'thumb-name', + 'file' => $file, + 'thumbFile' => $file_thb + ); + } + } + + + foreach( self::getFilenamePrefixBlacklist() as $prefix ) { + if ( substr( $partname, 0, strlen( $prefix ) ) == $prefix ) { + return array( + 'warning' => 'bad-prefix', + 'file' => $file, + 'prefix' => $prefix + ); + } + } + + return false; + } + + /** + * Helper function that checks whether the filename looks like a thumbnail + */ + public static function isThumbName( $filename ) { + $n = strrpos( $filename, '.' ); + $partname = $n ? substr( $filename, 0, $n ) : $filename; + return ( + substr( $partname , 3, 3 ) == 'px-' || + substr( $partname , 2, 3 ) == 'px-' + ) && + preg_match( "/[0-9]{2}/" , substr( $partname , 0, 2 ) ); + } + + /** + * Get a list of blacklisted filename prefixes from [[MediaWiki:Filename-prefix-blacklist]] + * + * @return array list of prefixes + */ + public static function getFilenamePrefixBlacklist() { + $blacklist = array(); + $message = wfMsgForContent( 'filename-prefix-blacklist' ); + if( $message && !( wfEmptyMsg( 'filename-prefix-blacklist', $message ) || $message == '-' ) ) { + $lines = explode( "\n", $message ); + foreach( $lines as $line ) { + // Remove comment lines + $comment = substr( trim( $line ), 0, 1 ); + if ( $comment == '#' || $comment == '' ) { + continue; + } + // Remove additional comments after a prefix + $comment = strpos( $line, '#' ); + if ( $comment > 0 ) { + $line = substr( $line, 0, $comment-1 ); + } + $blacklist[] = trim( $line ); + } + } + return $blacklist; + } + + public function getImageInfo( $result ) { + $file = $this->getLocalFile(); + $imParam = ApiQueryImageInfo::getPropertyNames(); + return ApiQueryImageInfo::getInfo( $file, array_flip( $imParam ), $result ); + } + +} diff --git a/includes/upload/UploadFromFile.php b/includes/upload/UploadFromFile.php new file mode 100644 index 00000000..73581a61 --- /dev/null +++ b/includes/upload/UploadFromFile.php @@ -0,0 +1,32 @@ +<?php +/** + * @file + * @ingroup upload + * + * @author Bryan Tong Minh + * + * Implements regular file uploads + */ +class UploadFromFile extends UploadBase { + + + function initializeFromRequest( &$request ) { + $desiredDestName = $request->getText( 'wpDestFile' ); + if( !$desiredDestName ) + $desiredDestName = $request->getFileName( 'wpUploadFile' ); + return $this->initializePathInfo( + $desiredDestName, + $request->getFileTempName( 'wpUploadFile' ), + $request->getFileSize( 'wpUploadFile' ) + ); + } + /** + * Entry point for upload from file. + */ + function initialize( $name, $tempPath, $fileSize ) { + return $this->initializePathInfo( $name, $tempPath, $fileSize ); + } + static function isValidRequest( $request ) { + return (bool)$request->getFileTempName( 'wpUploadFile' ); + } +} diff --git a/includes/upload/UploadFromStash.php b/includes/upload/UploadFromStash.php new file mode 100644 index 00000000..17e922b0 --- /dev/null +++ b/includes/upload/UploadFromStash.php @@ -0,0 +1,84 @@ +<?php +/** + * @file + * @ingroup upload + * + * Implements uploading from previously stored file. + * + * @author Bryan Tong Minh + */ + +class UploadFromStash extends UploadBase { + public static function isValidSessionKey( $key, $sessionData ) { + return !empty( $key ) && + is_array( $sessionData ) && + isset( $sessionData[$key] ) && + isset( $sessionData[$key]['version'] ) && + $sessionData[$key]['version'] == self::SESSION_VERSION; + } + + public static function isValidRequest( $request ) { + $sessionData = $request->getSessionData( 'wsUploadData' ); + return self::isValidSessionKey( + $request->getInt( 'wpSessionKey' ), + $sessionData + ); + } + + public function initialize( $name, $sessionKey, $sessionData ) { + /** + * Confirming a temporarily stashed upload. + * We don't want path names to be forged, so we keep + * them in the session on the server and just give + * an opaque key to the user agent. + */ + + $this->initializePathInfo( $name, + $this->getRealPath ( $sessionData['mTempPath'] ), + $sessionData['mFileSize'], + false + ); + + $this->mSessionKey = $sessionKey; + $this->mVirtualTempPath = $sessionData['mTempPath']; + $this->mFileProps = $sessionData['mFileProps']; + } + + public function initializeFromRequest( &$request ) { + $sessionKey = $request->getInt( 'wpSessionKey' ); + $sessionData = $request->getSessionData('wsUploadData'); + + $desiredDestName = $request->getText( 'wpDestFile' ); + if( !$desiredDestName ) + $desiredDestName = $request->getText( 'wpUploadFile' ); + return $this->initialize( $desiredDestName, $sessionKey, $sessionData[$sessionKey] ); + } + + /** + * File has been previously verified so no need to do so again. + */ + protected function verifyFile() { + return true; + } + + + /** + * There is no need to stash the image twice + */ + public function stashSession() { + if ( !empty( $this->mSessionKey ) ) + return $this->mSessionKey; + return parent::stashSession(); + } + + /** + * Remove a temporarily kept file stashed by saveTempUploadedFile(). + * @return success + */ + public function unsaveUploadedFile() { + $repo = RepoGroup::singleton()->getLocalRepo(); + $success = $repo->freeTemp( $this->mVirtualTempPath ); + return $success; + } + +}
\ No newline at end of file diff --git a/includes/upload/UploadFromUrl.php b/includes/upload/UploadFromUrl.php new file mode 100644 index 00000000..763dae38 --- /dev/null +++ b/includes/upload/UploadFromUrl.php @@ -0,0 +1,137 @@ +<?php +/** + * @file + * @ingroup upload + * + * Implements uploading from a HTTP resource. + * + * @author Bryan Tong Minh + * @author Michael Dale + */ +class UploadFromUrl extends UploadBase { + protected $mTempDownloadPath; + + /** + * Checks if the user is allowed to use the upload-by-URL feature. If the + * user is allowed, pass on permissions checking to the parent. + */ + public static function isAllowed( $user ) { + if( !$user->isAllowed( 'upload_by_url' ) ) + return 'upload_by_url'; + return parent::isAllowed( $user ); + } + + /** + * Checks if the upload from URL feature is enabled + */ + public static function isEnabled() { + global $wgAllowCopyUploads; + return $wgAllowCopyUploads && parent::isEnabled(); + } + + /** + * Entry point for API upload + */ + public function initialize( $name, $url, $na, $nb = false ) { + global $wgTmpDirectory; + + $localFile = tempnam( $wgTmpDirectory, 'WEBUPLOAD' ); + $this->initializePathInfo( $name, $localFile, 0, true ); + + $this->mUrl = trim( $url ); + } + + /** + * Entry point for SpecialUpload + * @param $request Object: WebRequest object + */ + public function initializeFromRequest( &$request ) { + $desiredDestName = $request->getText( 'wpDestFile' ); + if( !$desiredDestName ) + $desiredDestName = $request->getText( 'wpUploadFileURL' ); + return $this->initialize( + $desiredDestName, + $request->getVal( 'wpUploadFileURL' ), + false + ); + } + + /** + * @param $request Object: WebRequest object + */ + public static function isValidRequest( $request ){ + if( !$request->getVal( 'wpUploadFileURL' ) ) + return false; + // check that is a valid url: + return self::isValidUrl( $request->getVal( 'wpUploadFileURL' ) ); + } + + public static function isValidUrl( $url ) { + // Only allow HTTP or FTP for now + return (bool)preg_match( '!^(http://|ftp://)!', $url ); + } + + /** + * Do the real fetching stuff + */ + function fetchFile() { + if( !self::isValidUrl( $this->mUrl ) ) { + return Status::newFatal( 'upload-proto-error' ); + } + $res = $this->curlCopy(); + if( $res !== true ) { + return Status::newFatal( $res ); + } + return Status::newGood(); + } + + /** + * Safe copy from URL + * Returns true if there was an error, false otherwise + */ + private function curlCopy() { + global $wgOut; + + # Open temporary file + $this->mCurlDestHandle = @fopen( $this->mTempPath, "wb" ); + if( $this->mCurlDestHandle === false ) { + # Could not open temporary file to write in + return 'upload-file-error'; + } + + $ch = curl_init(); + curl_setopt( $ch, CURLOPT_HTTP_VERSION, 1.0); # Probably not needed, but apparently can work around some bug + curl_setopt( $ch, CURLOPT_TIMEOUT, 10); # 10 seconds timeout + curl_setopt( $ch, CURLOPT_LOW_SPEED_LIMIT, 512); # 0.5KB per second minimum transfer speed + curl_setopt( $ch, CURLOPT_URL, $this->mUrl); + curl_setopt( $ch, CURLOPT_WRITEFUNCTION, array( $this, 'uploadCurlCallback' ) ); + curl_exec( $ch ); + $error = curl_errno( $ch ); + curl_close( $ch ); + + fclose( $this->mCurlDestHandle ); + unset( $this->mCurlDestHandle ); + + if( $error ) + return "upload-curl-error$errornum"; + + return true; + } + + /** + * Callback function for CURL-based web transfer + * Write data to file unless we've passed the length limit; + * if so, abort immediately. + * @access private + */ + function uploadCurlCallback( $ch, $data ) { + global $wgMaxUploadSize; + $length = strlen( $data ); + $this->mFileSize += $length; + if( $this->mFileSize > $wgMaxUploadSize ) { + return 0; + } + fwrite( $this->mCurlDestHandle, $data ); + return $length; + } +} |