diff options
Diffstat (limited to 'includes/upload/UploadFromUrl.php')
-rw-r--r-- | includes/upload/UploadFromUrl.php | 49 |
1 files changed, 40 insertions, 9 deletions
diff --git a/includes/upload/UploadFromUrl.php b/includes/upload/UploadFromUrl.php index 70b69034..0201d5f4 100644 --- a/includes/upload/UploadFromUrl.php +++ b/includes/upload/UploadFromUrl.php @@ -34,6 +34,8 @@ class UploadFromUrl extends UploadBase { protected $mTempPath, $mTmpHandle; + protected static $allowedUrls = array(); + /** * Checks if the user is allowed to use the upload-by-URL feature. If the * user is not allowed, return the name of the user right as a string. If @@ -77,7 +79,7 @@ class UploadFromUrl extends UploadBase { return false; } $valid = false; - foreach( $wgCopyUploadsDomains as $domain ) { + foreach ( $wgCopyUploadsDomains as $domain ) { // See if the domain for the upload matches this whitelisted domain $whitelistedDomainPieces = explode( '.', $domain ); $uploadDomainPieces = explode( '.', $parsedUrl['host'] ); @@ -105,6 +107,21 @@ class UploadFromUrl extends UploadBase { } /** + * Checks whether the URL is not allowed. + * + * @param $url string + * @return bool + */ + public static function isAllowedUrl( $url ) { + if ( !isset( self::$allowedUrls[$url] ) ) { + $allowed = true; + wfRunHooks( 'IsUploadAllowedFromUrl', array( $url, &$allowed ) ); + self::$allowedUrls[$url] = $allowed; + } + return self::$allowedUrls[$url]; + } + + /** * Entry point for API upload * * @param $name string @@ -160,21 +177,30 @@ class UploadFromUrl extends UploadBase { /** * @return string */ - public function getSourceType() { return 'url'; } + public function getSourceType() { + return 'url'; + } /** + * Download the file (if not async) + * + * @param Array $httpOptions Array of options for MWHttpRequest. Ignored if async. + * This could be used to override the timeout on the http request. * @return Status */ - public function fetchFile() { + public function fetchFile( $httpOptions = array() ) { if ( !Http::isValidURI( $this->mUrl ) ) { return Status::newFatal( 'http-invalid-url' ); } - if( !self::isAllowedHost( $this->mUrl ) ) { + if ( !self::isAllowedHost( $this->mUrl ) ) { return Status::newFatal( 'upload-copy-upload-invalid-domain' ); } + if ( !self::isAllowedUrl( $this->mUrl ) ) { + return Status::newFatal( 'upload-copy-upload-invalid-url' ); + } if ( !$this->mAsync ) { - return $this->reallyFetchFile(); + return $this->reallyFetchFile( $httpOptions ); } return Status::newGood(); } @@ -211,9 +237,12 @@ class UploadFromUrl extends UploadBase { /** * Download the file, save it to the temporary file and update the file * size and set $mRemoveTempFile to true. + * + * @param Array $httpOptions Array of options for MWHttpRequest * @return Status */ - protected function reallyFetchFile() { + protected function reallyFetchFile( $httpOptions = array() ) { + global $wgCopyUploadProxy, $wgCopyUploadTimeout; if ( $this->mTempPath === false ) { return Status::newFatal( 'tmp-create-error' ); } @@ -227,13 +256,15 @@ class UploadFromUrl extends UploadBase { $this->mRemoveTempFile = true; $this->mFileSize = 0; - $options = array( - 'followRedirects' => true + $options = $httpOptions + array( + 'followRedirects' => true, ); - global $wgCopyUploadProxy; if ( $wgCopyUploadProxy !== false ) { $options['proxy'] = $wgCopyUploadProxy; } + if ( $wgCopyUploadTimeout && !isset( $options['timeout'] ) ) { + $options['timeout'] = $wgCopyUploadTimeout; + } $req = MWHttpRequest::factory( $this->mUrl, $options ); $req->setCallback( array( $this, 'saveTempFileChunk' ) ); $status = $req->execute(); |