diff options
Diffstat (limited to 'thumb.php')
-rw-r--r-- | thumb.php | 357 |
1 files changed, 228 insertions, 129 deletions
@@ -22,11 +22,7 @@ */ define( 'MW_NO_OUTPUT_COMPRESSION', 1 ); -if ( isset( $_SERVER['MW_COMPILED'] ) ) { - require( 'core/includes/WebStart.php' ); -} else { - require( __DIR__ . '/includes/WebStart.php' ); -} +require __DIR__ . '/includes/WebStart.php'; // Don't use fancy mime detection, just check the file extension for jpg/gif/png $wgTrivialMimeDetection = true; @@ -35,9 +31,10 @@ if ( defined( 'THUMB_HANDLER' ) ) { // Called from thumb_handler.php via 404; extract params from the URI... wfThumbHandle404(); } else { - // Called directly, use $_REQUEST params + // Called directly, use $_GET params wfThumbHandleRequest(); } + wfLogProfilingData(); //-------------------------------------------------------------------------- @@ -49,8 +46,8 @@ wfLogProfilingData(); */ function wfThumbHandleRequest() { $params = get_magic_quotes_gpc() - ? array_map( 'stripslashes', $_REQUEST ) - : $_REQUEST; + ? array_map( 'stripslashes', $_GET ) + : $_GET; wfStreamThumb( $params ); // stream the thumbnail } @@ -61,28 +58,27 @@ function wfThumbHandleRequest() { * @return void */ function wfThumbHandle404() { - # lighttpd puts the original request in REQUEST_URI, while sjs sets - # that to the 404 handler, and puts the original request in REDIRECT_URL. - if ( isset( $_SERVER['REDIRECT_URL'] ) ) { - # The URL is un-encoded, so put it back how it was - $uriPath = str_replace( "%2F", "/", urlencode( $_SERVER['REDIRECT_URL'] ) ); - } else { - $uriPath = $_SERVER['REQUEST_URI']; - } - # Just get the URI path (REDIRECT_URL/REQUEST_URI is either a full URL or a path) - if ( substr( $uriPath, 0, 1 ) !== '/' ) { - $bits = wfParseUrl( $uriPath ); - if ( $bits && isset( $bits['path'] ) ) { - $uriPath = $bits['path']; - } else { - wfThumbError( 404, 'The source file for the specified thumbnail does not exist.' ); - return; - } + global $wgArticlePath; + + # Set action base paths so that WebRequest::getPathInfo() + # recognizes the "X" as the 'title' in ../thumb_handler.php/X urls. + # Note: If Custom per-extension repo paths are set, this may break. + $repo = RepoGroup::singleton()->getLocalRepo(); + $oldArticlePath = $wgArticlePath; + $wgArticlePath = $repo->getZoneUrl( 'thumb' ) . '/$1'; + + $matches = WebRequest::getPathInfo(); + + $wgArticlePath = $oldArticlePath; + + if ( !isset( $matches['title'] ) ) { + wfThumbError( 404, 'Could not determine the name of the requested thumbnail.' ); + return; } - $params = wfExtractThumbParams( $uriPath ); // basic wiki URL param extracting + $params = wfExtractThumbRequestInfo( $matches['title'] ); // basic wiki URL param extracting if ( $params == null ) { - wfThumbError( 404, 'The source file for the specified thumbnail does not exist.' ); + wfThumbError( 400, 'The specified thumbnail parameters are not recognized.' ); return; } @@ -92,27 +88,24 @@ function wfThumbHandle404() { /** * Stream a thumbnail specified by parameters * - * @param $params Array + * @param $params Array List of thumbnailing parameters. In addition to parameters + * passed to the MediaHandler, this may also includes the keys: + * f (for filename), archived (if archived file), temp (if temp file), + * w (alias for width), p (alias for page), r (ignored; historical), + * rel404 (path for render on 404 to verify hash path correct), + * thumbName (thumbnail name to potentially extract more parameters from + * e.g. 'lossy-page1-120px-Foo.tiff' would add page, lossy and width + * to the parameters) * @return void */ function wfStreamThumb( array $params ) { global $wgVaryOnXFP; - wfProfileIn( __METHOD__ ); + + $section = new ProfileSection( __METHOD__ ); $headers = array(); // HTTP headers to send $fileName = isset( $params['f'] ) ? $params['f'] : ''; - unset( $params['f'] ); - - // Backwards compatibility parameters - if ( isset( $params['w'] ) ) { - $params['width'] = $params['w']; - unset( $params['w'] ); - } - if ( isset( $params['p'] ) ) { - $params['page'] = $params['p']; - } - unset( $params['r'] ); // ignore 'r' because we unconditionally pass File::RENDER // Is this a thumb of an archived file? $isOld = ( isset( $params['archived'] ) && $params['archived'] ); @@ -131,7 +124,7 @@ function wfStreamThumb( array $params ) { $img = new UnregisteredLocalFile( null, $repo, # Temp files are hashed based on the name without the timestamp. # The thumbnails will be hashed based on the entire name however. - # @TODO: fix this convention to actually be reasonable. + # @todo fix this convention to actually be reasonable. $repo->getZonePath( 'public' ) . '/' . $repo->getTempHashPath( $fileName ) . $fileName ); } elseif ( $isOld ) { @@ -139,13 +132,11 @@ function wfStreamThumb( array $params ) { $bits = explode( '!', $fileName, 2 ); if ( count( $bits ) != 2 ) { wfThumbError( 404, wfMessage( 'badtitletext' )->text() ); - wfProfileOut( __METHOD__ ); return; } $title = Title::makeTitleSafe( NS_FILE, $bits[1] ); if ( !$title ) { wfThumbError( 404, wfMessage( 'badtitletext' )->text() ); - wfProfileOut( __METHOD__ ); return; } $img = RepoGroup::singleton()->getLocalRepo()->newFromArchiveName( $title, $fileName ); @@ -153,34 +144,79 @@ function wfStreamThumb( array $params ) { $img = wfLocalFile( $fileName ); } + // Check the source file title + if ( !$img ) { + wfThumbError( 404, wfMessage( 'badtitletext' )->text() ); + return; + } + // Check permissions if there are read restrictions $varyHeader = array(); if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) { if ( !$img->getTitle() || !$img->getTitle()->userCan( 'read' ) ) { wfThumbError( 403, 'Access denied. You do not have permission to access ' . 'the source file.' ); - wfProfileOut( __METHOD__ ); return; } $headers[] = 'Cache-Control: private'; $varyHeader[] = 'Cookie'; } - // Check the source file storage path - if ( !$img ) { - wfThumbError( 404, wfMessage( 'badtitletext' )->text() ); - wfProfileOut( __METHOD__ ); + // Do rendering parameters extraction from thumbnail name. + if ( isset( $params['thumbName'] ) ) { + $params = wfExtractThumbParams( $img, $params ); + } + if ( $params == null ) { + wfThumbError( 400, 'The specified thumbnail parameters are not recognized.' ); return; } + + + // Check the source file storage path if ( !$img->exists() ) { - wfThumbError( 404, 'The source file for the specified thumbnail does not exist.' ); - wfProfileOut( __METHOD__ ); + $redirectedLocation = false; + if ( !$isTemp ) { + // Check for file redirect + // Since redirects are associated with pages, not versions of files, + // we look for the most current version to see if its a redirect. + $possRedirFile = RepoGroup::singleton()->getLocalRepo()->findFile( $img->getName() ); + if ( $possRedirFile && !is_null( $possRedirFile->getRedirected() ) ) { + $redirTarget = $possRedirFile->getName(); + $targetFile = wfLocalFile( Title::makeTitleSafe( NS_FILE, $redirTarget ) ); + if ( $targetFile->exists() ) { + $newThumbName = $targetFile->thumbName( $params ); + if ( $isOld ) { + $newThumbUrl = $targetFile->getArchiveThumbUrl( + $bits[0] . '!' . $targetFile->getName(), $newThumbName ); + } else { + $newThumbUrl = $targetFile->getThumbUrl( $newThumbName ); + } + $redirectedLocation = wfExpandUrl( $newThumbUrl, PROTO_CURRENT ); + } + } + } + + if ( $redirectedLocation ) { + // File has been moved. Give redirect. + $response = RequestContext::getMain()->getRequest()->response(); + $response->header( "HTTP/1.1 302 " . HttpStatus::getMessage( 302 ) ); + $response->header( 'Location: ' . $redirectedLocation ); + $response->header( 'Expires: ' . + gmdate( 'D, d M Y H:i:s', time() + 12 * 3600 ) . ' GMT' ); + if ( $wgVaryOnXFP ) { + $varyHeader[] = 'X-Forwarded-Proto'; + } + if ( count( $varyHeader ) ) { + $response->header( 'Vary: ' . implode( ', ', $varyHeader ) ); + } + return; + } + + // If its not a redirect that has a target as a local file, give 404. + wfThumbError( 404, "The source file '$fileName' does not exist." ); return; - } - $sourcePath = $img->getPath(); - if ( $sourcePath === false ) { - wfThumbError( 500, 'The source file is not locally accessible.' ); - wfProfileOut( __METHOD__ ); + } elseif ( $img->getPath() === false ) { + wfThumbError( 500, "The source file '$fileName' is not locally accessible." ); return; } @@ -193,66 +229,86 @@ function wfStreamThumb( array $params ) { wfSuppressWarnings(); $imsUnix = strtotime( $imsString ); wfRestoreWarnings(); - $sourceTsUnix = wfTimestamp( TS_UNIX, $img->getTimestamp() ); - if ( $sourceTsUnix <= $imsUnix ) { + if ( wfTimestamp( TS_UNIX, $img->getTimestamp() ) <= $imsUnix ) { header( 'HTTP/1.1 304 Not Modified' ); - wfProfileOut( __METHOD__ ); return; } } - $thumbName = $img->thumbName( $params ); - if ( !strlen( $thumbName ) ) { // invalid params? - wfThumbError( 400, 'The specified thumbnail parameters are not valid.' ); - wfProfileOut( __METHOD__ ); - return; + // Backwards compatibility parameters + if ( isset( $params['w'] ) ) { + $params['width'] = $params['w']; + unset( $params['w'] ); } + if ( isset( $params['p'] ) ) { + $params['page'] = $params['p']; + } + unset( $params['r'] ); // ignore 'r' because we unconditionally pass File::RENDER + unset( $params['f'] ); // We're done with 'f' parameter. - $disposition = $img->getThumbDisposition( $thumbName ); - $headers[] = "Content-Disposition: $disposition"; - // Stream the file if it exists already... + // Get the normalized thumbnail name from the parameters... try { + $thumbName = $img->thumbName( $params ); + if ( !strlen( $thumbName ) ) { // invalid params? + wfThumbError( 400, 'The specified thumbnail parameters are not valid.' ); + return; + } $thumbName2 = $img->thumbName( $params, File::THUMB_FULL_NAME ); // b/c; "long" style - // For 404 handled thumbnails, we only use the the base name of the URI - // for the thumb params and the parent directory for the source file name. - // Check that the zone relative path matches up so squid caches won't pick - // up thumbs that would not be purged on source file deletion (bug 34231). - if ( isset( $params['rel404'] ) ) { // thumbnail was handled via 404 - if ( urldecode( $params['rel404'] ) === $img->getThumbRel( $thumbName ) ) { - // Request for the canonical thumbnail name - } elseif ( urldecode( $params['rel404'] ) === $img->getThumbRel( $thumbName2 ) ) { - // Request for the "long" thumbnail name; redirect to canonical name - $response = RequestContext::getMain()->getRequest()->response(); - $response->header( "HTTP/1.1 301 " . HttpStatus::getMessage( 301 ) ); - $response->header( 'Location: ' . wfExpandUrl( $img->getThumbUrl( $thumbName ), PROTO_CURRENT ) ); - $response->header( 'Expires: ' . - gmdate( 'D, d M Y H:i:s', time() + 7*86400 ) . ' GMT' ); - if ( $wgVaryOnXFP ) { - $varyHeader[] = 'X-Forwarded-Proto'; - } + } catch ( MWException $e ) { + wfThumbError( 500, $e->getHTML() ); + return; + } + + // For 404 handled thumbnails, we only use the the base name of the URI + // for the thumb params and the parent directory for the source file name. + // Check that the zone relative path matches up so squid caches won't pick + // up thumbs that would not be purged on source file deletion (bug 34231). + if ( isset( $params['rel404'] ) ) { // thumbnail was handled via 404 + if ( rawurldecode( $params['rel404'] ) === $img->getThumbRel( $thumbName ) ) { + // Request for the canonical thumbnail name + } elseif ( rawurldecode( $params['rel404'] ) === $img->getThumbRel( $thumbName2 ) ) { + // Request for the "long" thumbnail name; redirect to canonical name + $response = RequestContext::getMain()->getRequest()->response(); + $response->header( "HTTP/1.1 301 " . HttpStatus::getMessage( 301 ) ); + $response->header( 'Location: ' . + wfExpandUrl( $img->getThumbUrl( $thumbName ), PROTO_CURRENT ) ); + $response->header( 'Expires: ' . + gmdate( 'D, d M Y H:i:s', time() + 7 * 86400 ) . ' GMT' ); + if ( $wgVaryOnXFP ) { + $varyHeader[] = 'X-Forwarded-Proto'; + } + if ( count( $varyHeader ) ) { $response->header( 'Vary: ' . implode( ', ', $varyHeader ) ); - wfProfileOut( __METHOD__ ); - return; - } else { - wfThumbError( 404, 'The given path of the specified thumbnail is incorrect.' ); - wfProfileOut( __METHOD__ ); - return; } - } - $thumbPath = $img->getThumbPath( $thumbName ); - if ( $img->getRepo()->fileExists( $thumbPath ) ) { - $headers[] = 'Vary: ' . implode( ', ', $varyHeader ); - $img->getRepo()->streamFile( $thumbPath, $headers ); - wfProfileOut( __METHOD__ ); + return; + } else { + wfThumbError( 404, "The given path of the specified thumbnail is incorrect; + expected '" . $img->getThumbRel( $thumbName ) . "' but got '" . + rawurldecode( $params['rel404'] ) . "'." ); return; } - } catch ( MWException $e ) { - wfThumbError( 500, $e->getHTML() ); - wfProfileOut( __METHOD__ ); + } + + // Suggest a good name for users downloading this thumbnail + $headers[] = "Content-Disposition: {$img->getThumbDisposition( $thumbName )}"; + + if ( count( $varyHeader ) ) { + $headers[] = 'Vary: ' . implode( ', ', $varyHeader ); + } + + // Stream the file if it exists already... + $thumbPath = $img->getThumbPath( $thumbName ); + if ( $img->getRepo()->fileExists( $thumbPath ) ) { + $img->getRepo()->streamFile( $thumbPath, $headers ); + return; + } + + $user = RequestContext::getMain()->getUser(); + if ( $user->pingLimiter( 'renderfile' ) ) { + wfThumbError( 500, wfMessage( 'actionthrottledtext' ) ); return; } - $headers[] = 'Vary: ' . implode( ', ', $varyHeader ); // Thumbnail isn't already there, so create the new thumbnail... try { @@ -282,51 +338,46 @@ function wfStreamThumb( array $params ) { // Stream the file if there were no errors $thumb->streamFile( $headers ); } - - wfProfileOut( __METHOD__ ); } /** - * Extract the required params for thumb.php from the thumbnail request URI. - * At least 'width' and 'f' should be set if the result is an array. + * Convert pathinfo type parameter, into normal request parameters + * + * So for example, if the request was redirected from + * /w/images/thumb/a/ab/Foo.png/120px-Foo.png. The $thumbRel parameter + * of this function would be set to "a/ab/Foo.png/120px-Foo.png". + * This method is responsible for turning that into an array + * with the folowing keys: + * * f => the filename (Foo.png) + * * rel404 => the whole thing (a/ab/Foo.png/120px-Foo.png) + * * archived => 1 (If the request is for an archived thumb) + * * temp => 1 (If the file is in the "temporary" zone) + * * thumbName => the thumbnail name, including parameters (120px-Foo.png) + * + * Transform specific parameters are set later via wfExtractThumbParams(). * - * @param $uriPath String Thumbnail request URI path + * @param $thumbRel String Thumbnail path relative to the thumb zone * @return Array|null associative params array or null */ -function wfExtractThumbParams( $uriPath ) { +function wfExtractThumbRequestInfo( $thumbRel ) { $repo = RepoGroup::singleton()->getLocalRepo(); - // Zone URL might be relative ("/images") or protocol-relative ("//lang.site/image") - $zoneUriPath = $repo->getZoneHandlerUrl( 'thumb' ) - ? $repo->getZoneHandlerUrl( 'thumb' ) // custom URL - : $repo->getZoneUrl( 'thumb' ); // default to main URL - $bits = wfParseUrl( wfExpandUrl( $zoneUriPath, PROTO_INTERNAL ) ); - if ( $bits && isset( $bits['path'] ) ) { - $zoneUriPath = $bits['path']; - } else { - return null; // not a valid thumbnail URL - } - $hashDirReg = $subdirReg = ''; for ( $i = 0; $i < $repo->getHashLevels(); $i++ ) { $subdirReg .= '[0-9a-f]'; $hashDirReg .= "$subdirReg/"; } - $zoneReg = preg_quote( $zoneUriPath ); // regex for thumb zone URI // Check if this is a thumbnail of an original in the local file repo - if ( preg_match( "!^$zoneReg/((archive/)?$hashDirReg([^/]*)/([^/]*))$!", $uriPath, $m ) ) { + if ( preg_match( "!^((archive/)?$hashDirReg([^/]*)/([^/]*))$!", $thumbRel, $m ) ) { list( /*all*/, $rel, $archOrTemp, $filename, $thumbname ) = $m; // Check if this is a thumbnail of an temp file in the local file repo - } elseif ( preg_match( "!^$zoneReg/(temp/)($hashDirReg([^/]*)/([^/]*))$!", $uriPath, $m ) ) { + } elseif ( preg_match( "!^(temp/)($hashDirReg([^/]*)/([^/]*))$!", $thumbRel, $m ) ) { list( /*all*/, $archOrTemp, $rel, $filename, $thumbname ) = $m; } else { return null; // not a valid looking thumbnail request } - $filename = urldecode( $filename ); - $thumbname = urldecode( $thumbname ); - $params = array( 'f' => $filename, 'rel404' => $rel ); if ( $archOrTemp === 'archive/' ) { $params['archived'] = 1; @@ -334,7 +385,58 @@ function wfExtractThumbParams( $uriPath ) { $params['temp'] = 1; } - // Check if the parameters can be extracted from the thumbnail name... + $params['thumbName'] = $thumbname; + return $params; +} + +/** + * Convert a thumbnail name (122px-foo.png) to parameters, using + * file handler. + * + * @param File $file File object for file in question. + * @param $param Array Array of parameters so far. + * @return Array parameters array with more parameters. + */ +function wfExtractThumbParams( $file, $params ) { + if ( !isset( $params['thumbName'] ) ) { + throw new MWException( "No thumbnail name passed to wfExtractThumbParams" ); + } + + $thumbname = $params['thumbName']; + unset( $params['thumbName'] ); + + // Do the hook first for older extensions that rely on it. + if ( !wfRunHooks( 'ExtractThumbParameters', array( $thumbname, &$params ) ) ) { + // Check hooks if parameters can be extracted + // Hooks return false if they manage to *resolve* the parameters + // This hook should be considered deprecated + wfDeprecated( 'ExtractThumbParameters', '1.22' ); + return $params; // valid thumbnail URL (via extension or config) + } + + // FIXME: Files in the temp zone don't set a mime type, which means + // they don't have a handler. Which means we can't parse the param + // string. However, not a big issue as what good is a param string + // if you have no handler to make use of the param string and + // actually generate the thumbnail. + $handler = $file->getHandler(); + + // Based on UploadStash::parseKey + $fileNamePos = strrpos( $thumbname, $params['f'] ); + if ( $fileNamePos === false ) { + // Maybe using a short filename? (see FileRepo::nameForThumb) + $fileNamePos = strrpos( $thumbname, 'thumbnail' ); + } + + if ( $handler && $fileNamePos !== false ) { + $paramString = substr( $thumbname, 0, $fileNamePos - 1 ); + $extraParams = $handler->parseParamString( $paramString ); + if ( $extraParams !== false ) { + return $params + $extraParams; + } + } + + // As a last ditch fallback, use the traditional common parameters if ( preg_match( '!^(page(\d*)-)*(\d*)px-[^/]*$!', $thumbname, $matches ) ) { list( /* all */, $pagefull, $pagenum, $size ) = $matches; $params['width'] = $size; @@ -342,12 +444,8 @@ function wfExtractThumbParams( $uriPath ) { $params['page'] = $pagenum; } return $params; // valid thumbnail URL - // Hooks return false if they manage to *resolve* the parameters - } elseif ( !wfRunHooks( 'ExtractThumbParameters', array( $thumbname, &$params ) ) ) { - return $params; // valid thumbnail URL (via extension or config) } - - return null; // not a valid thumbnail URL + return null; } /** @@ -371,11 +469,12 @@ function wfThumbError( $status, $msg ) { header( 'HTTP/1.1 500 Internal server error' ); } if ( $wgShowHostnames ) { + header( 'X-MW-Thumbnail-Renderer: ' . wfHostname() ); $url = htmlspecialchars( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' ); $hostname = htmlspecialchars( wfHostname() ); $debug = "<!-- $url -->\n<!-- $hostname -->\n"; } else { - $debug = ""; + $debug = ''; } echo <<<EOT <html><head><title>Error generating thumbnail</title></head> |