repo = $repo; // if a user was passed, use it. otherwise, attempt to use the global. // this keeps FileRepo from breaking when it creates an UploadStash object if ( $user ) { $this->user = $user; } else { global $wgUser; $this->user = $wgUser; } if ( is_object( $this->user ) ) { $this->userId = $this->user->getId(); $this->isLoggedIn = $this->user->isLoggedIn(); } } /** * Get a file and its metadata from the stash. * The noAuth param is a bit janky but is required for automated scripts which clean out the stash. * * @param string $key key under which file information is stored * @param $noAuth Boolean (optional) Don't check authentication. Used by maintenance scripts. * @throws UploadStashFileNotFoundException * @throws UploadStashNotLoggedInException * @throws UploadStashWrongOwnerException * @throws UploadStashBadPathException * @return UploadStashFile */ public function getFile( $key, $noAuth = false ) { if ( ! preg_match( self::KEY_FORMAT_REGEX, $key ) ) { throw new UploadStashBadPathException( "key '$key' is not in a proper format" ); } if ( !$noAuth && !$this->isLoggedIn ) { throw new UploadStashNotLoggedInException( __METHOD__ . ' No user is logged in, files must belong to users' ); } if ( !isset( $this->fileMetadata[$key] ) ) { if ( !$this->fetchFileMetadata( $key ) ) { // If nothing was received, it's likely due to replication lag. Check the master to see if the record is there. $this->fetchFileMetadata( $key, DB_MASTER ); } if ( !isset( $this->fileMetadata[$key] ) ) { throw new UploadStashFileNotFoundException( "key '$key' not found in stash" ); } // create $this->files[$key] $this->initFile( $key ); // fetch fileprops if ( strlen( $this->fileMetadata[$key]['us_props'] ) ) { $this->fileProps[$key] = unserialize( $this->fileMetadata[$key]['us_props'] ); } else { // b/c for rows with no us_props wfDebug( __METHOD__ . " fetched props for $key from file\n" ); $path = $this->fileMetadata[$key]['us_path']; $this->fileProps[$key] = $this->repo->getFileProps( $path ); } } if ( ! $this->files[$key]->exists() ) { wfDebug( __METHOD__ . " tried to get file at $key, but it doesn't exist\n" ); throw new UploadStashBadPathException( "path doesn't exist" ); } if ( !$noAuth ) { if ( $this->fileMetadata[$key]['us_user'] != $this->userId ) { throw new UploadStashWrongOwnerException( "This file ($key) doesn't belong to the current user." ); } } return $this->files[$key]; } /** * Getter for file metadata. * * @param string $key key under which file information is stored * @return Array */ public function getMetadata ( $key ) { $this->getFile( $key ); return $this->fileMetadata[$key]; } /** * Getter for fileProps * * @param string $key key under which file information is stored * @return Array */ public function getFileProps ( $key ) { $this->getFile( $key ); return $this->fileProps[$key]; } /** * Stash a file in a temp directory and record that we did this in the database, along with other metadata. * * @param string $path path to file you want stashed * @param string $sourceType the type of upload that generated this file (currently, I believe, 'file' or null) * @throws UploadStashBadPathException * @throws UploadStashFileException * @throws UploadStashNotLoggedInException * @return UploadStashFile: file, or null on failure */ public function stashFile( $path, $sourceType = null ) { if ( !is_file( $path ) ) { wfDebug( __METHOD__ . " tried to stash file at '$path', but it doesn't exist\n" ); throw new UploadStashBadPathException( "path doesn't exist" ); } $fileProps = FSFile::getPropsFromPath( $path ); wfDebug( __METHOD__ . " stashing file at '$path'\n" ); // we will be initializing from some tmpnam files that don't have extensions. // most of MediaWiki assumes all uploaded files have good extensions. So, we fix this. $extension = self::getExtensionForPath( $path ); if ( !preg_match( "/\\.\\Q$extension\\E$/", $path ) ) { $pathWithGoodExtension = "$path.$extension"; } else { $pathWithGoodExtension = $path; } // If no key was supplied, make one. a mysql insertid would be totally reasonable here, except // that for historical reasons, the key is this random thing instead. At least it's not guessable. // // some things that when combined will make a suitably unique key. // see: http://www.jwz.org/doc/mid.html list( $usec, $sec ) = explode( ' ', microtime() ); $usec = substr( $usec, 2 ); $key = wfBaseConvert( $sec . $usec, 10, 36 ) . '.' . wfBaseConvert( mt_rand(), 10, 36 ) . '.'. $this->userId . '.' . $extension; $this->fileProps[$key] = $fileProps; if ( ! preg_match( self::KEY_FORMAT_REGEX, $key ) ) { throw new UploadStashBadPathException( "key '$key' is not in a proper format" ); } wfDebug( __METHOD__ . " key for '$path': $key\n" ); // if not already in a temporary area, put it there $storeStatus = $this->repo->storeTemp( basename( $pathWithGoodExtension ), $path ); if ( ! $storeStatus->isOK() ) { // It is a convention in MediaWiki to only return one error per API exception, even if multiple errors // are available. We use reset() to pick the "first" thing that was wrong, preferring errors to warnings. // This is a bit lame, as we may have more info in the $storeStatus and we're throwing it away, but to fix it means // redesigning API errors significantly. // $storeStatus->value just contains the virtual URL (if anything) which is probably useless to the caller $error = $storeStatus->getErrorsArray(); $error = reset( $error ); if ( ! count( $error ) ) { $error = $storeStatus->getWarningsArray(); $error = reset( $error ); if ( ! count( $error ) ) { $error = array( 'unknown', 'no error recorded' ); } } // at this point, $error should contain the single "most important" error, plus any parameters. $errorMsg = array_shift( $error ); throw new UploadStashFileException( "Error storing file in '$path': " . wfMessage( $errorMsg, $error )->text() ); } $stashPath = $storeStatus->value; // fetch the current user ID if ( !$this->isLoggedIn ) { throw new UploadStashNotLoggedInException( __METHOD__ . ' No user is logged in, files must belong to users' ); } // insert the file metadata into the db. wfDebug( __METHOD__ . " inserting $stashPath under $key\n" ); $dbw = $this->repo->getMasterDb(); $this->fileMetadata[$key] = array( 'us_id' => $dbw->nextSequenceValue( 'uploadstash_us_id_seq' ), 'us_user' => $this->userId, 'us_key' => $key, 'us_orig_path' => $path, 'us_path' => $stashPath, // virtual URL 'us_props' => serialize( $fileProps ), 'us_size' => $fileProps['size'], 'us_sha1' => $fileProps['sha1'], 'us_mime' => $fileProps['mime'], 'us_media_type' => $fileProps['media_type'], 'us_image_width' => $fileProps['width'], 'us_image_height' => $fileProps['height'], 'us_image_bits' => $fileProps['bits'], 'us_source_type' => $sourceType, 'us_timestamp' => $dbw->timestamp(), 'us_status' => 'finished' ); $dbw->insert( 'uploadstash', $this->fileMetadata[$key], __METHOD__ ); // store the insertid in the class variable so immediate retrieval (possibly laggy) isn't necesary. $this->fileMetadata[$key]['us_id'] = $dbw->insertId(); # create the UploadStashFile object for this file. $this->initFile( $key ); return $this->getFile( $key ); } /** * Remove all files from the stash. * Does not clean up files in the repo, just the record of them. * * @throws UploadStashNotLoggedInException * @return boolean: success */ public function clear() { if ( !$this->isLoggedIn ) { throw new UploadStashNotLoggedInException( __METHOD__ . ' No user is logged in, files must belong to users' ); } wfDebug( __METHOD__ . ' clearing all rows for user ' . $this->userId . "\n" ); $dbw = $this->repo->getMasterDb(); $dbw->delete( 'uploadstash', array( 'us_user' => $this->userId ), __METHOD__ ); # destroy objects. $this->files = array(); $this->fileMetadata = array(); return true; } /** * Remove a particular file from the stash. Also removes it from the repo. * * @param $key * @throws UploadStashNoSuchKeyException|UploadStashNotLoggedInException|UploadStashWrongOwnerException * @return boolean: success */ public function removeFile( $key ) { if ( !$this->isLoggedIn ) { throw new UploadStashNotLoggedInException( __METHOD__ . ' No user is logged in, files must belong to users' ); } $dbw = $this->repo->getMasterDb(); // this is a cheap query. it runs on the master so that this function still works when there's lag. // it won't be called all that often. $row = $dbw->selectRow( 'uploadstash', 'us_user', array( 'us_key' => $key ), __METHOD__ ); if( !$row ) { throw new UploadStashNoSuchKeyException( "No such key ($key), cannot remove" ); } if ( $row->us_user != $this->userId ) { throw new UploadStashWrongOwnerException( "Can't delete: the file ($key) doesn't belong to this user." ); } return $this->removeFileNoAuth( $key ); } /** * Remove a file (see removeFile), but doesn't check ownership first. * * @return boolean: success */ public function removeFileNoAuth( $key ) { wfDebug( __METHOD__ . " clearing row $key\n" ); // Ensure we have the UploadStashFile loaded for this key $this->getFile( $key ); $dbw = $this->repo->getMasterDb(); $dbw->delete( 'uploadstash', array( 'us_key' => $key ), __METHOD__ ); // TODO: look into UnregisteredLocalFile and find out why the rv here is sometimes wrong (false when file was removed) // for now, ignore. $this->files[$key]->remove(); unset( $this->files[$key] ); unset( $this->fileMetadata[$key] ); return true; } /** * List all files in the stash. * * @throws UploadStashNotLoggedInException * @return Array */ public function listFiles() { if ( !$this->isLoggedIn ) { throw new UploadStashNotLoggedInException( __METHOD__ . ' No user is logged in, files must belong to users' ); } $dbr = $this->repo->getSlaveDb(); $res = $dbr->select( 'uploadstash', 'us_key', array( 'us_user' => $this->userId ), __METHOD__ ); if ( !is_object( $res ) || $res->numRows() == 0 ) { // nothing to do. return false; } // finish the read before starting writes. $keys = array(); foreach ( $res as $row ) { array_push( $keys, $row->us_key ); } return $keys; } /** * Find or guess extension -- ensuring that our extension matches our mime type. * Since these files are constructed from php tempnames they may not start off * with an extension. * XXX this is somewhat redundant with the checks that ApiUpload.php does with incoming * uploads versus the desired filename. Maybe we can get that passed to us... * @param $path * @throws UploadStashFileException * @return string */ public static function getExtensionForPath( $path ) { global $wgFileBlacklist; // Does this have an extension? $n = strrpos( $path, '.' ); $extension = null; if ( $n !== false ) { $extension = $n ? substr( $path, $n + 1 ) : ''; } else { // If not, assume that it should be related to the mime type of the original file. $magic = MimeMagic::singleton(); $mimeType = $magic->guessMimeType( $path ); $extensions = explode( ' ', MimeMagic::singleton()->getExtensionsForType( $mimeType ) ); if ( count( $extensions ) ) { $extension = $extensions[0]; } } if ( is_null( $extension ) ) { throw new UploadStashFileException( "extension is null" ); } $extension = File::normalizeExtension( $extension ); if ( in_array( $extension, $wgFileBlacklist ) ) { // The file should already be checked for being evil. // However, if somehow we got here, we definitely // don't want to give it an extension of .php and // put it in a web accesible directory. return ''; } return $extension; } /** * Helper function: do the actual database query to fetch file metadata. * * @param string $key key * @param $readFromDB: constant (default: DB_SLAVE) * @return boolean */ protected function fetchFileMetadata( $key, $readFromDB = DB_SLAVE ) { // populate $fileMetadata[$key] $dbr = null; if( $readFromDB === DB_MASTER ) { // sometimes reading from the master is necessary, if there's replication lag. $dbr = $this->repo->getMasterDb(); } else { $dbr = $this->repo->getSlaveDb(); } $row = $dbr->selectRow( 'uploadstash', '*', array( 'us_key' => $key ), __METHOD__ ); if ( !is_object( $row ) ) { // key wasn't present in the database. this will happen sometimes. return false; } $this->fileMetadata[$key] = (array)$row; return true; } /** * Helper function: Initialize the UploadStashFile for a given file. * * @param string $key key under which to store the object * @throws UploadStashZeroLengthFileException * @return bool */ protected function initFile( $key ) { $file = new UploadStashFile( $this->repo, $this->fileMetadata[$key]['us_path'], $key ); if ( $file->getSize() === 0 ) { throw new UploadStashZeroLengthFileException( "File is zero length" ); } $this->files[$key] = $file; return true; } } class UploadStashFile extends UnregisteredLocalFile { private $fileKey; private $urlName; protected $url; /** * A LocalFile wrapper around a file that has been temporarily stashed, so we can do things like create thumbnails for it * Arguably UnregisteredLocalFile should be handling its own file repo but that class is a bit retarded currently * * @param $repo FileRepo: repository where we should find the path * @param string $path path to file * @param string $key key to store the path and any stashed data under * @throws UploadStashBadPathException * @throws UploadStashFileNotFoundException */ public function __construct( $repo, $path, $key ) { $this->fileKey = $key; // resolve mwrepo:// urls if ( $repo->isVirtualUrl( $path ) ) { $path = $repo->resolveVirtualUrl( $path ); } else { // check if path appears to be sane, no parent traversals, and is in this repo's temp zone. $repoTempPath = $repo->getZonePath( 'temp' ); if ( ( ! $repo->validateFilename( $path ) ) || ( strpos( $path, $repoTempPath ) !== 0 ) ) { wfDebug( "UploadStash: tried to construct an UploadStashFile from a file that should already exist at '$path', but path is not valid\n" ); throw new UploadStashBadPathException( 'path is not valid' ); } // check if path exists! and is a plain file. if ( ! $repo->fileExists( $path ) ) { wfDebug( "UploadStash: tried to construct an UploadStashFile from a file that should already exist at '$path', but path is not found\n" ); throw new UploadStashFileNotFoundException( 'cannot find path, or not a plain file' ); } } parent::__construct( false, $repo, $path, false ); $this->name = basename( $this->path ); } /** * A method needed by the file transforming and scaling routines in File.php * We do not necessarily care about doing the description at this point * However, we also can't return the empty string, as the rest of MediaWiki demands this (and calls to imagemagick * convert require it to be there) * * @return String: dummy value */ public function getDescriptionUrl() { return $this->getUrl(); } /** * Get the path for the thumbnail (actually any transformation of this file) * The actual argument is the result of thumbName although we seem to have * buggy code elsewhere that expects a boolean 'suffix' * * @param string $thumbName name of thumbnail (e.g. "120px-123456.jpg" ), or false to just get the path * @return String: path thumbnail should take on filesystem, or containing directory if thumbname is false */ public function getThumbPath( $thumbName = false ) { $path = dirname( $this->path ); if ( $thumbName !== false ) { $path .= "/$thumbName"; } return $path; } /** * Return the file/url base name of a thumbnail with the specified parameters. * We override this because we want to use the pretty url name instead of the * ugly file name. * * @param array $params handler-specific parameters * @param $flags integer Bitfield that supports THUMB_* constants * @return String: base name for URL, like '120px-12345.jpg', or null if there is no handler */ function thumbName( $params, $flags = 0 ) { return $this->generateThumbName( $this->getUrlName(), $params ); } /** * Helper function -- given a 'subpage', return the local URL e.g. /wiki/Special:UploadStash/subpage * @param $subPage String * @return String: local URL for this subpage in the Special:UploadStash space. */ private function getSpecialUrl( $subPage ) { return SpecialPage::getTitleFor( 'UploadStash', $subPage )->getLocalURL(); } /** * Get a URL to access the thumbnail * This is required because the model of how files work requires that * the thumbnail urls be predictable. However, in our model the URL is not based on the filename * (that's hidden in the db) * * @param string $thumbName basename of thumbnail file -- however, we don't want to use the file exactly * @return String: URL to access thumbnail, or URL with partial path */ public function getThumbUrl( $thumbName = false ) { wfDebug( __METHOD__ . " getting for $thumbName \n" ); return $this->getSpecialUrl( 'thumb/' . $this->getUrlName() . '/' . $thumbName ); } /** * The basename for the URL, which we want to not be related to the filename. * Will also be used as the lookup key for a thumbnail file. * * @return String: base url name, like '120px-123456.jpg' */ public function getUrlName() { if ( ! $this->urlName ) { $this->urlName = $this->fileKey; } return $this->urlName; } /** * Return the URL of the file, if for some reason we wanted to download it * We tend not to do this for the original file, but we do want thumb icons * * @return String: url */ public function getUrl() { if ( !isset( $this->url ) ) { $this->url = $this->getSpecialUrl( 'file/' . $this->getUrlName() ); } return $this->url; } /** * Parent classes use this method, for no obvious reason, to return the path (relative to wiki root, I assume). * But with this class, the URL is unrelated to the path. * * @return String: url */ public function getFullUrl() { return $this->getUrl(); } /** * Getter for file key (the unique id by which this file's location & metadata is stored in the db) * * @return String: file key */ public function getFileKey() { return $this->fileKey; } /** * Remove the associated temporary file * @return Status: success */ public function remove() { if ( !$this->repo->fileExists( $this->path ) ) { // Maybe the file's already been removed? This could totally happen in UploadBase. return true; } return $this->repo->freeTemp( $this->path ); } public function exists() { return $this->repo->fileExists( $this->path ); } } class UploadStashNotAvailableException extends MWException {}; class UploadStashFileNotFoundException extends MWException {}; class UploadStashBadPathException extends MWException {}; class UploadStashFileException extends MWException {}; class UploadStashZeroLengthFileException extends MWException {}; class UploadStashNotLoggedInException extends MWException {}; class UploadStashWrongOwnerException extends MWException {}; class UploadStashNoSuchKeyException extends MWException {};