X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FSpecialUpload.php;h=a5b32f0971ff8ddc277de8e6a14a4351b1955742;hb=9ea27c314149f1686b40cd63c9d026068efcd8a4;hp=f9dfebd824c9c0b8851f3299527d8bbef5c8af01;hpb=65ec7dcab7be7994e5f592bb867b8fdda68154c6;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php index f9dfebd824..a5b32f0971 100644 --- a/includes/SpecialUpload.php +++ b/includes/SpecialUpload.php @@ -1,253 +1,456 @@ execute(); } +/** + * + * @package MediaWiki + * @subpackage SpecialPage + */ class UploadForm { + /**#@+ + * @access private + */ var $mUploadAffirm, $mUploadFile, $mUploadDescription, $mIgnoreWarning; var $mUploadSaveName, $mUploadTempName, $mUploadSize, $mUploadOldVersion; var $mUploadCopyStatus, $mUploadSource, $mReUpload, $mAction, $mUpload; - var $mOname, $mSessionKey; - + var $mOname, $mSessionKey, $mStashed; + /**#@-*/ + + /** + * Constructor : initialise object + * Get data POSTed through the form and assign them to the object + * @param $request Data posted. + */ function UploadForm( &$request ) { - $this->mUploadAffirm = $request->getVal( 'wpUploadAffirm' ); - $this->mUploadFile = $request->getVal( 'wpUploadFile' ); - $this->mUploadDescription = $request->getVal( 'wpUploadDescription'); - $this->mIgnoreWarning = $request->getVal( 'wpIgnoreWarning'); - $this->mUploadSaveName = $request->getVal( 'wpUploadSaveName'); - $this->mUploadTempName = $request->getVal( 'wpUploadTempName'); - $this->mUploadTempName = $request->getVal( 'wpUploadTempName'); - $this->mUploadSize = $request->getVal( 'wpUploadSize'); - $this->mUploadOldVersion = $request->getVal( 'wpUploadOldVersion'); - $this->mUploadCopyStatus = $request->getVal( 'wpUploadCopyStatus'); - $this->mUploadSource = $request->getVal( 'wpUploadSource'); - $this->mReUpload = $request->getCheck( 'wpReUpload' ); - $this->mAction = $request->getVal( 'action' ); - $this->mUpload = $request->getCheck( 'wpUpload' ); - $this->mSessionKey = $request->getVal( 'wpSessionKey' ); - - if ( ! $this->mUploadTempName ) { - $this->mUploadTempName = @$_FILES['wpUploadFile']['tmp_name']; - } - if ( ! $this->mUploadSize ) { - $this->mUploadSize = @$_FILES['wpUploadFile']['size']; - } - $this->mOname = $request->getGPCVal( $_FILES['wpUploadFile'], 'name', "" ); - + if( !$request->wasPosted() ) { + # GET requests just give the main form; no data. + return; + } + + $this->mUploadAffirm = $request->getCheck( 'wpUploadAffirm' ); + $this->mIgnoreWarning = $request->getCheck( 'wpIgnoreWarning'); + $this->mReUpload = $request->getCheck( 'wpReUpload' ); + $this->mUpload = $request->getCheck( 'wpUpload' ); + + $this->mUploadDescription = $request->getText( 'wpUploadDescription' ); + $this->mUploadCopyStatus = $request->getText( 'wpUploadCopyStatus' ); + $this->mUploadSource = $request->getText( 'wpUploadSource'); + + $this->mAction = $request->getVal( 'action' ); + + $this->mSessionKey = $request->getInt( 'wpSessionKey' ); + if( !empty( $this->mSessionKey ) && + isset( $_SESSION['wsUploadData'][$this->mSessionKey] ) ) { + /** + * Confirming a temporarily stashed upload. + * We don't want path names to be forged, so we keep + * them in the session on the server and just give + * an opaque key to the user agent. + */ + $data = $_SESSION['wsUploadData'][$this->mSessionKey]; + $this->mUploadTempName = $data['mUploadTempName']; + $this->mUploadSize = $data['mUploadSize']; + $this->mOname = $data['mOname']; + $this->mStashed = true; + } else { + /** + *Check for a newly uploaded file. + */ + $this->mUploadTempName = $request->getFileTempName( 'wpUploadFile' ); + $this->mUploadSize = $request->getFileSize( 'wpUploadFile' ); + $this->mOname = $request->getFileName( 'wpUploadFile' ); + $this->mSessionKey = false; + $this->mStashed = false; + } } + /** + * Start doing stuff + * @access public + */ function execute() { global $wgUser, $wgOut; global $wgDisableUploads; - if ( $wgDisableUploads ) { - $wgOut->addWikiText( wfMsg( "uploaddisabled" ) ); + /** Show an error message if file upload is disabled */ + if( $wgDisableUploads ) { + $wgOut->addWikiText( wfMsg( 'uploaddisabled' ) ); return; } - if ( ( 0 == $wgUser->getID() ) - or $wgUser->isBlocked() ) { - $wgOut->errorpage( "uploadnologin", "uploadnologintext" ); + + /** Various rights checks */ + if( ( $wgUser->isAnon() ) + OR $wgUser->isBlocked() ) { + $wgOut->errorpage( 'uploadnologin', 'uploadnologintext' ); return; } - if ( wfReadOnly() ) { + if( wfReadOnly() ) { $wgOut->readOnlyPage(); return; } - if ( $this->mReUpload ) { + + if( $this->mReUpload ) { $this->unsaveUploadedFile(); - $this->mainUploadForm( "" ); - } else if ( "submit" == $this->mAction || $this->mUpload ) { + $this->mainUploadForm(); + } else if ( 'submit' == $this->mAction || $this->mUpload ) { $this->processUpload(); } else { - $this->mainUploadForm( "" ); + $this->mainUploadForm(); } } + /* -------------------------------------------------------------- */ - function processUpload() - { - global $wgUser, $wgOut, $wgLang; + /** + * Really do the upload + * Checks are made in SpecialUpload::execute() + * @access private + */ + function processUpload() { + global $wgUser, $wgOut, $wgLang, $wgContLang; global $wgUploadDirectory; - global $wgSavedFile, $wgUploadOldVersion; global $wgUseCopyrightUpload, $wgCheckCopyrightUpload; - global $wgCheckFileExtensions, $wgStrictFileExtensions; - global $wgFileExtensions, $wgFileBlacklist, $wgUploadSizeWarning; + /** + * If there was no filename or a zero size given, give up quick. + */ + if( ( trim( $this->mOname ) == '' ) || empty( $this->mUploadSize ) ) { + return $this->mainUploadForm('
{$text}\n" ); - $wgOut->returnToMain( false ); } - function checkFileExtension( $ext, $list ) { - return in_array( strtolower( $ext ), $list ); - } - - function saveUploadedFile( $saveName, $tempName ) - { - global $wgSavedFile, $wgUploadOldVersion; + /** + * Move the uploaded file from its temporary location to the final + * destination. If a previous version of the file exists, move + * it into the archive subdirectory. + * + * @todo If the later save fails, we may have disappeared the original file. + * + * @param string $saveName + * @param string $tempName full path to the temporary file + * @param bool $useRename if true, doesn't check that the source file + * is a PHP-managed upload temporary + */ + function saveUploadedFile( $saveName, $tempName, $useRename = false ) { global $wgUploadDirectory, $wgOut; $dest = wfImageDir( $saveName ); $archive = wfImageArchiveDir( $saveName ); - $wgSavedFile = "{$dest}/{$saveName}"; + $this->mSavedFile = "{$dest}/{$saveName}"; - if ( is_file( $wgSavedFile ) ) { - $wgUploadOldVersion = gmdate( "YmdHis" ) . "!{$saveName}"; + if( is_file( $this->mSavedFile ) ) { + $this->mUploadOldVersion = gmdate( 'YmdHis' ) . "!{$saveName}"; - if ( ! rename( $wgSavedFile, "${archive}/{$wgUploadOldVersion}" ) ) { - $wgOut->fileRenameError( $wgSavedFile, - "${archive}/{$wgUploadOldVersion}" ); - return; + if( !rename( $this->mSavedFile, "${archive}/{$this->mUploadOldVersion}" ) ) { + $wgOut->fileRenameError( $this->mSavedFile, + "${archive}/{$this->mUploadOldVersion}" ); + return false; } } else { - $wgUploadOldVersion = ""; + $this->mUploadOldVersion = ''; } - if ( ! move_uploaded_file( $tempName, $wgSavedFile ) ) { - $wgOut->fileCopyError( $tempName, $wgSavedFile ); + + if( $useRename ) { + if( !rename( $tempName, $this->mSavedFile ) ) { + $wgOut->fileCopyError( $tempName, $this->mSavedFile ); + return false; + } + } else { + if( !move_uploaded_file( $tempName, $this->mSavedFile ) ) { + $wgOut->fileCopyError( $tempName, $this->mSavedFile ); + return false; + } } - chmod( $wgSavedFile, 0644 ); + chmod( $this->mSavedFile, 0644 ); + return true; } - function unsaveUploadedFile() - { - global $wgUploadDirectory, $wgOut, $wgRequest; - - $wgSavedFile = $_SESSION['wsUploadFiles'][$this->mSessionKey]; - $wgUploadOldVersion = $this->mUploadOldVersion; + /** + * Stash a file in a temporary directory for later processing + * after the user has confirmed it. + * + * If the user doesn't explicitly cancel or accept, these files + * can accumulate in the temp directory. + * + * @param string $saveName - the destination filename + * @param string $tempName - the source temporary file to save + * @return string - full path the stashed file, or false on failure + * @access private + */ + function saveTempUploadedFile( $saveName, $tempName ) { + global $wgOut; - if ( ! @unlink( $wgSavedFile ) ) { - $wgOut->fileDeleteError( $wgSavedFile ); - return; + $archive = wfImageArchiveDir( $saveName, 'temp' ); + $stash = $archive . '/' . gmdate( "YmdHis" ) . '!' . $saveName; + + if ( !move_uploaded_file( $tempName, $stash ) ) { + $wgOut->fileCopyError( $tempName, $stash ); + return false; + } + + return $stash; + } + + /** + * Stash a file in a temporary directory for later processing, + * and save the necessary descriptive info into the session. + * Returns a key value which will be passed through a form + * to pick up the path info on a later invocation. + * + * @return int + * @access private + */ + function stashSession() { + $stash = $this->saveTempUploadedFile( + $this->mUploadSaveName, $this->mUploadTempName ); + + if( !$stash ) { + # Couldn't save the file. + return false; } - if ( "" != $wgUploadOldVersion ) { - $hash = md5( substr( $wgUploadOldVersion, 15 ) ); - $archive = "{$wgUploadDirectory}/archive/" . $hash{0} . - "/" . substr( $hash, 0, 2 ); + + $key = mt_rand( 0, 0x7fffffff ); + $_SESSION['wsUploadData'][$key] = array( + 'mUploadTempName' => $stash, + 'mUploadSize' => $this->mUploadSize, + 'mOname' => $this->mOname ); + return $key; + } - if ( ! rename( "{$archive}/{$wgUploadOldVersion}", $wgSavedFile ) ) { - $wgOut->fileRenameError( "{$archive}/{$wgUploadOldVersion}", - $wgSavedFile ); - } + /** + * Remove a temporarily kept file stashed by saveTempUploadedFile(). + * @access private + */ + function unsaveUploadedFile() { + if ( ! @unlink( $this->mUploadTempName ) ) { + $wgOut->fileDeleteError( $this->mUploadTempName ); } } - function uploadError( $error ) - { + /* -------------------------------------------------------------- */ + + /** + * Show some text and linkage on successful upload. + * @access private + */ + function showSuccess() { + global $wgUser, $wgOut, $wgContLang; + + $sk = $wgUser->getSkin(); + $ilink = $sk->makeMediaLink( $this->mUploadSaveName, Image::wfImageUrl( $this->mUploadSaveName ) ); + $dname = $wgContLang->getNsText( NS_IMAGE ) . ':'.$this->mUploadSaveName; + $dlink = $sk->makeKnownLink( $dname, $dname ); + + $wgOut->addHTML( '
'.$text."\n" ); + $wgOut->returnToMain( false ); + } + + /** + * @param string $error as HTML + * @access private + */ + function uploadError( $error ) { global $wgOut; - $sub = wfMsg( "uploadwarning" ); + $sub = wfMsg( 'uploadwarning' ); $wgOut->addHTML( "
+ + | {$iw} |
+ + | {$reup} |
" . wfMsg( "uploadtext" ) ); + $wgOut->addWikiText( wfMsg( 'uploadtext' ) ); $sk = $wgUser->getSkin(); - $fn = wfMsg( "filename" ); - $fd = wfMsg( "filedesc" ); - $ulb = wfMsg( "uploadbtn" ); + $fn = wfMsg( 'filename' ); + $fd = wfMsg( 'filedesc' ); + $ulb = wfMsg( 'uploadbtn' ); - $clink = $sk->makeKnownLink( wfMsg( "copyrightpage" ), - wfMsg( "copyrightpagename" ) ); - $ca = wfMsg( "affirmation", $clink ); - $iw = wfMsg( "ignorewarning" ); + $clink = $sk->makeKnownLink( wfMsgForContent( 'copyrightpage' ), + wfMsg( 'copyrightpagename' ) ); + $ca = wfMsg( 'affirmation', $clink ); + $iw = wfMsg( 'ignorewarning' ); - $titleObj = Title::makeTitle( NS_SPECIAL, "Upload" ); + $titleObj = Title::makeTitle( NS_SPECIAL, 'Upload' ); $action = $titleObj->escapeLocalURL(); $source = " -