<?php
/**
*
- * @package MediaWiki
- * @subpackage SpecialPage
+ * @addtogroup SpecialPage
*/
}
/**
- *
- * @package MediaWiki
- * @subpackage SpecialPage
+ * implements Special:Upload
+ * @addtogroup SpecialPage
*/
class UploadForm {
/**#@+
var $mUploadCopyStatus, $mUploadSource, $mReUpload, $mAction, $mUpload;
var $mOname, $mSessionKey, $mStashed, $mDestFile, $mRemoveTempFile, $mSourceType;
var $mUploadTempFileSize = 0;
+ var $mImage;
# Placeholders for text injection by hooks (must be HTML)
# extensions should take care to _append_ to the present value
$this->mOname = array_pop( explode( '/', $url ) );
$this->mSessionKey = false;
$this->mStashed = false;
-
+
// PHP won't auto-cleanup the file
$this->mRemoveTempFile = file_exists( $local_file );
}
-
+
/**
* Safe copy from URL
* Returns true if there was an error, false otherwise
$wgOut->errorPage( 'upload-file-error', 'upload-file-error-text');
return true;
}
-
+
$ch = curl_init();
curl_setopt( $ch, CURLOPT_HTTP_VERSION, 1.0); # Probably not needed, but apparently can work around some bug
curl_setopt( $ch, CURLOPT_TIMEOUT, 10); # 10 seconds timeout
curl_setopt( $ch, CURLOPT_LOW_SPEED_LIMIT, 512); # 0.5KB per second minimum transfer speed
- curl_setopt( $ch, CURLOPT_URL, $url);
+ curl_setopt( $ch, CURLOPT_URL, $url);
curl_setopt( $ch, CURLOPT_WRITEFUNCTION, array( $this, 'uploadCurlCallback' ) );
curl_exec( $ch );
$error = curl_errno( $ch ) ? true : false;
$errornum = curl_errno( $ch );
// if ( $error ) print curl_error ( $ch ) ; # Debugging output
curl_close( $ch );
-
+
fclose( $this->mUploadTempFile );
unset( $this->mUploadTempFile );
if( $error ) {
else
$wgOut->errorPage( "upload-curl-error$errornum", "upload-curl-error$errornum-text" );
}
-
+
return $error;
}
-
+
/**
* Callback function for CURL-based web transfer
* Write data to file unless we've passed the length limit;
fwrite( $this->mUploadTempFile, $data );
return $length;
}
-
+
/**
* Start doing stuff
* @access public
# Check uploading enabled
if( !$wgEnableUploads ) {
- $wgOut->showErrorPage( 'uploaddisabled', 'uploaddisabledtext' );
+ $wgOut->showErrorPage( 'uploaddisabled', 'uploaddisabledtext', array( $this->mDestFile ) );
return;
}
* only the final one for the whitelist.
*/
list( $partname, $ext ) = $this->splitExtensions( $basename );
-
+
if( count( $ext ) ) {
$finalExt = $ext[count( $ext ) - 1];
} else {
$finalExt = '';
}
- $fullExt = implode( '.', $ext );
# If there was more than one "extension", reassemble the base
# filename to prevent bogus complaints about length
* If the image is protected, non-sysop users won't be able
* to modify it by uploading a new revision.
*/
- if( !$nt->userCanEdit() ) {
+ if( !$nt->userCan( 'edit' ) ) {
return $this->uploadError( wfMsgWikiHtml( 'protectedpage' ) );
}
/* Don't allow users to override the blacklist (check file extension) */
global $wgStrictFileExtensions;
global $wgFileExtensions, $wgFileBlacklist;
- if( $this->checkFileExtensionList( $ext, $wgFileBlacklist ) ||
- ($wgStrictFileExtensions &&
- !$this->checkFileExtension( $finalExt, $wgFileExtensions ) ) ) {
- return $this->uploadError( wfMsgHtml( 'badfiletype', htmlspecialchars( $fullExt ) ) );
+ if ($finalExt == '') {
+ return $this->uploadError( wfMsgExt( 'filetype-missing', array ( 'parseinline' ) ) );
+ } elseif ( $this->checkFileExtensionList( $ext, $wgFileBlacklist ) ||
+ ($wgStrictFileExtensions &&
+ !$this->checkFileExtension( $finalExt, $wgFileExtensions ) ) ) {
+ return $this->uploadError( wfMsgExt( 'filetype-badtype', array ( 'parseinline' ), htmlspecialchars( $finalExt ), implode ( ', ', $wgFileExtensions ) ) );
}
/**
if( $veri !== true ) { //it's a wiki error...
return $this->uploadError( $veri->toString() );
}
- }
- /**
- * Provide an opportunity for extensions to add futher checks
- */
- $error = '';
- if( !wfRunHooks( 'UploadVerification',
- array( $this->mUploadSaveName, $this->mUploadTempName, &$error ) ) ) {
- return $this->uploadError( $error );
+ /**
+ * Provide an opportunity for extensions to add futher checks
+ */
+ $error = '';
+ if( !wfRunHooks( 'UploadVerification',
+ array( $this->mUploadSaveName, $this->mUploadTempName, &$error ) ) ) {
+ return $this->uploadError( $error );
+ }
}
+
/**
* Check for non-fatal conditions
*/
global $wgCheckFileExtensions;
if ( $wgCheckFileExtensions ) {
if ( ! $this->checkFileExtension( $finalExt, $wgFileExtensions ) ) {
- $warning .= '<li>'.wfMsgHtml( 'badfiletype', htmlspecialchars( $fullExt ) ).'</li>';
+ $warning .= '<li>'.wfMsgExt( 'filetype-badtype', array ( 'parseinline' ), htmlspecialchars( $finalExt ), implode ( ', ', $wgFileExtensions ) ).'</li>';
}
}
global $wgUploadSizeWarning;
if ( $wgUploadSizeWarning && ( $this->mUploadSize > $wgUploadSizeWarning ) ) {
- # TODO: Format $wgUploadSizeWarning to something that looks better than the raw byte
- # value, perhaps add GB,MB and KB suffixes?
- $warning .= '<li>'.wfMsgHtml( 'largefile', $wgUploadSizeWarning, $this->mUploadSize ).'</li>';
+ $skin = $wgUser->getSkin();
+ $wsize = $skin->formatSize( $wgUploadSizeWarning );
+ $asize = $skin->formatSize( $this->mUploadSize );
+ $warning .= '<li>' . wfMsgHtml( 'large-file', $wsize, $asize ) . '</li>';
}
if ( $this->mUploadSize == 0 ) {
$warning .= '<li>'.wfMsgHtml( 'emptyfile' ).'</li>';
}
- if( $nt->getArticleID() ) {
- global $wgUser;
- $sk = $wgUser->getSkin();
+ global $wgUser;
+ $sk = $wgUser->getSkin();
+ $image = wfLocalFile( $nt );
+
+ // Check for uppercase extension. We allow these filenames but check if an image
+ // with lowercase extension exists already
+ if ( $finalExt != strtolower( $finalExt ) ) {
+ $nt_lc = Title::newFromText( $partname . '.' . strtolower( $finalExt ) );
+ $image_lc = wfLocalFile( $nt_lc );
+ }
+
+ if( $image->exists() ) {
$dlink = $sk->makeKnownLinkObj( $nt );
- $warning .= '<li>'.wfMsgHtml( 'fileexists', $dlink ).'</li>';
- } else {
+ if ( $image->allowInlineDisplay() ) {
+ $dlink2 = $sk->makeImageLinkObj( $nt, wfMsgExt( 'fileexists-thumb', 'parseinline', $dlink ), $nt->getText(), 'right', array(), false, true );
+ } elseif ( !$image->allowInlineDisplay() && $image->isSafeFile() ) {
+ $icon = $image->iconThumb();
+ $dlink2 = '<div style="float:right" id="mw-media-icon"><a href="' . $image->getURL() . '">' . $icon->toHtml() . '</a><br />' . $dlink . '</div>';
+ } else {
+ $dlink2 = '';
+ }
+
+ $warning .= '<li>' . wfMsgExt( 'fileexists', 'parseline', $dlink ) . '</li>' . $dlink2;
+
+ } elseif ( isset( $image_lc) && $image_lc->exists() ) {
+ # Check if image with lowercase extension exists.
+ # It's not forbidden but in 99% it makes no sense to upload the same filename with uppercase extension
+ $dlink = $sk->makeKnownLinkObj( $nt_lc );
+ if ( $image_lc->allowInlineDisplay() ) {
+ $dlink2 = $sk->makeImageLinkObj( $nt_lc, wfMsgExt( 'fileexists-thumb', 'parseinline', $dlink ), $nt_lc->getText(), 'right', array(), false, true );
+ } elseif ( !$image_lc->allowInlineDisplay() && $image_lc->isSafeFile() ) {
+ $icon = $image_lc->iconThumb();
+ $dlink2 = '<div style="float:right" id="mw-media-icon"><a href="' . $image_lc->getURL() . '">' . $icon->toHtml() . '</a><br />' . $dlink . '</div>';
+ } else {
+ $dlink2 = '';
+ }
+
+ $warning .= '<li>' . wfMsgExt( 'fileexists-extension', 'parsemag' , $partname . '.' . $finalExt , $dlink ) . '</li>' . $dlink2;
+
+ } elseif ( ( substr( $partname , 3, 3 ) == 'px-' || substr( $partname , 2, 3 ) == 'px-' ) && ereg( "[0-9]{2}" , substr( $partname , 0, 2) ) ) {
+ # Check for filenames like 50px- or 180px-, these are mostly thumbnails
+ $nt_thb = Title::newFromText( substr( $partname , strpos( $partname , '-' ) +1 ) . '.' . $finalExt );
+ $image_thb = wfLocalFile( $nt_thb );
+ if ($image_thb->exists() ) {
+ # Check if an image without leading '180px-' (or similiar) exists
+ $dlink = $sk->makeKnownLinkObj( $nt_thb);
+ if ( $image_thb->allowInlineDisplay() ) {
+ $dlink2 = $sk->makeImageLinkObj( $nt_thb, wfMsgExt( 'fileexists-thumb', 'parseinline', $dlink ), $nt_thb->getText(), 'right', array(), false, true );
+ } elseif ( !$image_thb->allowInlineDisplay() && $image_thb->isSafeFile() ) {
+ $icon = $image_thb->iconThumb();
+ $dlink2 = '<div style="float:right" id="mw-media-icon"><a href="' . $image_thb->getURL() . '">' . $icon->toHtml() . '</a><br />' . $dlink . '</div>';
+ } else {
+ $dlink2 = '';
+ }
+
+ $warning .= '<li>' . wfMsgExt( 'fileexists-thumbnail-yes', 'parsemag', $dlink ) . '</li>' . $dlink2;
+ } else {
+ # Image w/o '180px-' does not exists, but we do not like these filenames
+ $warning .= '<li>' . wfMsgExt( 'file-thumbnail-no', 'parseinline' , substr( $partname , 0, strpos( $partname , '-' ) +1 ) ) . '</li>';
+ }
+ }
+ if ( $image->wasDeleted() ) {
# If the file existed before and was deleted, warn the user of this
# Don't bother doing so if the image exists now, however
- $image = new Image( $nt );
- if( $image->wasDeleted() ) {
- $skin = $wgUser->getSkin();
- $ltitle = SpecialPage::getTitleFor( 'Log' );
- $llink = $skin->makeKnownLinkObj( $ltitle, wfMsgHtml( 'deletionlog' ), 'type=delete&page=' . $nt->getPrefixedUrl() );
- $warning .= wfOpenElement( 'li' ) . wfMsgWikiHtml( 'filewasdeleted', $llink ) . wfCloseElement( 'li' );
- }
+ $ltitle = SpecialPage::getTitleFor( 'Log' );
+ $llink = $sk->makeKnownLinkObj( $ltitle, wfMsgHtml( 'deletionlog' ), 'type=delete&page=' . $nt->getPrefixedUrl() );
+ $warning .= wfOpenElement( 'li' ) . wfMsgWikiHtml( 'filewasdeleted', $llink ) . wfCloseElement( 'li' );
}
if( $warning != '' ) {
* Update the upload log and create the description page
* if it's a new file.
*/
- $img = Image::newFromName( $this->mUploadSaveName );
- $success = $img->recordUpload( $this->mUploadOldVersion,
+ $this->mImage = wfLocalFile( $this->mUploadSaveName );
+ $success = $this->mImage->recordUpload( $this->mUploadOldVersion,
$this->mUploadDescription,
$this->mLicense,
$this->mUploadCopyStatus,
$this->showSuccess();
wfRunHooks( 'UploadComplete', array( &$img ) );
} else {
- // Image::recordUpload() fails if the image went missing, which is
+ // File::recordUpload() fails if the image went missing, which is
// unlikely, hence the lack of a specialised message
$wgOut->showFileNotFoundError( $this->mUploadSaveName );
}
*/
function saveUploadedFile( $saveName, $tempName, $useRename = false ) {
global $wgOut, $wgAllowCopyUploads;
-
- if ( !$useRename AND $wgAllowCopyUploads AND $this->mSourceType == 'web' ) $useRename = true;
-
- $fname= "SpecialUpload::saveUploadedFile";
- $dest = wfImageDir( $saveName );
- $archive = wfImageArchiveDir( $saveName );
- if ( !is_dir( $dest ) ) wfMkdirParents( $dest );
- if ( !is_dir( $archive ) ) wfMkdirParents( $archive );
-
- $this->mSavedFile = "{$dest}/{$saveName}";
-
- if( is_file( $this->mSavedFile ) ) {
- $this->mUploadOldVersion = gmdate( 'YmdHis' ) . "!{$saveName}";
- wfSuppressWarnings();
- $success = rename( $this->mSavedFile, "${archive}/{$this->mUploadOldVersion}" );
- wfRestoreWarnings();
-
- if( ! $success ) {
- $wgOut->showFileRenameError( $this->mSavedFile,
- "${archive}/{$this->mUploadOldVersion}" );
- return false;
- }
- else wfDebug("$fname: moved file ".$this->mSavedFile." to ${archive}/{$this->mUploadOldVersion}\n");
- }
- else {
- $this->mUploadOldVersion = '';
- }
-
- wfSuppressWarnings();
- $success = $useRename
- ? rename( $tempName, $this->mSavedFile )
- : move_uploaded_file( $tempName, $this->mSavedFile );
- wfRestoreWarnings();
-
- if( ! $success ) {
- $wgOut->showFileCopyError( $tempName, $this->mSavedFile );
+ $image = wfLocalFile( $saveName );
+ $archiveName = $image->publish( $tempName, File::DELETE_SOURCE );
+ if ( WikiError::isError( $archiveName ) ) {
+ $this->showError( $archiveName );
return false;
- } else {
- wfDebug("$fname: wrote tempfile $tempName to ".$this->mSavedFile."\n");
}
-
- chmod( $this->mSavedFile, 0644 );
+ $this->mUploadOldVersion = $archiveName;
return true;
}
*/
function saveTempUploadedFile( $saveName, $tempName ) {
global $wgOut;
- $archive = wfImageArchiveDir( $saveName, 'temp' );
- if ( !is_dir ( $archive ) ) wfMkdirParents( $archive );
- $stash = $archive . '/' . gmdate( "YmdHis" ) . '!' . $saveName;
-
- $success = $this->mRemoveTempFile
- ? rename( $tempName, $stash )
- : move_uploaded_file( $tempName, $stash );
- if ( !$success ) {
- $wgOut->showFileCopyError( $tempName, $stash );
+ $repo = RepoGroup::singleton()->getLocalRepo();
+ $result = $repo->storeTemp( $saveName, $tempName );
+ if ( WikiError::isError( $result ) ) {
+ $this->showError( $result );
return false;
+ } else {
+ return $result;
}
-
- return $stash;
}
/**
*/
function unsaveUploadedFile() {
global $wgOut;
- wfSuppressWarnings();
- $success = unlink( $this->mUploadTempName );
- wfRestoreWarnings();
+ $repo = RepoGroup::singleton()->getLocalRepo();
+ $success = $repo->freeTemp( $this->mUploadTempName );
if ( ! $success ) {
$wgOut->showFileDeleteError( $this->mUploadTempName );
return false;
global $wgUser, $wgOut, $wgContLang;
$sk = $wgUser->getSkin();
- $ilink = $sk->makeMediaLink( $this->mUploadSaveName, Image::imageUrl( $this->mUploadSaveName ) );
+ $ilink = $sk->makeMediaLinkObj( $this->mImage->getTitle() );
$dname = $wgContLang->getNsText( NS_IMAGE ) . ':'.$this->mUploadSaveName;
$dlink = $sk->makeKnownLink( $dname, $dname );
"<span class='error'>{$msg}</span>\n" );
}
$wgOut->addHTML( '<div id="uploadtext">' );
- $wgOut->addWikiText( wfMsg( 'uploadtext' ) );
+ $wgOut->addWikiText( wfMsgNoTrans( 'uploadtext', $this->mDestFile ) );
$wgOut->addHTML( '</div>' );
$sourcefilename = wfMsgHtml( 'sourcefilename' );
// Prepare form for upload or upload/copy
if( $wgAllowCopyUploads && $wgUser->isAllowed( 'upload_by_url' ) ) {
- $filename_form =
- "<input type='radio' id='wpSourceTypeFile' name='wpSourceType' value='file' onchange='toggle_element_activation(\"wpUploadFileURL\",\"wpUploadFile\")' checked />" .
- "<input tabindex='1' type='file' name='wpUploadFile' id='wpUploadFile' onfocus='toggle_element_activation(\"wpUploadFileURL\",\"wpUploadFile\");toggle_element_check(\"wpSourceTypeFile\",\"wpSourceTypeURL\")'" .
+ $filename_form =
+ "<input type='radio' id='wpSourceTypeFile' name='wpSourceType' value='file' onchange='toggle_element_activation(\"wpUploadFileURL\",\"wpUploadFile\")' checked />" .
+ "<input tabindex='1' type='file' name='wpUploadFile' id='wpUploadFile' onfocus='toggle_element_activation(\"wpUploadFileURL\",\"wpUploadFile\");toggle_element_check(\"wpSourceTypeFile\",\"wpSourceTypeURL\")'" .
($this->mDestFile?"":"onchange='fillDestFilename(\"wpUploadFile\")' ") . "size='40' />" .
wfMsgHTML( 'upload_source_file' ) . "<br/>" .
"<input type='radio' id='wpSourceTypeURL' name='wpSourceType' value='web' onchange='toggle_element_activation(\"wpUploadFile\",\"wpUploadFileURL\")' />" .
- "<input tabindex='1' type='text' name='wpUploadFileURL' id='wpUploadFileURL' onfocus='toggle_element_activation(\"wpUploadFile\",\"wpUploadFileURL\");toggle_element_check(\"wpSourceTypeURL\",\"wpSourceTypeFile\")'" .
+ "<input tabindex='1' type='text' name='wpUploadFileURL' id='wpUploadFileURL' onfocus='toggle_element_activation(\"wpUploadFile\",\"wpUploadFileURL\");toggle_element_check(\"wpSourceTypeURL\",\"wpSourceTypeFile\")'" .
($this->mDestFile?"":"onchange='fillDestFilename(\"wpUploadFileURL\")' ") . "size='40' DISABLED />" .
wfMsgHtml( 'upload_source_url' ) ;
} else {
- $filename_form =
- "<input tabindex='1' type='file' name='wpUploadFile' id='wpUploadFile' " .
- ($this->mDestFile?"":"onchange='fillDestFilename(\"wpUploadFile\")' ") .
+ $filename_form =
+ "<input tabindex='1' type='file' name='wpUploadFile' id='wpUploadFile' " .
+ ($this->mDestFile?"":"onchange='fillDestFilename(\"wpUploadFile\")' ") .
"size='40' />" .
"<input type='hidden' name='wpSourceType' value='file' />" ;
}
$copystatus = htmlspecialchars( $this->mUploadCopyStatus );
$filesource = wfMsgHtml ( 'filesource' );
$uploadsource = htmlspecialchars( $this->mUploadSource );
-
+
$wgOut->addHTML( "
<td align='right' nowrap='nowrap'><label for='wpUploadCopyStatus'>$filestatus:</label></td>
<td><input tabindex='5' type='text' name='wpUploadCopyStatus' id='wpUploadCopyStatus' value=\"$copystatus\" size='40' /></td>
<input tabindex='8' type='checkbox' name='wpIgnoreWarning' id='wpIgnoreWarning' value='true' />
<label for='wpIgnoreWarning'>" . wfMsgHtml( 'ignorewarnings' ) . "</label>
</td>
- </tr>
- <tr>
-
</tr>
<tr>
<td></td>
global $wgMimeTypeBlacklist;
if( isset($wgMimeTypeBlacklist) && !is_null($wgMimeTypeBlacklist)
&& $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) {
- return new WikiErrorMsg( 'badfiletype', htmlspecialchars( $mime ) );
+ return new WikiErrorMsg( 'filetype-badmime', htmlspecialchars( $mime ) );
}
}
$chunk = Sanitizer::decodeCharReferences( $chunk );
#look for script-types
- if (preg_match('!type\s*=\s*[\'"]?\s*(\w*/)?(ecma|java)!sim',$chunk)) return true;
+ if (preg_match('!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim',$chunk)) return true;
#look for html-style script-urls
- if (preg_match('!(href|src|data)\s*=\s*[\'"]?\s*(ecma|java)script:!sim',$chunk)) return true;
+ if (preg_match('!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim',$chunk)) return true;
#look for css-style script-urls
- if (preg_match('!url\s*\(\s*[\'"]?\s*(ecma|java)script:!sim',$chunk)) return true;
+ if (preg_match('!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim',$chunk)) return true;
wfDebug("SpecialUpload::detectScript: no scripts found\n");
return false;
* @access private
*/
function checkOverwrite( $name ) {
- $img = Image::newFromName( $name );
- if( is_null( $img ) ) {
- // Uh... this shouldn't happen ;)
- // But if it does, fall through to previous behavior
- return false;
- }
+ $img = wfFindFile( $name );
$error = '';
- if( $img->exists() ) {
+ if( $img ) {
global $wgUser, $wgOut;
if( $img->isLocal() ) {
- if( !$wgUser->isAllowed( 'reupload' ) ) {
+ if( !self::userCanReUpload( $wgUser, $img->name ) ) {
$error = 'fileexists-forbidden';
}
} else {
return true;
}
-}
-
+ /**
+ * Check if a user is the last uploader
+ *
+ * @param User $user
+ * @param string $img, image name
+ * @return bool
+ */
+ public static function userCanReUpload( User $user, $img ) {
+ if( $user->isAllowed( 'reupload' ) )
+ return true; // non-conditional
+ if( !$user->isAllowed( 'reupload-own' ) )
+ return false;
+
+ $dbr = wfGetDB( DB_SLAVE );
+ $row = $dbr->selectRow('image',
+ /* SELECT */ 'img_user',
+ /* WHERE */ array( 'img_name' => $img )
+ );
+ if ( !$row )
+ return false;
+
+ return $user->getID() == $row->img_user;
+ }
+ /**
+ * Display an error from a wikitext-formatted WikiError object
+ */
+ function showError( WikiError $error ) {
+ global $wgOut;
+ $wgOut->setPageTitle( wfMsg( "internalerror" ) );
+ $wgOut->setRobotpolicy( "noindex,nofollow" );
+ $wgOut->setArticleRelated( false );
+ $wgOut->enableClientCache( false );
+ $wgOut->addWikiText( $error->getMessage() );
+ }
+}
?>