return;
}
- $this->mIgnoreWarning = $request->getCheck( 'wpIgnoreWarning');
+ $this->mIgnoreWarning = $request->getCheck( 'wpIgnoreWarning' );
$this->mReUpload = $request->getCheck( 'wpReUpload' );
$this->mUpload = $request->getCheck( 'wpUpload' );
global $wgUser, $wgOut;
global $wgEnableUploads, $wgUploadDirectory;
- /** Show an error message if file upload is disabled */
- if( ! $wgEnableUploads ) {
- $wgOut->addWikiText( wfMsg( 'uploaddisabled' ) );
+ # Check uploading enabled
+ if( !$wgEnableUploads ) {
+ $wgOut->errorPage( 'uploaddisabled', 'uploaddisabledtext' );
return;
}
- /** Various rights checks */
- if( !$wgUser->isAllowed( 'upload' ) || $wgUser->isBlocked() ) {
- $wgOut->errorpage( 'uploadnologin', 'uploadnologintext' );
+ # Check permissions
+ if( $wgUser->isLoggedIn() ) {
+ if( !$wgUser->isAllowed( 'upload' ) ) {
+ $wgOut->permissionRequired( 'upload' );
+ return;
+ }
+ } else {
+ $wgOut->errorPage( 'uploadnologin', 'uploadnologintext' );
return;
}
+
+ # Check blocks
+ if( $wgUser->isBlocked() ) {
+ $wgOut->blockedPage();
+ return;
+ }
+
if( wfReadOnly() ) {
$wgOut->readOnlyPage();
return;
* @access private
*/
function processUpload() {
- global $wgUser, $wgOut, $wgLang, $wgContLang;
- global $wgUploadDirectory;
- global $wgUseCopyrightUpload, $wgCheckCopyrightUpload;
+ global $wgUser, $wgOut;
/* Check for PHP error if any, requires php 4.2 or newer */
if ( $this->mUploadError == 1/*UPLOAD_ERR_INI_SIZE*/ ) {
# Chop off any directories in the given filename
if ( $this->mDestFile ) {
- $basename = basename( $this->mDestFile );
+ $basename = wfBaseName( $this->mDestFile );
} else {
- $basename = basename( $this->mOname );
+ $basename = wfBaseName( $this->mOname );
}
/**
* only the final one for the whitelist.
*/
list( $partname, $ext ) = $this->splitExtensions( $basename );
+
if( count( $ext ) ) {
$finalExt = $ext[count( $ext ) - 1];
} else {
}
$fullExt = implode( '.', $ext );
+ # If there was more than one "extension", reassemble the base
+ # filename to prevent bogus complaints about length
+ if( count( $ext ) > 1 ) {
+ for( $i = 0; $i < count( $ext ) - 1; $i++ )
+ $partname .= '.' . $ext[$i];
+ }
+
if ( strlen( $partname ) < 3 ) {
$this->mainUploadForm( wfMsgHtml( 'minlength' ) );
return;
if( !$nt->userCanEdit() ) {
return $this->uploadError( wfMsgWikiHtml( 'protectedpage' ) );
}
-
+
/**
* In some cases we may forbid overwriting of existing files.
*/
return $this->uploadError( $veri->toString() );
}
}
-
+
/**
* Provide an opportunity for extensions to add futher checks
*/
*/
if ( ! $this->mIgnoreWarning ) {
$warning = '';
-
+
global $wgCapitalLinks;
if( $wgCapitalLinks ) {
$filtered = ucfirst( $filtered );
$sk = $wgUser->getSkin();
$dlink = $sk->makeKnownLinkObj( $nt );
$warning .= '<li>'.wfMsgHtml( 'fileexists', $dlink ).'</li>';
+ } else {
+ # If the file existed before and was deleted, warn the user of this
+ # Don't bother doing so if the image exists now, however
+ $image = new Image( $nt );
+ if( $image->wasDeleted() ) {
+ $skin = $wgUser->getSkin();
+ $ltitle = Title::makeTitle( NS_SPECIAL, 'Log' );
+ $llink = $skin->makeKnownLinkObj( $ltitle, wfMsgHtml( 'deletionlog' ), 'type=delete&page=' . $nt->getPrefixedUrl() );
+ $warning .= wfOpenElement( 'li' ) . wfMsgWikiHtml( 'filewasdeleted', $llink ) . wfCloseElement( 'li' );
+ }
}
if( $warning != '' ) {
if ( $success ) {
$this->showSuccess();
+ wfRunHooks( 'UploadComplete', array( &$img ) );
} else {
// Image::recordUpload() fails if the image went missing, which is
// unlikely, hence the lack of a specialised message
* is a PHP-managed upload temporary
*/
function saveUploadedFile( $saveName, $tempName, $useRename = false ) {
- global $wgUploadDirectory, $wgOut;
+ global $wgOut;
$fname= "SpecialUpload::saveUploadedFile";
* @access private
*/
function uploadWarning( $warning ) {
- global $wgOut, $wgUser, $wgLang, $wgUploadDirectory, $wgRequest;
+ global $wgOut;
global $wgUseCopyrightUpload;
$this->mSessionKey = $this->stashSession();
<tr>
<tr>
<td align='right'>
- <input tabindex='2' type='submit' name='wpUpload' value='$save' />
+ <input tabindex='2' type='submit' name='wpUpload' value=\"$save\" />
</td>
<td align='left'>$iw</td>
</tr>
<tr>
<td align='right'>
- <input tabindex='2' type='submit' name='wpReUpload' value='{$reupload}' />
+ <input tabindex='2' type='submit' name='wpReUpload' value=\"{$reupload}\" />
</td>
<td align='left'>$reup</td>
</tr>
* @access private
*/
function mainUploadForm( $msg='' ) {
- global $wgOut, $wgUser, $wgLang, $wgUploadDirectory, $wgRequest;
+ global $wgOut, $wgUser;
global $wgUseCopyrightUpload;
$cols = intval($wgUser->getOption( 'cols' ));
$license = wfMsgHtml( 'license' );
$nolicense = wfMsgHtml( 'nolicense' );
$licenseshtml = $licenses->getHtml();
-
+
$ulb = wfMsgHtml( 'uploadbtn' );
$watchChecked = $wgUser->getOption( 'watchdefault' )
? 'checked="checked"'
: '';
-
+
$wgOut->addHTML( "
<form id='upload' method='post' enctype='multipart/form-data' action=\"$action\">
<table border='0'>
</td>
</tr>
<tr>" );
-
- if ( $licenseshtml != '' ) {
- $wgOut->addHTML( "
+
+ if ( $licenseshtml != '' ) {
+ global $wgStylePath;
+ $wgOut->addHTML( "
<td align='right'><label for='wpLicense'>$license:</label></td>
<td align='left'>
- <select name='wpLicense' id='wpLicense' tabindex='4'>
+ <script type='text/javascript' src=\"$wgStylePath/common/upload.js\"></script>
+ <select name='wpLicense' id='wpLicense' tabindex='4'
+ onchange='licenseSelectorCheck()'>
<option value=''>$nolicense</option>
$licenseshtml
</select>
</tr>
<tr>
");
- }
+ }
- if ( $wgUseCopyrightUpload ) {
- $filestatus = wfMsgHtml ( 'filestatus' );
- $copystatus = htmlspecialchars( $this->mUploadCopyStatus );
- $filesource = wfMsgHtml ( 'filesource' );
- $uploadsource = htmlspecialchars( $this->mUploadSource );
-
- $wgOut->addHTML( "
+ if ( $wgUseCopyrightUpload ) {
+ $filestatus = wfMsgHtml ( 'filestatus' );
+ $copystatus = htmlspecialchars( $this->mUploadCopyStatus );
+ $filesource = wfMsgHtml ( 'filesource' );
+ $uploadsource = htmlspecialchars( $this->mUploadSource );
+
+ $wgOut->addHTML( "
<td align='right' nowrap='nowrap'><label for='wpUploadCopyStatus'>$filestatus:</label></td>
<td><input tabindex='5' type='text' name='wpUploadCopyStatus' id='wpUploadCopyStatus' value=\"$copystatus\" size='40' /></td>
</tr>
</tr>
<tr>
");
- }
-
-
- $wgOut->addHtml( "
+ }
+
+
+ $wgOut->addHtml( "
<td></td>
<td>
<input tabindex='7' type='checkbox' name='wpWatchthis' id='wpWatchthis' $watchChecked value='true' />
<td></td>
<td align='left'><input tabindex='9' type='submit' name='wpUpload' value=\"{$ulb}\" /></td>
</tr>
+
+ <tr>
+ <td></td>
+ <td align='left'>
+ " );
+ $wgOut->addWikiText( wfMsgForContent( 'edittools' ) );
+ $wgOut->addHTML( "
+ </td>
+ </tr>
+
</table>
</form>" );
}
}
#check for htmlish code and javascript
- if( $this->detectScript ( $tmpfile, $mime ) ) {
+ if( $this->detectScript ( $tmpfile, $mime, $extension ) ) {
return new WikiErrorMsg( 'uploadscripted' );
}
*
* @param string $file Pathname to the temporary upload file
* @param string $mime The mime type of the file
+ * @param string $extension The extension of the file
* @return bool true if the file contains something looking like embedded scripts
*/
- function detectScript($file,$mime) {
+ function detectScript($file, $mime, $extension) {
+ global $wgAllowTitlesInSVG;
#ugly hack: for text files, always look at the entire file.
#For binarie field, just check the first K.
'<img',
'<pre',
'<script', #also in safari
- '<table',
- '<title' #also in safari
+ '<table'
);
+ if( ! $wgAllowTitlesInSVG && $extension !== 'svg' && $mime !== 'image/svg' ) {
+ $tags[] = '<title';
+ }
foreach( $tags as $tag ) {
if( false !== strpos( $chunk, $tag ) ) {
* If textual feedback is missing but a virus was found, this function returns true.
*/
function detectVirus($file) {
- global $wgAntivirus, $wgAntivirusSetup, $wgAntivirusRequired;
+ global $wgAntivirus, $wgAntivirusSetup, $wgAntivirusRequired, $wgOut;
$fname= "SpecialUpload::detectVirus";
unlink( $this->mUploadTempName );
}
}
-
+
/**
* Check if there's an overwrite conflict and, if so, if restrictions
* forbid this user from performing the upload.
// But if it does, fall through to previous behavior
return false;
}
-
+
$error = '';
if( $img->exists() ) {
global $wgUser, $wgOut;
}
}
}
-
+
if( $error ) {
$errorText = wfMsg( $error, wfEscapeWikiText( $img->getName() ) );
return new WikiError( $wgOut->parse( $errorText ) );
}
-
+
// Rockin', go ahead and upload
return true;
}
dépôts / lhc / web / wiklou.git / blobdiff