protected $mTempPath, $mTmpHandle;
+ protected static $allowedUrls = array();
+
/**
* Checks if the user is allowed to use the upload-by-URL feature. If the
* user is not allowed, return the name of the user right as a string. If
return false;
}
$valid = false;
- foreach( $wgCopyUploadsDomains as $domain ) {
+ foreach ( $wgCopyUploadsDomains as $domain ) {
// See if the domain for the upload matches this whitelisted domain
$whitelistedDomainPieces = explode( '.', $domain );
$uploadDomainPieces = explode( '.', $parsedUrl['host'] );
return $valid;
}
+ /**
+ * Checks whether the URL is not allowed.
+ *
+ * @param $url string
+ * @return bool
+ */
+ public static function isAllowedUrl( $url ) {
+ if ( !isset( self::$allowedUrls[$url] ) ) {
+ $allowed = true;
+ wfRunHooks( 'IsUploadAllowedFromUrl', array( $url, &$allowed ) );
+ self::$allowedUrls[$url] = $allowed;
+ }
+ return self::$allowedUrls[$url];
+ }
+
/**
* Entry point for API upload
*
return Status::newFatal( 'http-invalid-url' );
}
- if( !self::isAllowedHost( $this->mUrl ) ) {
+ if ( !self::isAllowedHost( $this->mUrl ) ) {
return Status::newFatal( 'upload-copy-upload-invalid-domain' );
}
+ if ( !self::isAllowedUrl( $this->mUrl ) ) {
+ return Status::newFatal( 'upload-copy-upload-invalid-url' );
+ }
if ( !$this->mAsync ) {
return $this->reallyFetchFile();
}
dépôts / lhc / web / wiklou.git / blobdiff