5 * Created on Aug 21, 2008
7 * Copyright © 2008 - 2010 Bryan Tong Minh <Bryan.TongMinh@Gmail.com>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
22 * http://www.gnu.org/copyleft/gpl.html
30 class ApiUpload
extends ApiBase
{
35 protected $mUpload = null;
39 public function __construct( $main, $action ) {
40 parent
::__construct( $main, $action );
43 public function execute() {
44 // Check whether upload is enabled
45 if ( !UploadBase
::isEnabled() ) {
46 $this->dieUsageMsg( 'uploaddisabled' );
49 $user = $this->getUser();
52 $this->mParams
= $this->extractRequestParams();
53 $request = $this->getMain()->getRequest();
54 // Add the uploaded file to the params array
55 $this->mParams
['file'] = $request->getFileName( 'file' );
56 $this->mParams
['chunk'] = $request->getFileName( 'chunk' );
58 // Copy the session key to the file key, for backward compatibility.
59 if( !$this->mParams
['filekey'] && $this->mParams
['sessionkey'] ) {
60 $this->mParams
['filekey'] = $this->mParams
['sessionkey'];
63 // Select an upload module
64 if ( !$this->selectUploadModule() ) {
65 // This is not a true upload, but a status request or similar
68 if ( !isset( $this->mUpload
) ) {
69 $this->dieUsage( 'No upload module set', 'nomodule' );
72 // First check permission to upload
73 $this->checkPermissions( $user );
76 $status = $this->mUpload
->fetchFile();
77 if ( !$status->isGood() ) {
78 $errors = $status->getErrorsArray();
79 $error = array_shift( $errors[0] );
80 $this->dieUsage( 'Error fetching file from remote source', $error, 0, $errors[0] );
83 // Check if the uploaded file is sane
84 if ( $this->mParams
['chunk'] ) {
85 $maxSize = $this->mUpload
->getMaxUploadSize( );
86 if( $this->mParams
['filesize'] > $maxSize ) {
87 $this->dieUsage( 'The file you submitted was too large', 'file-too-large' );
89 if ( !$this->mUpload
->getTitle() ) {
90 $this->dieUsage( 'Invalid file title supplied', 'internal-error' );
93 $this->verifyUpload();
96 // Check if the user has the rights to modify or overwrite the requested title
97 // (This check is irrelevant if stashing is already requested, since the errors
98 // can always be fixed by changing the title)
99 if ( ! $this->mParams
['stash'] ) {
100 $permErrors = $this->mUpload
->verifyTitlePermissions( $user );
101 if ( $permErrors !== true ) {
102 $this->dieRecoverableError( $permErrors[0], 'filename' );
105 // Get the result based on the current upload context:
106 $result = $this->getContextResult();
108 if ( $result['result'] === 'Success' ) {
109 $result['imageinfo'] = $this->mUpload
->getImageInfo( $this->getResult() );
112 $this->getResult()->addValue( null, $this->getModuleName(), $result );
114 // Cleanup any temporary mess
115 $this->mUpload
->cleanupTempFile();
118 * Get an uplaod result based on upload context
121 private function getContextResult(){
122 $warnings = $this->getApiWarnings();
123 if ( $warnings && !$this->mParams
['ignorewarnings'] ) {
124 // Get warnings formated in result array format
125 return $this->getWarningsResult( $warnings );
126 } elseif ( $this->mParams
['chunk'] ) {
127 // Add chunk, and get result
128 return $this->getChunkResult( $warnings );
129 } elseif ( $this->mParams
['stash'] ) {
130 // Stash the file and get stash result
131 return $this->getStashResult( $warnings );
133 // This is the most common case -- a normal upload with no warnings
134 // performUpload will return a formatted properly for the API with status
135 return $this->performUpload( $warnings );
138 * Get Stash Result, throws an expetion if the file could not be stashed.
139 * @param $warnings array Array of Api upload warnings
142 private function getStashResult( $warnings ){
144 // Some uploads can request they be stashed, so as not to publish them immediately.
145 // In this case, a failure to stash ought to be fatal
147 $result['result'] = 'Success';
148 $result['filekey'] = $this->performStash();
149 $result['sessionkey'] = $result['filekey']; // backwards compatibility
150 if ( $warnings && count( $warnings ) > 0 ) {
151 $result['warnings'] = $warnings;
153 } catch ( MWException
$e ) {
154 $this->dieUsage( $e->getMessage(), 'stashfailed' );
159 * Get Warnings Result
160 * @param $warnings array Array of Api upload warnings
163 private function getWarningsResult( $warnings ){
165 $result['result'] = 'Warning';
166 $result['warnings'] = $warnings;
167 // in case the warnings can be fixed with some further user action, let's stash this upload
168 // and return a key they can use to restart it
170 $result['filekey'] = $this->performStash();
171 $result['sessionkey'] = $result['filekey']; // backwards compatibility
172 } catch ( MWException
$e ) {
173 $result['warnings']['stashfailed'] = $e->getMessage();
178 * Get the result of a chunk upload.
179 * @param $warnings array Array of Api upload warnings
182 private function getChunkResult( $warnings ){
185 $result['result'] = 'Continue';
186 if ( $warnings && count( $warnings ) > 0 ) {
187 $result['warnings'] = $warnings;
189 $request = $this->getMain()->getRequest();
190 $chunkPath = $request->getFileTempname( 'chunk' );
191 $chunkSize = $request->getUpload( 'chunk' )->getSize();
192 if ($this->mParams
['offset'] == 0) {
193 $result['filekey'] = $this->performStash();
195 $status = $this->mUpload
->addChunk($chunkPath, $chunkSize,
196 $this->mParams
['offset']);
197 if ( !$status->isGood() ) {
198 $this->dieUsage( $status->getWikiText(), 'stashfailed' );
202 // Check we added the last chunk:
203 if( $this->mParams
['offset'] +
$chunkSize == $this->mParams
['filesize'] ) {
204 $status = $this->mUpload
->concatenateChunks();
206 if ( !$status->isGood() ) {
207 $this->dieUsage( $status->getWikiText(), 'stashfailed' );
211 // We have a new filekey for the fully concatenated file.
212 $result['filekey'] = $this->mUpload
->getLocalFile()->getFileKey();
214 // Remove chunk from stash. (Checks against user ownership of chunks.)
215 $this->mUpload
->stash
->removeFile( $this->mParams
['filekey'] );
217 $result['result'] = 'Success';
221 // Continue passing through the filekey for adding further chunks.
222 $result['filekey'] = $this->mParams
['filekey'];
225 $result['offset'] = $this->mParams
['offset'] +
$chunkSize;
230 * Stash the file and return the file key
231 * Also re-raises exceptions with slightly more informative message strings (useful for API)
232 * @throws MWException
233 * @return String file key
235 function performStash() {
237 $stashFile = $this->mUpload
->stashFile();
240 throw new MWException( 'Invalid stashed file' );
242 $fileKey = $stashFile->getFileKey();
243 } catch ( MWException
$e ) {
244 $message = 'Stashing temporary file failed: ' . get_class( $e ) . ' ' . $e->getMessage();
245 wfDebug( __METHOD__
. ' ' . $message . "\n");
246 throw new MWException( $message );
252 * Throw an error that the user can recover from by providing a better
253 * value for $parameter
255 * @param $error array Error array suitable for passing to dieUsageMsg()
256 * @param $parameter string Parameter that needs revising
257 * @param $data array Optional extra data to pass to the user
258 * @throws UsageException
260 function dieRecoverableError( $error, $parameter, $data = array() ) {
262 $data['filekey'] = $this->performStash();
263 $data['sessionkey'] = $data['filekey'];
264 } catch ( MWException
$e ) {
265 $data['stashfailed'] = $e->getMessage();
267 $data['invalidparameter'] = $parameter;
269 $parsed = $this->parseMsg( $error );
270 $this->dieUsage( $parsed['info'], $parsed['code'], 0, $data );
274 * Select an upload module and set it to mUpload. Dies on failure. If the
275 * request was a status request and not a true upload, returns false;
280 protected function selectUploadModule() {
281 $request = $this->getMain()->getRequest();
283 // chunk or one and only one of the following parameters is needed
284 if( !$this->mParams
['chunk'] ) {
285 $this->requireOnlyOneParameter( $this->mParams
,
286 'filekey', 'file', 'url', 'statuskey' );
289 if ( $this->mParams
['statuskey'] ) {
290 $this->checkAsyncDownloadEnabled();
292 // Status request for an async upload
293 $sessionData = UploadFromUrlJob
::getSessionData( $this->mParams
['statuskey'] );
294 if ( !isset( $sessionData['result'] ) ) {
295 $this->dieUsage( 'No result in session data', 'missingresult' );
297 if ( $sessionData['result'] == 'Warning' ) {
298 $sessionData['warnings'] = $this->transformWarnings( $sessionData['warnings'] );
299 $sessionData['sessionkey'] = $this->mParams
['statuskey'];
301 $this->getResult()->addValue( null, $this->getModuleName(), $sessionData );
306 // The following modules all require the filename parameter to be set
307 if ( is_null( $this->mParams
['filename'] ) ) {
308 $this->dieUsageMsg( array( 'missingparam', 'filename' ) );
311 if ( $this->mParams
['chunk'] ) {
313 $this->mUpload
= new UploadFromChunks();
314 if( isset( $this->mParams
['filekey'] ) ){
316 $this->mUpload
->continueChunks(
317 $this->mParams
['filename'],
318 $this->mParams
['filekey'],
319 $request->getUpload( 'chunk' )
322 // handle first chunk
323 $this->mUpload
->initialize(
324 $this->mParams
['filename'],
325 $request->getUpload( 'chunk' )
328 } elseif ( isset( $this->mParams
['filekey'] ) ) {
329 // Upload stashed in a previous request
330 if ( !UploadFromStash
::isValidKey( $this->mParams
['filekey'] ) ) {
331 $this->dieUsageMsg( 'invalid-file-key' );
334 $this->mUpload
= new UploadFromStash( $this->getUser() );
336 $this->mUpload
->initialize( $this->mParams
['filekey'], $this->mParams
['filename'] );
337 } elseif ( isset( $this->mParams
['file'] ) ) {
338 $this->mUpload
= new UploadFromFile();
339 $this->mUpload
->initialize(
340 $this->mParams
['filename'],
341 $request->getUpload( 'file' )
343 } elseif ( isset( $this->mParams
['url'] ) ) {
344 // Make sure upload by URL is enabled:
345 if ( !UploadFromUrl
::isEnabled() ) {
346 $this->dieUsageMsg( 'copyuploaddisabled' );
349 if ( !UploadFromUrl
::isAllowedHost( $this->mParams
['url'] ) ) {
350 $this->dieUsageMsg( 'copyuploadbaddomain' );
354 if ( $this->mParams
['asyncdownload'] ) {
355 $this->checkAsyncDownloadEnabled();
357 if ( $this->mParams
['leavemessage'] && !$this->mParams
['ignorewarnings'] ) {
358 $this->dieUsage( 'Using leavemessage without ignorewarnings is not supported',
359 'missing-ignorewarnings' );
362 if ( $this->mParams
['leavemessage'] ) {
363 $async = 'async-leavemessage';
368 $this->mUpload
= new UploadFromUrl
;
369 $this->mUpload
->initialize( $this->mParams
['filename'],
370 $this->mParams
['url'], $async );
377 * Checks that the user has permissions to perform this upload.
378 * Dies with usage message on inadequate permissions.
379 * @param $user User The user to check.
381 protected function checkPermissions( $user ) {
382 // Check whether the user has the appropriate permissions to upload anyway
383 $permission = $this->mUpload
->isAllowed( $user );
385 if ( $permission !== true ) {
386 if ( !$user->isLoggedIn() ) {
387 $this->dieUsageMsg( array( 'mustbeloggedin', 'upload' ) );
389 $this->dieUsageMsg( 'badaccess-groups' );
395 * Performs file verification, dies on error.
397 protected function verifyUpload( ) {
398 global $wgFileExtensions;
400 $verification = $this->mUpload
->verifyUpload( );
401 if ( $verification['status'] === UploadBase
::OK
) {
405 // TODO: Move them to ApiBase's message map
406 switch( $verification['status'] ) {
407 // Recoverable errors
408 case UploadBase
::MIN_LENGTH_PARTNAME
:
409 $this->dieRecoverableError( 'filename-tooshort', 'filename' );
411 case UploadBase
::ILLEGAL_FILENAME
:
412 $this->dieRecoverableError( 'illegal-filename', 'filename',
413 array( 'filename' => $verification['filtered'] ) );
415 case UploadBase
::FILENAME_TOO_LONG
:
416 $this->dieRecoverableError( 'filename-toolong', 'filename' );
418 case UploadBase
::FILETYPE_MISSING
:
419 $this->dieRecoverableError( 'filetype-missing', 'filename' );
421 case UploadBase
::WINDOWS_NONASCII_FILENAME
:
422 $this->dieRecoverableError( 'windows-nonascii-filename', 'filename' );
425 // Unrecoverable errors
426 case UploadBase
::EMPTY_FILE
:
427 $this->dieUsage( 'The file you submitted was empty', 'empty-file' );
429 case UploadBase
::FILE_TOO_LARGE
:
430 $this->dieUsage( 'The file you submitted was too large', 'file-too-large' );
433 case UploadBase
::FILETYPE_BADTYPE
:
435 'filetype' => $verification['finalExt'],
436 'allowed' => $wgFileExtensions
438 $this->getResult()->setIndexedTagName( $extradata['allowed'], 'ext' );
440 $msg = "Filetype not permitted: ";
441 if ( isset( $verification['blacklistedExt'] ) ) {
442 $msg .= join( ', ', $verification['blacklistedExt'] );
443 $extradata['blacklisted'] = array_values( $verification['blacklistedExt'] );
444 $this->getResult()->setIndexedTagName( $extradata['blacklisted'], 'ext' );
446 $msg .= $verification['finalExt'];
448 $this->dieUsage( $msg, 'filetype-banned', 0, $extradata );
450 case UploadBase
::VERIFICATION_ERROR
:
451 $this->getResult()->setIndexedTagName( $verification['details'], 'detail' );
452 $this->dieUsage( 'This file did not pass file verification', 'verification-error',
453 0, array( 'details' => $verification['details'] ) );
455 case UploadBase
::HOOK_ABORTED
:
456 $this->dieUsage( "The modification you tried to make was aborted by an extension hook",
457 'hookaborted', 0, array( 'error' => $verification['error'] ) );
460 $this->dieUsage( 'An unknown error occurred', 'unknown-error',
461 0, array( 'code' => $verification['status'] ) );
469 * Returns a suitable array for inclusion into API results if there were warnings
470 * Returns the empty array if there were no warnings
474 protected function getApiWarnings() {
475 $warnings = $this->mUpload
->checkWarnings();
477 return $this->transformWarnings( $warnings );
480 protected function transformWarnings( $warnings ) {
483 $result = $this->getResult();
484 $result->setIndexedTagName( $warnings, 'warning' );
486 if ( isset( $warnings['duplicate'] ) ) {
488 foreach ( $warnings['duplicate'] as $dupe ) {
489 $dupes[] = $dupe->getName();
491 $result->setIndexedTagName( $dupes, 'duplicate' );
492 $warnings['duplicate'] = $dupes;
495 if ( isset( $warnings['exists'] ) ) {
496 $warning = $warnings['exists'];
497 unset( $warnings['exists'] );
498 $warnings[$warning['warning']] = $warning['file']->getName();
506 * Perform the actual upload. Returns a suitable result array on success;
509 * @param $warnings array Array of Api upload warnings
512 protected function performUpload( $warnings ) {
513 // Use comment as initial page text by default
514 if ( is_null( $this->mParams
['text'] ) ) {
515 $this->mParams
['text'] = $this->mParams
['comment'];
518 $file = $this->mUpload
->getLocalFile();
519 $watch = $this->getWatchlistValue( $this->mParams
['watchlist'], $file->getTitle() );
521 // Deprecated parameters
522 if ( $this->mParams
['watch'] ) {
526 // No errors, no warnings: do the upload
527 $status = $this->mUpload
->performUpload( $this->mParams
['comment'],
528 $this->mParams
['text'], $watch, $this->getUser() );
530 if ( !$status->isGood() ) {
531 $error = $status->getErrorsArray();
533 if ( count( $error ) == 1 && $error[0][0] == 'async' ) {
534 // The upload can not be performed right now, because the user
537 'result' => 'Queued',
538 'statuskey' => $error[0][1],
541 $this->getResult()->setIndexedTagName( $error, 'error' );
543 $this->dieUsage( 'An internal error occurred', 'internal-error', 0, $error );
547 $file = $this->mUpload
->getLocalFile();
549 $result['result'] = 'Success';
550 $result['filename'] = $file->getName();
551 if ( $warnings && count( $warnings ) > 0 ) {
552 $result['warnings'] = $warnings;
559 * Checks if asynchronous copy uploads are enabled and throws an error if they are not.
561 protected function checkAsyncDownloadEnabled() {
562 global $wgAllowAsyncCopyUploads;
563 if ( !$wgAllowAsyncCopyUploads ) {
564 $this->dieUsage( 'Asynchronous copy uploads disabled', 'asynccopyuploaddisabled');
568 public function mustBePosted() {
572 public function isWriteMode() {
576 public function getAllowedParams() {
579 ApiBase
::PARAM_TYPE
=> 'string',
582 ApiBase
::PARAM_DFLT
=> ''
586 ApiBase
::PARAM_TYPE
=> 'string',
587 ApiBase
::PARAM_REQUIRED
=> true
590 ApiBase
::PARAM_DFLT
=> false,
591 ApiBase
::PARAM_DEPRECATED
=> true,
593 'watchlist' => array(
594 ApiBase
::PARAM_DFLT
=> 'preferences',
595 ApiBase
::PARAM_TYPE
=> array(
601 'ignorewarnings' => false,
605 'sessionkey' => array(
606 ApiBase
::PARAM_DFLT
=> null,
607 ApiBase
::PARAM_DEPRECATED
=> true,
615 'asyncdownload' => false,
616 'leavemessage' => false,
623 public function getParamDescription() {
625 'filename' => 'Target filename',
626 'token' => 'Edit token. You can get one of these through prop=info',
627 'comment' => 'Upload comment. Also used as the initial page text for new files if "text" is not specified',
628 'text' => 'Initial page text for new files',
629 'watch' => 'Watch the page',
630 'watchlist' => 'Unconditionally add or remove the page from your watchlist, use preferences or do not change watch',
631 'ignorewarnings' => 'Ignore any warnings',
632 'file' => 'File contents',
633 'url' => 'URL to fetch the file from',
634 'filekey' => 'Key that identifies a previous upload that was stashed temporarily.',
635 'sessionkey' => 'Same as filekey, maintained for backward compatibility.',
636 'stash' => 'If set, the server will not add the file to the repository and stash it temporarily.',
638 'chunk' => 'Chunk contents',
639 'offset' => 'Offset of chunk in bytes',
640 'filesize' => 'Filesize of entire upload',
642 'asyncdownload' => 'Make fetching a URL asynchronous',
643 'leavemessage' => 'If asyncdownload is used, leave a message on the user talk page if finished',
644 'statuskey' => 'Fetch the upload status for this file key',
651 public function getResultProperties() {
655 ApiBase
::PROP_TYPE
=> array(
663 ApiBase
::PROP_TYPE
=> 'string',
664 ApiBase
::PROP_NULLABLE
=> true
666 'sessionkey' => array(
667 ApiBase
::PROP_TYPE
=> 'string',
668 ApiBase
::PROP_NULLABLE
=> true
671 ApiBase
::PROP_TYPE
=> 'integer',
672 ApiBase
::PROP_NULLABLE
=> true
674 'statuskey' => array(
675 ApiBase
::PROP_TYPE
=> 'string',
676 ApiBase
::PROP_NULLABLE
=> true
679 ApiBase
::PROP_TYPE
=> 'string',
680 ApiBase
::PROP_NULLABLE
=> true
686 public function getDescription() {
688 'Upload a file, or get the status of pending uploads. Several methods are available:',
689 ' * Upload file contents directly, using the "file" parameter',
690 ' * Have the MediaWiki server fetch a file from a URL, using the "url" parameter',
691 ' * Complete an earlier upload that failed due to warnings, using the "filekey" parameter',
692 'Note that the HTTP POST must be done as a file upload (i.e. using multipart/form-data) when',
693 'sending the "file". Also you must get and send an edit token before doing any upload stuff'
697 public function getPossibleErrors() {
698 return array_merge( parent
::getPossibleErrors(),
699 $this->getRequireOnlyOneParameterErrorMessages( array( 'filekey', 'file', 'url', 'statuskey' ) ),
701 array( 'uploaddisabled' ),
702 array( 'invalid-file-key' ),
703 array( 'uploaddisabled' ),
704 array( 'mustbeloggedin', 'upload' ),
705 array( 'badaccess-groups' ),
706 array( 'code' => 'fetchfileerror', 'info' => '' ),
707 array( 'code' => 'nomodule', 'info' => 'No upload module set' ),
708 array( 'code' => 'empty-file', 'info' => 'The file you submitted was empty' ),
709 array( 'code' => 'filetype-missing', 'info' => 'The file is missing an extension' ),
710 array( 'code' => 'filename-tooshort', 'info' => 'The filename is too short' ),
711 array( 'code' => 'overwrite', 'info' => 'Overwriting an existing file is not allowed' ),
712 array( 'code' => 'stashfailed', 'info' => 'Stashing temporary file failed' ),
713 array( 'code' => 'internal-error', 'info' => 'An internal error occurred' ),
714 array( 'code' => 'asynccopyuploaddisabled', 'info' => 'Asynchronous copy uploads disabled' ),
715 array( 'fileexists-forbidden' ),
716 array( 'fileexists-shared-forbidden' ),
721 public function needsToken() {
725 public function getTokenSalt() {
729 public function getExamples() {
731 'api.php?action=upload&filename=Wiki.png&url=http%3A//upload.wikimedia.org/wikipedia/en/b/bc/Wiki.png'
732 => 'Upload from a URL',
733 'api.php?action=upload&filename=Wiki.png&filekey=filekey&ignorewarnings=1'
734 => 'Complete an upload that failed due to warnings',
738 public function getHelpUrls() {
739 return 'https://www.mediawiki.org/wiki/API:Upload';
742 public function getVersion() {
743 return __CLASS__
. ': $Id$';