Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/upload/UploadFromUrl.php
Tim Starling 68c433bd23 Hooks::run() call site migration 
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.

General principles:
* Use DI if it is already used. We're not changing the way state is
  managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
  is a service, it's a more generic interface, it is the only
  thing that provides isRegistered() which is needed in some cases,
  and a HookRunner can be efficiently constructed from it
  (confirmed by benchmark). Because HookContainer is needed
  for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
  SpecialPage and ApiBase have getHookContainer() and getHookRunner()
  methods in the base class, and classes that extend that base class
  are not expected to know or care where the base class gets its
  HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
  getHookRunner() methods, getting them from the global service
  container. The point of this is to ease migration to DI by ensuring
  that call sites ask their local friendly base class rather than
  getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
  methods did not seem warranted, there is a private HookRunner property
  which is accessed directly. Very rarely (two cases), there is a
  protected property, for consistency with code that conventionally
  assumes protected=private, but in cases where the class might actually
  be overridden, a protected accessor is preferred over a protected
  property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
  global code. In a few cases it was used for objects with broken
  construction schemes, out of horror or laziness.

Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore

Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router

setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine

Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-05-30 14:23:28 +00:00

308 lines
8.1 KiB
PHP
Raw Blame History

<?php
/**
* Backend for uploading files from a HTTP resource.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
* @ingroup Upload
*/
use MediaWiki\MediaWikiServices;
use MediaWiki\User\UserIdentity;
/**
* Implements uploading from a HTTP resource.
*
* @ingroup Upload
* @author Bryan Tong Minh
* @author Michael Dale
*/
class UploadFromUrl extends UploadBase {
protected $mUrl;
protected $mTempPath, $mTmpHandle;
protected static $allowedUrls = [];
/**
* Checks if the user is allowed to use the upload-by-URL feature. If the
* user is not allowed, return the name of the user right as a string. If
* the user is allowed, have the parent do further permissions checking.
*
* @param UserIdentity $user
*
* @return bool|string
*/
public static function isAllowed( UserIdentity $user ) {
if ( !MediaWikiServices::getInstance()
->getPermissionManager()
->userHasRight( $user, 'upload_by_url' )
) {
return 'upload_by_url';
}
return parent::isAllowed( $user );
}
/**
* Checks if the upload from URL feature is enabled
* @return bool
*/
public static function isEnabled() {
global $wgAllowCopyUploads;
return $wgAllowCopyUploads && parent::isEnabled();
}
/**
* Checks whether the URL is for an allowed host
* The domains in the whitelist can include wildcard characters (*) in place
* of any of the domain levels, e.g. '*.flickr.com' or 'upload.*.gov.uk'.
*
* @param string $url
* @return bool
*/
public static function isAllowedHost( $url ) {
global $wgCopyUploadsDomains;
if ( !count( $wgCopyUploadsDomains ) ) {
return true;
}
$parsedUrl = wfParseUrl( $url );
if ( !$parsedUrl ) {
return false;
}
$valid = false;
foreach ( $wgCopyUploadsDomains as $domain ) {
// See if the domain for the upload matches this whitelisted domain
$whitelistedDomainPieces = explode( '.', $domain );
$uploadDomainPieces = explode( '.', $parsedUrl['host'] );
if ( count( $whitelistedDomainPieces ) === count( $uploadDomainPieces ) ) {
$valid = true;
// See if all the pieces match or not (excluding wildcards)
foreach ( $whitelistedDomainPieces as $index => $piece ) {
if ( $piece !== '*' && $piece !== $uploadDomainPieces[$index] ) {
$valid = false;
}
}
if ( $valid ) {
// We found a match, so quit comparing against the list
break;
}
}
/* Non-wildcard test
if ( $parsedUrl['host'] === $domain ) {
$valid = true;
break;
}
*/
}
return $valid;
}
/**
* Checks whether the URL is not allowed.
*
* @param string $url
* @return bool
*/
public static function isAllowedUrl( $url ) {
if ( !isset( self::$allowedUrls[$url] ) ) {
$allowed = true;
Hooks::runner()->onIsUploadAllowedFromUrl( $url, $allowed );
self::$allowedUrls[$url] = $allowed;
}
return self::$allowedUrls[$url];
}
/**
* Entry point for API upload
*
* @param string $name
* @param string $url
* @throws MWException
*/
public function initialize( $name, $url ) {
$this->mUrl = $url;
$tempPath = $this->makeTemporaryFile();
# File size and removeTempFile will be filled in later
$this->initializePathInfo( $name, $tempPath, 0, false );
}
/**
* Entry point for SpecialUpload
* @param WebRequest &$request
*/
public function initializeFromRequest( &$request ) {
$desiredDestName = $request->getText( 'wpDestFile' );
if ( !$desiredDestName ) {
$desiredDestName = $request->getText( 'wpUploadFileURL' );
}
$this->initialize(
$desiredDestName,
trim( $request->getVal( 'wpUploadFileURL' ) )
);
}
/**
* @param WebRequest $request
* @return bool
*/
public static function isValidRequest( $request ) {
global $wgUser;
$url = $request->getVal( 'wpUploadFileURL' );
return !empty( $url )
&& MediaWikiServices::getInstance()
->getPermissionManager()
->userHasRight( $wgUser, 'upload_by_url' );
}
/**
* @return string
*/
public function getSourceType() {
return 'url';
}
/**
* Download the file
*
* @param array $httpOptions Array of options for MWHttpRequest.
* This could be used to override the timeout on the http request.
* @return Status
*/
public function fetchFile( $httpOptions = [] ) {
if ( !Http::isValidURI( $this->mUrl ) ) {
return Status::newFatal( 'http-invalid-url', $this->mUrl );
}
if ( !self::isAllowedHost( $this->mUrl ) ) {
return Status::newFatal( 'upload-copy-upload-invalid-domain' );
}
if ( !self::isAllowedUrl( $this->mUrl ) ) {
return Status::newFatal( 'upload-copy-upload-invalid-url' );
}
return $this->reallyFetchFile( $httpOptions );
}
/**
* Create a new temporary file in the URL subdirectory of wfTempDir().
*
* @return string Path to the file
*/
protected function makeTemporaryFile() {
$tmpFile = MediaWikiServices::getInstance()->getTempFSFileFactory()
->newTempFSFile( 'URL', 'urlupload_' );
$tmpFile->bind( $this );
return $tmpFile->getPath();
}
/**
* Callback: save a chunk of the result of a HTTP request to the temporary file
*
* @param mixed $req
* @param string $buffer
* @return int Number of bytes handled
*/
public function saveTempFileChunk( $req, $buffer ) {
wfDebugLog( 'fileupload', 'Received chunk of ' . strlen( $buffer ) . ' bytes' );
$nbytes = fwrite( $this->mTmpHandle, $buffer );
if ( $nbytes == strlen( $buffer ) ) {
$this->mFileSize += $nbytes;
} else {
// Well... that's not good!
wfDebugLog(
'fileupload',
'Short write ' . $nbytes . '/' . strlen( $buffer ) .
' bytes, aborting with ' . $this->mFileSize . ' uploaded so far'
);
fclose( $this->mTmpHandle );
$this->mTmpHandle = false;
}
return $nbytes;
}
/**
* Download the file, save it to the temporary file and update the file
* size and set $mRemoveTempFile to true.
*
* @param array $httpOptions Array of options for MWHttpRequest
* @return Status
*/
protected function reallyFetchFile( $httpOptions = [] ) {
global $wgCopyUploadProxy, $wgCopyUploadTimeout;
if ( $this->mTempPath === false ) {
return Status::newFatal( 'tmp-create-error' );
}
// Note the temporary file should already be created by makeTemporaryFile()
$this->mTmpHandle = fopen( $this->mTempPath, 'wb' );
if ( !$this->mTmpHandle ) {
return Status::newFatal( 'tmp-create-error' );
}
wfDebugLog( 'fileupload', 'Temporary file created "' . $this->mTempPath . '"' );
$this->mRemoveTempFile = true;
$this->mFileSize = 0;
$options = $httpOptions + [ 'followRedirects' => true ];
if ( $wgCopyUploadProxy !== false ) {
$options['proxy'] = $wgCopyUploadProxy;
}
if ( $wgCopyUploadTimeout && !isset( $options['timeout'] ) ) {
$options['timeout'] = $wgCopyUploadTimeout;
}
wfDebugLog(
'fileupload',
'Starting download from "' . $this->mUrl . '" ' .
'<' . implode( ',', array_keys( array_filter( $options ) ) ) . '>'
);
$req = MWHttpRequest::factory( $this->mUrl, $options, __METHOD__ );
$req->setCallback( [ $this, 'saveTempFileChunk' ] );
$status = $req->execute();
if ( $this->mTmpHandle ) {
// File got written ok...
fclose( $this->mTmpHandle );
$this->mTmpHandle = null;
} else {
// We encountered a write error during the download...
return Status::newFatal( 'tmp-write-error' );
}
wfDebugLog( 'fileupload', $status );
if ( $status->isOK() ) {
wfDebugLog( 'fileupload', 'Download by URL completed successfully.' );
} else {
wfDebugLog(
'fileupload',
'Download by URL completed with HTTP status ' . $req->getStatus()
);
}
return $status;
}
}
Reference in a new issue View git blame Copy permalink