function readZipAssertSuccess($file, $assertMessage) { $this->entries = array(); $status = ZipDirectoryReader::read("{$this->zipDir}/{$file}", array($this, 'zipCallback')); $this->assertTrue($status->isOK(), $assertMessage); }
/** * A verification routine suitable for partial files * * Runs the blacklist checks, but not any checks that may * assume the entire file is present. * * @return Mixed true for valid or array with error message key. */ protected function verifyPartialFile() { global $wgAllowJavaUploads, $wgDisableUploadScriptChecks; wfProfileIn(__METHOD__); # getTitle() sets some internal parameters like $this->mFinalExtension $this->getTitle(); $this->mFileProps = FSFile::getPropsFromPath($this->mTempPath, $this->mFinalExtension); # check mime type, if desired $mime = $this->mFileProps['file-mime']; $status = $this->verifyMimeType($mime); if ($status !== true) { wfProfileOut(__METHOD__); return $status; } # check for htmlish code and javascript if (!$wgDisableUploadScriptChecks) { if (self::detectScript($this->mTempPath, $mime, $this->mFinalExtension)) { wfProfileOut(__METHOD__); return array('uploadscripted'); } if ($this->mFinalExtension == 'svg' || $mime == 'image/svg+xml') { $svgStatus = $this->detectScriptInSvg($this->mTempPath); if ($svgStatus !== false) { wfProfileOut(__METHOD__); return $svgStatus; } } } # Check for Java applets, which if uploaded can bypass cross-site # restrictions. if (!$wgAllowJavaUploads) { $this->mJavaDetected = false; $zipStatus = ZipDirectoryReader::read($this->mTempPath, array($this, 'zipEntryCallback')); if (!$zipStatus->isOK()) { $errors = $zipStatus->getErrorsArray(); $error = reset($errors); if ($error[0] !== 'zip-wrong-format') { wfProfileOut(__METHOD__); return $error; } } if ($this->mJavaDetected) { wfProfileOut(__METHOD__); return array('uploadjava'); } } # Scan the uploaded file for viruses $virus = $this->detectVirus($this->mTempPath); if ($virus) { wfProfileOut(__METHOD__); return array('uploadvirus', $virus); } wfProfileOut(__METHOD__); return true; }
/** * Verifies that it's ok to include the uploaded file * * @return mixed true of the file is verified, array otherwise. */ protected function verifyFile() { global $wgAllowJavaUploads, $wgDisableUploadScriptChecks; # get the title, even though we are doing nothing with it, because # we need to populate mFinalExtension $this->getTitle(); $this->mFileProps = FSFile::getPropsFromPath($this->mTempPath, $this->mFinalExtension); # check mime type, if desired $mime = $this->mFileProps['file-mime']; $status = $this->verifyMimeType($mime); if ($status !== true) { return $status; } # check for htmlish code and javascript if (!$wgDisableUploadScriptChecks) { if (self::detectScript($this->mTempPath, $mime, $this->mFinalExtension)) { return array('uploadscripted'); } if ($this->mFinalExtension == 'svg' || $mime == 'image/svg+xml') { if ($this->detectScriptInSvg($this->mTempPath)) { return array('uploadscripted'); } } } # Check for Java applets, which if uploaded can bypass cross-site # restrictions. if (!$wgAllowJavaUploads) { $this->mJavaDetected = false; $zipStatus = ZipDirectoryReader::read($this->mTempPath, array($this, 'zipEntryCallback')); if (!$zipStatus->isOK()) { $errors = $zipStatus->getErrorsArray(); $error = reset($errors); if ($error[0] !== 'zip-wrong-format') { return $error; } } if ($this->mJavaDetected) { return array('uploadjava'); } } # Scan the uploaded file for viruses $virus = $this->detectVirus($this->mTempPath); if ($virus) { return array('uploadvirus', $virus); } $handler = MediaHandler::getHandler($mime); if ($handler) { $handlerStatus = $handler->verifyUpload($this->mTempPath); if (!$handlerStatus->isOK()) { $errors = $handlerStatus->getErrorsArray(); return reset($errors); } } wfRunHooks('UploadVerifyFile', array($this, $mime, &$status)); if ($status !== true) { return $status; } wfDebug(__METHOD__ . ": all clear; passing.\n"); return true; }