public static function onUploadVerification($saveName, $tempName, &$error) { $vars = new AbuseFilterVariableHolder(); global $wgUser; $title = Title::makeTitle(NS_FILE, $saveName); $vars->addHolder(AbuseFilterVariableHolder::merge(AbuseFilter::generateUserVars($wgUser), AbuseFilter::generateTitleVars($title, 'FILE'))); $vars->setVar('ACTION', 'upload'); $vars->setVar('file_sha1', sha1_file($tempName)); // TODO share with save $filter_result = AbuseFilter::filterAction($vars, $title); if (is_string($filter_result)) { $error = $filter_result; } return $filter_result == '' || $filter_result === true; }
/** * Handler for the UploadVerifyFile hook * * @param $upload UploadBase * @param $mime * @param $error array * * @return bool */ public static function onUploadVerifyFile($upload, $mime, &$error) { global $wgUser, $wgVersion; $vars = new AbuseFilterVariableHolder(); $title = $upload->getTitle(); if (!$title) { // If there's no valid title assigned to the upload // it wont proceed anyway, so no point in filtering it. return true; } $vars->addHolders(AbuseFilter::generateUserVars($wgUser), AbuseFilter::generateTitleVars($title, 'FILE')); $vars->setVar('ACTION', 'upload'); // We us the hexadecimal version of the file sha1 if (version_compare($wgVersion, '1.21', '>=')) { // Use UploadBase::getTempFileSha1Base36 so that we don't have to calculate the sha1 sum again $sha1 = wfBaseConvert($upload->getTempFileSha1Base36(), 36, 16, 40); } else { // UploadBase::getTempFileSha1Base36 wasn't public until 1.21 $sha1 = sha1_file($upload->getTempPath()); } $vars->setVar('file_sha1', $sha1); $filter_result = AbuseFilter::filterAction($vars, $title); if (!$filter_result->isOK()) { $error = $filter_result->getErrorsArray(); $error = $error[0]; } return $filter_result->isOK(); }
/** * Check for abusive or spammy content * * Check the following in sequence (cheapest processing to most expensive, * returning if we get a hit): * 1) Respect $wgSpamRegex * 2) Check SpamBlacklist * 3) Check AbuseFilter * * @param $value string the text to check * @param $pageId int the page ID */ private function findAbuse(&$value, $pageId) { // Respect $wgSpamRegex global $wgSpamRegex; if (is_array($wgSpamRegex) && count($wgSpamRegex) > 0 || is_string($wgSpamRegex) && strlen($wgSpamRegex) > 0) { // In older versions, $wgSpamRegex may be a single string rather than // an array of regexes, so make it compatible. $regexes = (array) $wgSpamRegex; foreach ($regexes as $regex) { if (preg_match($regex, $value)) { return true; } } } // Create a fake title so we can pretend this is an article edit $title = Title::newFromText('__article_feedback_5__'); // Check SpamBlacklist, if installed if (function_exists('wfSpamBlacklistObject')) { $spam = wfSpamBlacklistObject(); $ret = $spam->filter($title, $value, ''); if ($ret !== false) { return true; } } // Check AbuseFilter, if installed if (class_exists('AbuseFilter')) { global $wgUser; $vars = new AbuseFilterVariableHolder(); $vars->addHolder(AbuseFilter::generateUserVars($wgUser)); $vars->addHolder(AbuseFilter::generateTitleVars($title, 'FEEDBACK')); $vars->setVar('SUMMARY', 'Article Feedback 5'); $vars->setVar('ACTION', 'feedback'); $vars->setVar('old_wikitext', ''); $vars->setVar('new_wikitext', $value); $vars->addHolder(AbuseFilter::getEditVars($title)); $filter_result = AbuseFilter::filterAction($vars, $title); return $filter_result != '' && $filter_result !== true; } return false; }