/** * Handle image upload * * Returns array with uploaded files details or error details */ public function uploadImage($uploadFieldName = self::DEFAULT_FILE_FIELD_NAME, $destFileName = null, $forceOverwrite = false) { global $IP, $wgRequest, $wgUser; wfProfileIn(__METHOD__); $ret = false; // check whether upload is enabled (RT #53714) if (!WikiaPhotoGalleryHelper::isUploadAllowed()) { $ret = array('error' => true, 'message' => wfMsg('uploaddisabled')); wfProfileOut(__METHOD__); return $ret; } $imageName = stripslashes(!empty($destFileName) ? $destFileName : $wgRequest->getFileName($uploadFieldName)); // validate name and content of uploaded photo $nameValidation = $this->checkImageName($imageName, $uploadFieldName); if ($nameValidation == UploadBase::SUCCESS) { // get path to uploaded image $imagePath = $wgRequest->getFileTempName($uploadFieldName); // check if image with this name is already uploaded if ($this->imageExists($imageName) && !$forceOverwrite) { // upload as temporary file $this->log(__METHOD__, "image '{$imageName}' already exists!"); $tempName = $this->tempFileName($wgUser); $title = Title::makeTitle(NS_FILE, $tempName); $localRepo = RepoGroup::singleton()->getLocalRepo(); $file = new FakeLocalFile($title, $localRepo); $file->upload($wgRequest->getFileTempName($uploadFieldName), '', ''); // store uploaded image in GarbageCollector (image will be removed if not used) $tempId = $this->tempFileStoreInfo($tempName); // generate thumbnail (to fit 200x200 box) of temporary file $width = min(WikiaPhotoGalleryHelper::thumbnailMaxWidth, $file->width); $height = min(WikiaPhotoGalleryHelper::thumbnailMaxHeight, $file->height); $thumbnail = $file->transform(array('height' => $height, 'width' => $width)); // split uploaded file name into name + extension (foo-bar.png => foo-bar + png) list($fileName, $extensionsName) = UploadBase::splitExtensions($imageName); $extensionName = !empty($extensionsName) ? end($extensionsName) : ''; $this->log(__METHOD__, 'upload successful'); $ret = array('conflict' => true, 'name' => $imageName, 'nameParts' => array($fileName, $extensionName), 'tempId' => $tempId, 'size' => array('height' => $file->height, 'width' => $file->width), 'thumbnail' => array('height' => $thumbnail->height, 'url' => $thumbnail->url, 'width' => $thumbnail->width)); } else { // use regular MW upload $this->log(__METHOD__, "image '{$imageName}' is new one - uploading as MW file"); $this->log(__METHOD__, "uploading '{$imagePath}' as File:{$imageName}"); // create title and file objects for MW image to create $imageTitle = Title::newFromText($imageName, NS_FILE); $imageFile = new LocalFile($imageTitle, RepoGroup::singleton()->getLocalRepo()); // perform upload $result = $imageFile->upload($imagePath, '', ''); $this->log(__METHOD__, !empty($result->ok) ? 'upload successful' : 'upload failed'); $ret = array('success' => !empty($result->ok), 'name' => $imageName, 'size' => array('height' => !empty($result->ok) ? $imageFile->getHeight() : 0, 'width' => !empty($result->ok) ? $imageFile->getWidth() : 0)); } } else { $reason = $nameValidation; $this->log(__METHOD__, "upload failed - file name is not valid (error #{$reason})"); $ret = array('error' => true, 'reason' => $reason, 'message' => $this->translateError($reason)); } wfProfileOut(__METHOD__); return $ret; }
/** */ function wfGetType($filename, $safe = true) { global $wgTrivialMimeDetection; $ext = strrchr($filename, '.'); $ext = $ext === false ? '' : strtolower(substr($ext, 1)); # trivial detection by file extension, # used for thumbnails (thumb.php) if ($wgTrivialMimeDetection) { switch ($ext) { case 'gif': return 'image/gif'; case 'png': return 'image/png'; case 'jpg': return 'image/jpeg'; case 'jpeg': return 'image/jpeg'; } return 'unknown/unknown'; } $magic = MimeMagic::singleton(); // Use the extension only, rather than magic numbers, to avoid opening // up vulnerabilities due to uploads of files with allowed extensions // but disallowed types. $type = $magic->guessTypesForExtension($ext); /** * Double-check some security settings that were done on upload but might * have changed since. */ if ($safe) { global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions, $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist, $wgRequest; list($partName, $extList) = UploadBase::splitExtensions($filename); if (UploadBase::checkFileExtensionList($extList, $wgFileBlacklist)) { return 'unknown/unknown'; } if ($wgCheckFileExtensions && $wgStrictFileExtensions && !UploadBase::checkFileExtensionList($extList, $wgFileExtensions)) { return 'unknown/unknown'; } if ($wgVerifyMimeType && in_array(strtolower($type), $wgMimeTypeBlacklist)) { return 'unknown/unknown'; } } return $type; }
/** * This functions handle the third step of the WMU, image insertion * * @return bool|String */ function insertImage() { global $wgRequest, $wgUser, $wgContLang; $type = $wgRequest->getVal('type'); $name = $wgRequest->getVal('name'); $mwname = $wgRequest->getVal('mwname'); $tempid = $wgRequest->getVal('tempid'); $gallery = $wgRequest->getVal('gallery', ''); $title_main = urldecode($wgRequest->getVal('article', '')); $ns = $wgRequest->getVal('ns', ''); $link = urldecode($wgRequest->getVal('link', '')); // Are we in the ck editor? $ck = $wgRequest->getVal('ck'); $extraId = $wgRequest->getVal('extraId'); $newFile = true; $file = null; if ($name !== NULL) { $name = urldecode($name); if ($name == '') { header('X-screen-type: error'); return WfMsg('wmu-warn3'); } else { $name = preg_replace("/[^" . Title::legalChars() . "]|:/", '-', $name); // did they give no extension at all when they changed the name? $ext = explode('.', $name); array_shift($ext); if (count($ext)) { $finalExt = $ext[count($ext) - 1]; } else { $finalExt = ''; } if ('' == $finalExt) { header('X-screen-type: error'); return wfMsg('wmu-filetype-missing'); } $title = Title::makeTitleSafe(NS_IMAGE, $name); if (is_null($title)) { header('X-screen-type: error'); return wfMsg('wmu-filetype-incorrect'); } if ($title->exists()) { if ($type == 'overwrite') { $title = Title::newFromText($name, 6); // is the target protected? $permErrors = $title->getUserPermissionsErrors('edit', $wgUser); $permErrorsUpload = $title->getUserPermissionsErrors('upload', $wgUser); $permErrorsCreate = $title->exists() ? array() : $title->getUserPermissionsErrors('create', $wgUser); if ($permErrors || $permErrorsUpload || $permErrorsCreate) { header('X-screen-type: error'); return wfMsg('wmu-file-protected'); } $file_name = new LocalFile($title, RepoGroup::singleton()->getLocalRepo()); $file_mwname = new FakeLocalFile(Title::newFromText($mwname, 6), RepoGroup::singleton()->getLocalRepo()); if (!empty($extraId)) { $flickrResult = $this->getFlickrPhotoInfo($extraId); $nsid = $flickrResult['owner']['nsid']; // e.g. 49127042@N00 $username = $flickrResult['owner']['username']; // e.g. bossa67 $license = $flickrResult['license']; $caption = '{{MediaWiki:Flickr' . intval($license) . '|1=' . wfEscapeWikiText($extraId) . '|2=' . wfEscapeWikiText($nsid) . '|3=' . wfEscapeWikiText($username) . '}}'; } else { $caption = ''; } $file_name->upload($file_mwname->getPath(), '', $caption); $file_mwname->delete(''); $this->tempFileClearInfo($tempid); $newFile = false; } else { if ($type == 'existing') { $file = wfFindFile(Title::newFromText($name, 6)); if (!empty($file)) { header('X-screen-type: existing'); $props = array(); $props['file'] = $file; $props['mwname'] = $name; $props['default_caption'] = Wikia::getProps($file->getTitle()->getArticleID(), 'default_caption'); return $this->detailsPage($props); } else { header('X-screen-type: error'); return wfMsg('wmu-file-error'); } } else { header('X-screen-type: conflict'); $tmpl = new EasyTemplate(dirname(__FILE__) . '/templates/'); // extensions check list($partname, $ext) = UploadBase::splitExtensions($name); if (count($ext)) { $finalExt = $ext[count($ext) - 1]; } else { $finalExt = ''; } // for more than one "extension" if (count($ext) > 1) { for ($i = 0; $i < count($ext) - 1; $i++) { $partname .= '.' . $ext[$i]; } } $tmpl->set_vars(array('partname' => $partname, 'extension' => strtolower($finalExt), 'mwname' => $mwname, 'extraId' => $extraId)); return $tmpl->render('conflict'); } } } else { // is the target protected? $permErrors = $title->getUserPermissionsErrors('edit', $wgUser); $permErrorsUpload = $title->getUserPermissionsErrors('upload', $wgUser); $permErrorsCreate = $title->exists() ? array() : $title->getUserPermissionsErrors('create', $wgUser); if ($permErrors || $permErrorsUpload || $permErrorsCreate) { header('X-screen-type: error'); return wfMsg('wmu-file-protected'); } $temp_file = new FakeLocalFile(Title::newFromText($mwname, 6), RepoGroup::singleton()->getLocalRepo()); $file = new LocalFile($title, RepoGroup::singleton()->getLocalRepo()); if (!empty($extraId)) { $flickrResult = $this->getFlickrPhotoInfo($extraId); $nsid = $flickrResult['owner']['nsid']; // e.g. 49127042@N00 $username = $flickrResult['owner']['username']; // e.g. bossa67 $license = $flickrResult['license']; $caption = '{{MediaWiki:Flickr' . intval($license) . '|1=' . wfEscapeWikiText($extraId) . '|2=' . wfEscapeWikiText($nsid) . '|3=' . wfEscapeWikiText($username) . '}}'; } else { // get the supplied license value $license = $wgRequest->getVal('ImageUploadLicense'); if ($license != '') { $caption = '== ' . wfMsgForContent('license') . " ==\n" . '{{' . $license . '}}' . "\n"; } else { $caption = ""; } } $file->upload($temp_file->getPath(), '', $caption); $temp_file->delete(''); $this->tempFileClearInfo($tempid); } if ($wgUser->getGLobalPreference('watchdefault') || $newFile && $wgUser->getGlobalPreference('watchcreations')) { $wgUser->addWatch($title); } $db =& wfGetDB(DB_MASTER); $db->commit(); } } else { $title = Title::newFromText($mwname, 6); } if (is_null($file)) { $file = wfFindFile($title); } if (!is_object($file)) { header('X-screen-type: error'); return wfMessage('wmu-file-not-found')->plain(); } // Test if this violates the size requirements we've been given if ($msg = $this->invalidSize($file)) { header('X-screen-type: error'); return $msg; } $ns_img = $wgContLang->getFormattedNsText(NS_IMAGE); if (-2 == $gallery && !$ck) { // this went in from the single placeholder... $name = $title->getText(); $size = $wgRequest->getVal('size'); $width = $wgRequest->getVal('width'); $layout = $wgRequest->getVal('layout'); // clear the old caption for upload $caption = $wgRequest->getVal('caption'); $slider = $wgRequest->getVal('slider'); $title_obj = Title::newFromText($title_main, $ns); $article_obj = new Article($title_obj); $text = $article_obj->getContent(); wfRunHooks('WikiaMiniUpload::fetchTextForImagePlaceholder', array(&$title_obj, &$text)); $box = $wgRequest->getVal('box', ''); $placeholder = MediaPlaceholderMatch($text, $box); $success = false; if ($placeholder) { $our_gallery = $placeholder[0]; $gallery_split = explode(':', $our_gallery); $thumb = false; $tag = $gallery_split[0] . ":" . $name; if ($size != 'full') { $tag .= '|thumb'; $thumb = true; } if (isset($width)) { $tag .= '|' . $width; } $tag .= '|' . $layout; if ($link != '') { $tag .= '|link=' . $link; } if ($caption != '') { $tag .= '|' . $caption; } $tag .= "]]"; $text = substr_replace($text, $tag, $placeholder[1], strlen($our_gallery)); // return the proper embed code with all fancies around it $embed_code = $this->generateImage($file, $name, $title_obj, $thumb, (int) str_replace('px', '', $width), $layout, $caption); $message = wfMsg('wmu-success'); Wikia::setVar('EditFromViewMode', true); $summary = wfMsg('wmu-added-from-plc'); $success = $article_obj->doEdit($text, $summary); } if ($success) { header('X-screen-type: summary'); } else { // failure signal opens js alert (BugId:4935) header('X-screen-type: error'); return; } } else { header('X-screen-type: summary'); $size = $wgRequest->getVal('size'); $width = $wgRequest->getVal('width'); $layout = $wgRequest->getVal('layout'); $caption = $wgRequest->getVal('caption'); $slider = $wgRequest->getVal('slider'); $tag = '[[' . $ns_img . ':' . $title->getDBkey(); if ($size != 'full' && ($file->getMediaType() == 'BITMAP' || $file->getMediaType() == 'DRAWING')) { $tag .= '|thumb'; if ($layout != 'right') { $tag .= '|' . $layout; } if ($slider == 'true') { $tag .= '|' . $width; } } if ($link != '' && $size == 'full') { $tag .= '|link=' . $link; } if ($caption != '') { if ($size == 'full') { $tag .= '|frame'; if ($layout != 'right') { $tag .= '|' . $layout; } } $tag .= '|' . $caption . ']]'; } else { if ($size == 'full') { $tag .= '|' . $layout; } $tag .= ']]'; } } $message = wfMsg('wmu-success'); if ($wgRequest->getVal('update_caption') == 'on') { Wikia::setProps($title->getArticleID(), array('default_caption' => $caption)); } $tmpl = new EasyTemplate(dirname(__FILE__) . '/templates/'); $tmpl->set_vars(array('tag' => $tag, 'filename' => $ns_img . ':' . $title->getDBkey(), 'message' => $message, 'code' => isset($embed_code) ? $embed_code : '')); return $tmpl->render('summary'); }
/** * Really do the upload * Checks are made in SpecialUpload::execute() * @access private */ function processUpload() { /** * If there was no filename or a zero size given, give up quick. */ if (trim($this->mOname) == '' || empty($this->mUploadSize)) { return $this->mainUploadForm('<li>' . $this->msg('emptyfile')->plain() . '</li>'); } # Chop off any directories in the given filename if ($this->mDestFile) { $basename = basename($this->mDestFile); } else { $basename = basename($this->mOname); } /** * We'll want to blacklist against *any* 'extension', and use * only the final one for the whitelist. */ list($partname, $ext) = UploadBase::splitExtensions($basename); if (count($ext)) { $finalExt = $ext[count($ext) - 1]; } else { $finalExt = ''; } $fullExt = implode('.', $ext); $this->mUploadSaveName = $basename; $filtered = $basename; /* Don't allow users to override the blacklist (check file extension) */ global $wgStrictFileExtensions, $wgFileBlacklist; if (UploadBase::checkFileExtensionList($ext, $wgFileBlacklist) || $wgStrictFileExtensions && !UploadBase::checkFileExtension($finalExt, $this->fileExtensions)) { return $this->uploadError($this->msg('filetype-banned', htmlspecialchars($fullExt))->escaped()); } /** * Look at the contents of the file; if we can recognize the * type but it's corrupt or data of the wrong type, we should * probably not accept it. */ if (!$this->mStashed) { $veri = $this->verify($this->mUploadTempName, $finalExt); if (!$veri->isGood()) { return $this->uploadError($this->getOutput()->parse($veri->getWikiText())); } } /** * Check for non-fatal conditions */ if (!$this->mIgnoreWarning) { $warning = ''; global $wgCheckFileExtensions; if ($wgCheckFileExtensions) { if (!UploadBase::checkFileExtension($finalExt, $this->fileExtensions)) { $warning .= '<li>' . $this->msg('filetype-banned', htmlspecialchars($fullExt))->escaped() . '</li>'; } } global $wgUploadSizeWarning; if ($wgUploadSizeWarning && $this->mUploadSize > $wgUploadSizeWarning) { $lang = $this->getLanguage(); $wsize = $lang->formatSize($wgUploadSizeWarning); $asize = $lang->formatSize($this->mUploadSize); $warning .= '<li>' . $this->msg('large-file', $wsize, $asize)->escaped() . '</li>'; } if ($this->mUploadSize == 0) { $warning .= '<li>' . $this->msg('emptyfile')->plain() . '</li>'; } if ($warning != '') { /** * Stash the file in a temporary location; the user can choose * to let it through and we'll complete the upload then. */ return $this->uploadWarning($warning); } } /** * Try actually saving the thing... * It will show an error form on failure. */ $status = $this->saveUploadedFile($this->mUploadSaveName, $this->mUploadTempName, strtoupper($fullExt)); if ($status > 0) { $this->showSuccess($status); } }