/** */
function wfGetType($filename, $safe = true)
{
global $wgTrivialMimeDetection;
$ext = strrchr($filename, '.');
$ext = $ext === false ? '' : strtolower(substr($ext, 1));
# trivial detection by file extension,
# used for thumbnails (thumb.php)
if ($wgTrivialMimeDetection) {
switch ($ext) {
case 'gif':
return 'image/gif';
case 'png':
return 'image/png';
case 'jpg':
return 'image/jpeg';
case 'jpeg':
return 'image/jpeg';
}
return 'unknown/unknown';
}
$magic = MimeMagic::singleton();
// Use the extension only, rather than magic numbers, to avoid opening
// up vulnerabilities due to uploads of files with allowed extensions
// but disallowed types.
$type = $magic->guessTypesForExtension($ext);
/**
* Double-check some security settings that were done on upload but might
* have changed since.
*/
if ($safe) {
global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions, $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist, $wgRequest;
$form = new UploadForm($wgRequest);
list($partName, $extList) = $form->splitExtensions($filename);
if ($form->checkFileExtensionList($extList, $wgFileBlacklist)) {
return 'unknown/unknown';
}
if ($wgCheckFileExtensions && $wgStrictFileExtensions && !$form->checkFileExtensionList($extList, $wgFileExtensions)) {
return 'unknown/unknown';
}
if ($wgVerifyMimeType && in_array(strtolower($type), $wgMimeTypeBlacklist)) {
return 'unknown/unknown';
}
}
return $type;
}
function processUpload()
{
global $wgUser, $wgOut, $wgLang, $wgContLang;
global $wgUploadDirectory;
global $wgUseCopyrightUpload, $wgCheckCopyrightUpload;
global $up;
/**
* If there was no filename or a zero size given, give up quick.
*/
if (trim($this->mOname) == '' || empty($this->mUploadSize)) {
return $this->mainUploadForm('<li>' . wfMsg('emptyfile') . '</li>');
}
# Chop off any directories in the given filename
if ($this->mDestFile) {
$basename = basename($this->mDestFile);
} else {
$basename = basename($this->mOname);
}
/**
* We'll want to blacklist against *any* 'extension', and use
* only the final one for the whitelist.
*/
list($partname, $ext) = UploadForm::splitExtensions($basename);
if (count($ext)) {
$finalExt = $ext[count($ext) - 1];
} else {
$finalExt = '';
}
$fullExt = implode('.', $ext);
if (strlen($partname) < 3) {
#$this->mainUploadForm( wfMsg( 'minlength' ) );
return wfMsg('minlength') . " <b>" . $basename . "</b><br><br>";
}
/**
* Filter out illegal characters, and try to make a legible name
* out of it. We'll strip some silently that Title would die on.
*/
$filtered = preg_replace("/[^" . Title::legalChars() . "]|:/", '-', $basename);
$nt = Title::newFromText($filtered);
if (is_null($nt)) {
#return $this->uploadError( wfMsg( 'illegalfilename', htmlspecialchars( $filtered ) ) );
return wfMsg('illegalfilename', htmlspecialchars($filtered));
}
$nt =& Title::makeTitle(NS_IMAGE, $nt->getDBkey());
$this->mUploadSaveName = $nt->getDBkey();
/**
* If the image is protected, non-sysop users won't be able
* to modify it by uploading a new revision.
*/
if (!$nt->userCanEdit()) {
return wfMsg('protectedpage') . " <b>" . $basename . "</b><br><br>";
}
/* Don't allow users to override the blacklist (check file extension) */
global $wgStrictFileExtensions;
global $wgFileExtensions, $wgFileBlacklist;
if (UploadForm::checkFileExtensionList($ext, $wgFileBlacklist) || $wgStrictFileExtensions && !UploadForm::checkFileExtension($finalExt, $wgFileExtensions)) {
#return $this->uploadError( wfMsg( 'badfiletype', htmlspecialchars( $fullExt ) ) );
return wfMsg('badfiletype', htmlspecialchars($fullExt) . " - <b>" . $basename . "</b><br><br>");
}
/**
* Look at the contents of the file; if we can recognize the
* type but it's corrupt or data of the wrong type, we should
* probably not accept it.
*/
if (!$this->mStashed) {
$veri = $up->verify($this->mUploadTempName, $finalExt);
if ($veri !== true) {
//it's a wiki error...
return $this->uploadError($veri->toString());
}
}
/**
* Check for non-fatal conditions
*/
if (!$this->mIgnoreWarning) {
$warning = '';
global $wgCapitalLinks;
if ($wgCapitalLinks) {
$filtered = ucfirst($filtered);
}
if ($this->mUploadSaveName != $filtered) {
$warning .= '<li>' . wfMsg('badfilename', htmlspecialchars($this->mUploadSaveName)) . '</li>';
}
global $wgCheckFileExtensions;
if ($wgCheckFileExtensions) {
if (!$up->checkFileExtension($finalExt, $wgFileExtensions)) {
$warning .= '<li>' . wfMsg('badfiletype', htmlspecialchars($fullExt)) . '</li>';
}
}
global $wgUploadSizeWarning;
if ($wgUploadSizeWarning && $this->mUploadSize > $wgUploadSizeWarning) {
# TODO: Format $wgUploadSizeWarning to something that looks better than the raw byte
# value, perhaps add GB,MB and KB suffixes?
$warning .= '<li>' . wfMsg('largefile', $wgUploadSizeWarning, $this->mUploadSize) . '</li>';
}
if ($this->mUploadSize == 0) {
$warning .= '<li>' . wfMsg('emptyfile') . '</li>';
}
if ($nt->getArticleID()) {
global $wgUser;
$sk = $wgUser->getSkin();
$dlink = $sk->makeKnownLinkObj($nt);
$warning .= '<li>' . wfMsg('fileexists', $dlink) . '</li>';
}
if ($warning != '') {
/**
* Stash the file in a temporary location; the user can choose
* to let it through and we'll complete the upload then.
*/
return $warning . "<br />";
}
}
/**
* Try actually saving the thing...
* It will show an error form on failure.
*/
if ($up->saveUploadedFile($this->mUploadSaveName, $this->mUploadTempName, !empty($this->mSessionKey))) {
/**
* Update the upload log and create the description page
* if it's a new file.
*/
#$img = Image::newFromName( $this->mUploadSaveName );
$success = $this->recordUpload($this->mUploadOldVersion, $this->mUploadDescription, $this->mUploadCopyStatus, $this->mUploadSource, $this->mWatchthis);
if ($success) {
# $this->showSuccess();
# AWC - Edit...
global $wgUser;
$sk = $wgUser->getSkin();
$dlink = $sk->makeKnownLinkObj($nt);
return wfMsg('fileuploaded', $this->mUploadSaveName, $dlink) . "<br><br>";
} else {
// Image::recordUpload() fails if the image went missing, which is
// unlikely, hence the lack of a specialised message
$wgOut->fileNotFoundError($this->mUploadSaveName);
}
}
}
