if (get_magic_quotes_gpc()) {
$fileName = stripslashes($fileName);
}
$pre_render = isset($_REQUEST['r']) && $_REQUEST['r'] != "0";
// Some basic input validation
$fileName = strtr($fileName, '\\/', '__');
// Work out paths, carefully avoiding constructing an Image object because that won't work yet
$imagePath = wfImageDir($fileName) . '/' . $fileName;
$thumbName = "{$width}px-{$fileName}";
if (!is_null($page)) {
$thumbName = 'page' . $page . '-' . $thumbName;
}
if ($pre_render) {
$thumbName .= '.png';
}
$thumbPath = wfImageThumbDir($fileName) . '/' . $thumbName;
if (is_file($thumbPath) && filemtime($thumbPath) >= filemtime($imagePath)) {
wfStreamFile($thumbPath);
// Can't log profiling data with no Setup.php
exit;
}
// OK, no valid thumbnail, time to get out the heavy machinery
wfProfileOut('thumb.php-start');
require_once 'Setup.php';
wfProfileIn('thumb.php-render');
$img = Image::newFromName($fileName);
try {
if ($img) {
if (!is_null($page)) {
$img->selectPage($page);
}
/**
* Delete all previously generated thumbnails, refresh metadata in memcached and purge the squid
*/
function purgeCache($archiveFiles = array(), $shared = false)
{
global $wgInternalServer, $wgUseSquid;
// Refresh metadata cache
clearstatcache();
$this->loadFromFile();
$this->saveToCache();
// Delete thumbnails
$files = $this->getThumbnails($shared);
$dir = wfImageThumbDir($this->name, $shared);
$urls = array();
foreach ($files as $file) {
if (preg_match('/^(\\d+)px/', $file, $m)) {
$urls[] = $wgInternalServer . $this->thumbUrl($m[1], $this->fromSharedDirectory);
@unlink("{$dir}/{$file}");
}
}
// Purge the squid
if ($wgUseSquid) {
$urls[] = $wgInternalServer . $this->getViewURL();
foreach ($archiveFiles as $file) {
$urls[] = $wgInternalServer . wfImageArchiveUrl($file);
}
wfPurgeSquidServers($urls);
}
}
/** I BORROWED THIS FUNCTION FROM SpecialUpload.php!! CHECK FOR EACH VERSION OF MEDIAWIKI, IF
* THIS FUNCTION STILL MAKES SENSE!
*
*/
function processUpload()
{
global $wgUser, $wgUploadDirectory, $wgRequest;
$fname = "AnyWikiDraw_body::processUpload";
// Retrieve form fields
$drawingName = $wgRequest->getText('DrawingName');
$drawingWidth = $wgRequest->getText('DrawingWidth');
$drawingHeight = $wgRequest->getText('DrawingHeight');
$drawingTempFile = $wgRequest->getFileTempName('DrawingData');
$drawingFileSize = $wgRequest->getFileSize('DrawingData');
$drawingUploadError = $wgRequest->getUploadError('DrawingData');
$renderedTempFile = $wgRequest->getFileTempName('RenderedImageData');
$renderedFileSize = $wgRequest->getFileSize('RenderedImageData');
$renderedUploadError = $wgRequest->getUploadError('RenderedImageData');
$imageMapTempFile = $wgRequest->getFileTempName('ImageMapData');
$imageMapFileSize = $wgRequest->getFileSize('ImageMapData');
$imageMapUploadError = $wgRequest->getUploadError('ImageMapData');
$uploadSummary = $wgRequest->getText('UploadSummary');
// validate image dimension
if (!is_numeric($drawingWidth) || $drawingWidth < 1) {
$drawingWidth = null;
}
if (!is_numeric($drawingHeight) || $drawingHeight < 1) {
$drawingHeight = null;
}
# If there was no filename or no image data, give up quickly.
if (strlen($drawingName) == 0 || $drawingFileSize == 0) {
wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' received bad request [DrawingName=' . $drawingName . ']' . '[fileSize(DrawingData)=' . $drawingFileSize . ']');
header('HTTP/1.0 400 Bad Request');
exit("\n\n" + '<html><body>DrawingName and DrawingData must be supplied.</body></html>');
}
// Verify filename
# Chop off any directories in the given filename.
$drawingName = wfBaseName($drawingName);
$imageExtension = substr(strrchr($drawingName, '.'), 1);
# Only allow filenames with known extensions
$allowedExtensions = array('svg', 'svgz', 'png', 'jpg');
if (!in_array($imageExtension, $allowedExtensions)) {
wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' Received bad image extension [DrawingName=' . $drawingName . ']');
header('HTTP/1.0 400 Bad Request');
exit("\n\n" + '<html><body>DrawingName must have one of the following extensions: ' . implode(',', $allowedExtensions) . '.</body></html>');
}
/**
* Filter out illegal characters, and try to make a legible name
* out of it. We'll strip some silently that Title would die on.
*/
$filtered = preg_replace("/[^" . Title::legalChars() . "]|:/", '-', $drawingName);
$nt = Title::newFromText($filtered);
if (is_null($nt)) {
wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' Received bad image name [DrawingName=' . $drawingName . ']');
header('HTTP/1.0 400 Bad Request');
exit("\n\n" + '<html><body>DrawingName must contain legible characters only.</body></html>');
}
$nt =& Title::makeTitle(NS_IMAGE, $nt->getDBkey());
$uploadSaveName = $nt->getDBkey();
/**
* If the image is protected, non-sysop users won't be able
* to modify it by uploading a new revision.
*/
if (!$nt->userCanEdit()) {
wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' image is protected [DrawingName=' . $drawingName . ']');
header('HTTP/1.0 403 Forbidden');
exit("\n\n" + '<html><body>You are not allowed to edit this image.</body></html>');
}
/**
* In some cases we may forbid overwriting of existing files.
*/
if (!$this->userCanOverwrite($uploadSaveName)) {
wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' image may not be overwritten [DrawingName=' . $drawingName . ']');
header('HTTP/1.0 403 Forbidden');
exit("\n\n" + '<html><body>You are not allowed to overwrite this image.</body></html>');
}
/** Check if the image directory is writeable, this is a common mistake */
if (!is_writeable($wgUploadDirectory)) {
header('HTTP/1.0 403 Forbidden');
exit("\n\n" + '<html><body>The upload directory on the server is read only.</body></html>');
}
/**
* Upload the file into the temp directory, so that we can scrutinize its content
*/
$archive = wfImageArchiveDir($uploadSaveName, 'temp');
/**
* Look at the contents of the file; if we can recognize the
* type but it's corrupt or data of the wrong type, we should
* probably not accept it.
*/
$veri = $this->verify($drawingTempFile, $imageExtension);
if ($veri !== true) {
wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' image failed verification [DrawingName=' . $drawingName . '][DrawingTempFile=' . $drawingTempFile . ']');
unlink($drawingTempFile);
header('HTTP/1.0 400 Bad Request');
exit("\n\n" + '<html><body>The image data is corrupt.</body></html>');
}
/**
* Provide an opportunity for extensions to add further checks
*/
$error = '';
if (!wfRunHooks('UploadVerification', array($uploadSaveName, $drawingTempFile, &$error))) {
wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' image failed extended verification [DrawingName=' . $drawingName . ']');
unlink($drawingTempFile);
header('HTTP/1.0 400 Bad Request');
exit("\n\n" + '<html><body>The image data does not match the image name extension.</body></html>');
}
/**
* Try actually saving the thing...
* It will show an error form on failure.
*/
if ($this->saveUploadedFile($uploadSaveName, $drawingTempFile, true)) {
/**
* Update the upload log and create the description page
* if it's a new file.
*/
$img = Image::newFromName($uploadSaveName);
if ($drawingWidth != null) {
$img->width = $drawingWidth;
}
if ($drawingHeight != null) {
$img->height = $drawingHeight;
}
$this->mUploadDescription = $uploadSummary;
$success = $img->recordUpload($this->mUploadOldVersion, $this->mUploadDescription, $this->mLicense, $this->mUploadCopyStatus, $this->mUploadSource, $this->mWatchthis);
/**
* Save the rendered image, if one was provided
*/
if ($renderedTempFile != null && $drawingWidth != null) {
$thumbName = $img->thumbName($drawingWidth, $img->fromSharedDirectory);
$thumbDir = wfImageThumbDir($img->name, $img->fromSharedDirectory);
$thumbPath = $thumbDir . '/' . $thumbName;
wfDebug("we have a rendered image: " . $renderedTempFile . ' width=' . $drawingWidth . ' height=' . $drawingHeight . ' thumbName=' . $thumbPath);
if (!file_exists(dirname($thumbPath))) {
mkdir(dirname($thumbPath), 0777, true);
}
// Look at the contents of the file; if we can recognize the
// type but it's corrupt or data of the wrong type, we should
// probably not accept it.
$veri = $this->verify($renderedTempFile, 'png');
if ($veri !== true) {
wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' rendered image failed verification [DrawingName=' . $drawingName . '][RenderedTempFile=' . $renderedTempFile . ']');
unlink($renderedTempFile);
} else {
move_uploaded_file($renderedTempFile, $thumbPath);
}
} else {
if ($renderedTempFile != null) {
unlink($renderedTempFile);
}
}
/**
* Save the image map, if one was provided
*/
if ($imageMapTempFile != null && $drawingWidth != null) {
$thumbName = $img->thumbName($drawingWidth, $img->fromSharedDirectory);
$thumbDir = wfImageThumbDir($img->name, $img->fromSharedDirectory);
$imageMapPath = $thumbDir . '/' . $thumbName . '.map';
wfDebug("we have an image map: " . $imageMapTempFile);
if (!file_exists(dirname($imageMapPath))) {
mkdir(dirname($imageMapPath), 0777, true);
}
// Look at the contents of the file; if we can recognize the
// type but it's corrupt or data of the wrong type, we should
// probably not accept it.
$hasScript = $this->detectScript($imageMapTempFile, 'text/html', 'html');
if ($hasScript !== false) {
wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' image map failed verification [DrawingName=' . $drawingName . '][ImageMapTempFile=' . $imageMapTempFile . ']');
unlink($imageMapTempFile);
} else {
move_uploaded_file($imageMapTempFile, $imageMapPath);
}
} else {
if ($imageMapTempFile != null) {
unlink($imageMapTempFile);
}
}
if ($success) {
$this->showSuccess();
wfRunHooks('UploadComplete', array(&$img));
} else {
// Image::recordUpload() fails if the image went missing, which is
// unlikely, hence the lack of a specialised message
$wgOut->showFileNotFoundError($this->mUploadSaveName);
}
}
if ($renderedTempFile != null) {
unlink($renderedTempFile);
}
if ($imageMapTempFile != null) {
unlink($imageMapTempFile);
}
}
/**
* Delete all previously generated thumbnails, refresh metadata in memcached and purge the squid
*/
function purgeCache($archiveFiles = array(), $shared = false)
{
global $wgUseSquid;
// Refresh metadata cache
$this->purgeMetadataCache();
// Delete thumbnails
$files = $this->getThumbnails($shared);
$dir = wfImageThumbDir($this->name, $shared);
$urls = array();
foreach ($files as $file) {
$m = array();
if (preg_match('/^(\\d+)px/', $file, $m)) {
$url = $this->thumbUrl($m[1]);
$urls[] = $url;
@unlink("{$dir}/{$file}");
}
}
// Purge the squid
if ($wgUseSquid) {
$urls[] = $this->getURL();
foreach ($archiveFiles as $file) {
$urls[] = wfImageArchiveUrl($file);
}
wfPurgeSquidServers($urls);
}
}
