if (get_magic_quotes_gpc()) { $fileName = stripslashes($fileName); } $pre_render = isset($_REQUEST['r']) && $_REQUEST['r'] != "0"; // Some basic input validation $fileName = strtr($fileName, '\\/', '__'); // Work out paths, carefully avoiding constructing an Image object because that won't work yet $imagePath = wfImageDir($fileName) . '/' . $fileName; $thumbName = "{$width}px-{$fileName}"; if (!is_null($page)) { $thumbName = 'page' . $page . '-' . $thumbName; } if ($pre_render) { $thumbName .= '.png'; } $thumbPath = wfImageThumbDir($fileName) . '/' . $thumbName; if (is_file($thumbPath) && filemtime($thumbPath) >= filemtime($imagePath)) { wfStreamFile($thumbPath); // Can't log profiling data with no Setup.php exit; } // OK, no valid thumbnail, time to get out the heavy machinery wfProfileOut('thumb.php-start'); require_once 'Setup.php'; wfProfileIn('thumb.php-render'); $img = Image::newFromName($fileName); try { if ($img) { if (!is_null($page)) { $img->selectPage($page); }
/** * Delete all previously generated thumbnails, refresh metadata in memcached and purge the squid */ function purgeCache($archiveFiles = array(), $shared = false) { global $wgInternalServer, $wgUseSquid; // Refresh metadata cache clearstatcache(); $this->loadFromFile(); $this->saveToCache(); // Delete thumbnails $files = $this->getThumbnails($shared); $dir = wfImageThumbDir($this->name, $shared); $urls = array(); foreach ($files as $file) { if (preg_match('/^(\\d+)px/', $file, $m)) { $urls[] = $wgInternalServer . $this->thumbUrl($m[1], $this->fromSharedDirectory); @unlink("{$dir}/{$file}"); } } // Purge the squid if ($wgUseSquid) { $urls[] = $wgInternalServer . $this->getViewURL(); foreach ($archiveFiles as $file) { $urls[] = $wgInternalServer . wfImageArchiveUrl($file); } wfPurgeSquidServers($urls); } }
/** I BORROWED THIS FUNCTION FROM SpecialUpload.php!! CHECK FOR EACH VERSION OF MEDIAWIKI, IF * THIS FUNCTION STILL MAKES SENSE! * */ function processUpload() { global $wgUser, $wgUploadDirectory, $wgRequest; $fname = "AnyWikiDraw_body::processUpload"; // Retrieve form fields $drawingName = $wgRequest->getText('DrawingName'); $drawingWidth = $wgRequest->getText('DrawingWidth'); $drawingHeight = $wgRequest->getText('DrawingHeight'); $drawingTempFile = $wgRequest->getFileTempName('DrawingData'); $drawingFileSize = $wgRequest->getFileSize('DrawingData'); $drawingUploadError = $wgRequest->getUploadError('DrawingData'); $renderedTempFile = $wgRequest->getFileTempName('RenderedImageData'); $renderedFileSize = $wgRequest->getFileSize('RenderedImageData'); $renderedUploadError = $wgRequest->getUploadError('RenderedImageData'); $imageMapTempFile = $wgRequest->getFileTempName('ImageMapData'); $imageMapFileSize = $wgRequest->getFileSize('ImageMapData'); $imageMapUploadError = $wgRequest->getUploadError('ImageMapData'); $uploadSummary = $wgRequest->getText('UploadSummary'); // validate image dimension if (!is_numeric($drawingWidth) || $drawingWidth < 1) { $drawingWidth = null; } if (!is_numeric($drawingHeight) || $drawingHeight < 1) { $drawingHeight = null; } # If there was no filename or no image data, give up quickly. if (strlen($drawingName) == 0 || $drawingFileSize == 0) { wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' received bad request [DrawingName=' . $drawingName . ']' . '[fileSize(DrawingData)=' . $drawingFileSize . ']'); header('HTTP/1.0 400 Bad Request'); exit("\n\n" + '<html><body>DrawingName and DrawingData must be supplied.</body></html>'); } // Verify filename # Chop off any directories in the given filename. $drawingName = wfBaseName($drawingName); $imageExtension = substr(strrchr($drawingName, '.'), 1); # Only allow filenames with known extensions $allowedExtensions = array('svg', 'svgz', 'png', 'jpg'); if (!in_array($imageExtension, $allowedExtensions)) { wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' Received bad image extension [DrawingName=' . $drawingName . ']'); header('HTTP/1.0 400 Bad Request'); exit("\n\n" + '<html><body>DrawingName must have one of the following extensions: ' . implode(',', $allowedExtensions) . '.</body></html>'); } /** * Filter out illegal characters, and try to make a legible name * out of it. We'll strip some silently that Title would die on. */ $filtered = preg_replace("/[^" . Title::legalChars() . "]|:/", '-', $drawingName); $nt = Title::newFromText($filtered); if (is_null($nt)) { wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' Received bad image name [DrawingName=' . $drawingName . ']'); header('HTTP/1.0 400 Bad Request'); exit("\n\n" + '<html><body>DrawingName must contain legible characters only.</body></html>'); } $nt =& Title::makeTitle(NS_IMAGE, $nt->getDBkey()); $uploadSaveName = $nt->getDBkey(); /** * If the image is protected, non-sysop users won't be able * to modify it by uploading a new revision. */ if (!$nt->userCanEdit()) { wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' image is protected [DrawingName=' . $drawingName . ']'); header('HTTP/1.0 403 Forbidden'); exit("\n\n" + '<html><body>You are not allowed to edit this image.</body></html>'); } /** * In some cases we may forbid overwriting of existing files. */ if (!$this->userCanOverwrite($uploadSaveName)) { wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' image may not be overwritten [DrawingName=' . $drawingName . ']'); header('HTTP/1.0 403 Forbidden'); exit("\n\n" + '<html><body>You are not allowed to overwrite this image.</body></html>'); } /** Check if the image directory is writeable, this is a common mistake */ if (!is_writeable($wgUploadDirectory)) { header('HTTP/1.0 403 Forbidden'); exit("\n\n" + '<html><body>The upload directory on the server is read only.</body></html>'); } /** * Upload the file into the temp directory, so that we can scrutinize its content */ $archive = wfImageArchiveDir($uploadSaveName, 'temp'); /** * Look at the contents of the file; if we can recognize the * type but it's corrupt or data of the wrong type, we should * probably not accept it. */ $veri = $this->verify($drawingTempFile, $imageExtension); if ($veri !== true) { wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' image failed verification [DrawingName=' . $drawingName . '][DrawingTempFile=' . $drawingTempFile . ']'); unlink($drawingTempFile); header('HTTP/1.0 400 Bad Request'); exit("\n\n" + '<html><body>The image data is corrupt.</body></html>'); } /** * Provide an opportunity for extensions to add further checks */ $error = ''; if (!wfRunHooks('UploadVerification', array($uploadSaveName, $drawingTempFile, &$error))) { wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' image failed extended verification [DrawingName=' . $drawingName . ']'); unlink($drawingTempFile); header('HTTP/1.0 400 Bad Request'); exit("\n\n" + '<html><body>The image data does not match the image name extension.</body></html>'); } /** * Try actually saving the thing... * It will show an error form on failure. */ if ($this->saveUploadedFile($uploadSaveName, $drawingTempFile, true)) { /** * Update the upload log and create the description page * if it's a new file. */ $img = Image::newFromName($uploadSaveName); if ($drawingWidth != null) { $img->width = $drawingWidth; } if ($drawingHeight != null) { $img->height = $drawingHeight; } $this->mUploadDescription = $uploadSummary; $success = $img->recordUpload($this->mUploadOldVersion, $this->mUploadDescription, $this->mLicense, $this->mUploadCopyStatus, $this->mUploadSource, $this->mWatchthis); /** * Save the rendered image, if one was provided */ if ($renderedTempFile != null && $drawingWidth != null) { $thumbName = $img->thumbName($drawingWidth, $img->fromSharedDirectory); $thumbDir = wfImageThumbDir($img->name, $img->fromSharedDirectory); $thumbPath = $thumbDir . '/' . $thumbName; wfDebug("we have a rendered image: " . $renderedTempFile . ' width=' . $drawingWidth . ' height=' . $drawingHeight . ' thumbName=' . $thumbPath); if (!file_exists(dirname($thumbPath))) { mkdir(dirname($thumbPath), 0777, true); } // Look at the contents of the file; if we can recognize the // type but it's corrupt or data of the wrong type, we should // probably not accept it. $veri = $this->verify($renderedTempFile, 'png'); if ($veri !== true) { wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' rendered image failed verification [DrawingName=' . $drawingName . '][RenderedTempFile=' . $renderedTempFile . ']'); unlink($renderedTempFile); } else { move_uploaded_file($renderedTempFile, $thumbPath); } } else { if ($renderedTempFile != null) { unlink($renderedTempFile); } } /** * Save the image map, if one was provided */ if ($imageMapTempFile != null && $drawingWidth != null) { $thumbName = $img->thumbName($drawingWidth, $img->fromSharedDirectory); $thumbDir = wfImageThumbDir($img->name, $img->fromSharedDirectory); $imageMapPath = $thumbDir . '/' . $thumbName . '.map'; wfDebug("we have an image map: " . $imageMapTempFile); if (!file_exists(dirname($imageMapPath))) { mkdir(dirname($imageMapPath), 0777, true); } // Look at the contents of the file; if we can recognize the // type but it's corrupt or data of the wrong type, we should // probably not accept it. $hasScript = $this->detectScript($imageMapTempFile, 'text/html', 'html'); if ($hasScript !== false) { wfDebug('[client ' . $_SERVER["REMOTE_ADDR"] . ']' . '[user ' . $wgUser->getName() . '] ' . $fname . ' image map failed verification [DrawingName=' . $drawingName . '][ImageMapTempFile=' . $imageMapTempFile . ']'); unlink($imageMapTempFile); } else { move_uploaded_file($imageMapTempFile, $imageMapPath); } } else { if ($imageMapTempFile != null) { unlink($imageMapTempFile); } } if ($success) { $this->showSuccess(); wfRunHooks('UploadComplete', array(&$img)); } else { // Image::recordUpload() fails if the image went missing, which is // unlikely, hence the lack of a specialised message $wgOut->showFileNotFoundError($this->mUploadSaveName); } } if ($renderedTempFile != null) { unlink($renderedTempFile); } if ($imageMapTempFile != null) { unlink($imageMapTempFile); } }
/** * Delete all previously generated thumbnails, refresh metadata in memcached and purge the squid */ function purgeCache($archiveFiles = array(), $shared = false) { global $wgUseSquid; // Refresh metadata cache $this->purgeMetadataCache(); // Delete thumbnails $files = $this->getThumbnails($shared); $dir = wfImageThumbDir($this->name, $shared); $urls = array(); foreach ($files as $file) { $m = array(); if (preg_match('/^(\\d+)px/', $file, $m)) { $url = $this->thumbUrl($m[1]); $urls[] = $url; @unlink("{$dir}/{$file}"); } } // Purge the squid if ($wgUseSquid) { $urls[] = $this->getURL(); foreach ($archiveFiles as $file) { $urls[] = wfImageArchiveUrl($file); } wfPurgeSquidServers($urls); } }