function readZipAssertSuccess($file, $assertMessage)
{
$this->entries = array();
$status = ZipDirectoryReader::read("{$this->zipDir}/{$file}", array($this, 'zipCallback'));
$this->assertTrue($status->isOK(), $assertMessage);
}
/**
* A verification routine suitable for partial files
*
* Runs the blacklist checks, but not any checks that may
* assume the entire file is present.
*
* @return Mixed true for valid or array with error message key.
*/
protected function verifyPartialFile()
{
global $wgAllowJavaUploads, $wgDisableUploadScriptChecks;
wfProfileIn(__METHOD__);
# getTitle() sets some internal parameters like $this->mFinalExtension
$this->getTitle();
$this->mFileProps = FSFile::getPropsFromPath($this->mTempPath, $this->mFinalExtension);
# check mime type, if desired
$mime = $this->mFileProps['file-mime'];
$status = $this->verifyMimeType($mime);
if ($status !== true) {
wfProfileOut(__METHOD__);
return $status;
}
# check for htmlish code and javascript
if (!$wgDisableUploadScriptChecks) {
if (self::detectScript($this->mTempPath, $mime, $this->mFinalExtension)) {
wfProfileOut(__METHOD__);
return array('uploadscripted');
}
if ($this->mFinalExtension == 'svg' || $mime == 'image/svg+xml') {
$svgStatus = $this->detectScriptInSvg($this->mTempPath);
if ($svgStatus !== false) {
wfProfileOut(__METHOD__);
return $svgStatus;
}
}
}
# Check for Java applets, which if uploaded can bypass cross-site
# restrictions.
if (!$wgAllowJavaUploads) {
$this->mJavaDetected = false;
$zipStatus = ZipDirectoryReader::read($this->mTempPath, array($this, 'zipEntryCallback'));
if (!$zipStatus->isOK()) {
$errors = $zipStatus->getErrorsArray();
$error = reset($errors);
if ($error[0] !== 'zip-wrong-format') {
wfProfileOut(__METHOD__);
return $error;
}
}
if ($this->mJavaDetected) {
wfProfileOut(__METHOD__);
return array('uploadjava');
}
}
# Scan the uploaded file for viruses
$virus = $this->detectVirus($this->mTempPath);
if ($virus) {
wfProfileOut(__METHOD__);
return array('uploadvirus', $virus);
}
wfProfileOut(__METHOD__);
return true;
}
/**
* Verifies that it's ok to include the uploaded file
*
* @return mixed true of the file is verified, array otherwise.
*/
protected function verifyFile()
{
global $wgAllowJavaUploads, $wgDisableUploadScriptChecks;
# get the title, even though we are doing nothing with it, because
# we need to populate mFinalExtension
$this->getTitle();
$this->mFileProps = FSFile::getPropsFromPath($this->mTempPath, $this->mFinalExtension);
# check mime type, if desired
$mime = $this->mFileProps['file-mime'];
$status = $this->verifyMimeType($mime);
if ($status !== true) {
return $status;
}
# check for htmlish code and javascript
if (!$wgDisableUploadScriptChecks) {
if (self::detectScript($this->mTempPath, $mime, $this->mFinalExtension)) {
return array('uploadscripted');
}
if ($this->mFinalExtension == 'svg' || $mime == 'image/svg+xml') {
if ($this->detectScriptInSvg($this->mTempPath)) {
return array('uploadscripted');
}
}
}
# Check for Java applets, which if uploaded can bypass cross-site
# restrictions.
if (!$wgAllowJavaUploads) {
$this->mJavaDetected = false;
$zipStatus = ZipDirectoryReader::read($this->mTempPath, array($this, 'zipEntryCallback'));
if (!$zipStatus->isOK()) {
$errors = $zipStatus->getErrorsArray();
$error = reset($errors);
if ($error[0] !== 'zip-wrong-format') {
return $error;
}
}
if ($this->mJavaDetected) {
return array('uploadjava');
}
}
# Scan the uploaded file for viruses
$virus = $this->detectVirus($this->mTempPath);
if ($virus) {
return array('uploadvirus', $virus);
}
$handler = MediaHandler::getHandler($mime);
if ($handler) {
$handlerStatus = $handler->verifyUpload($this->mTempPath);
if (!$handlerStatus->isOK()) {
$errors = $handlerStatus->getErrorsArray();
return reset($errors);
}
}
wfRunHooks('UploadVerifyFile', array($this, $mime, &$status));
if ($status !== true) {
return $status;
}
wfDebug(__METHOD__ . ": all clear; passing.\n");
return true;
}
