summaryrefslogtreecommitdiff
path: root/includes/upload/UploadFromUrl.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/upload/UploadFromUrl.php')
-rw-r--r--includes/upload/UploadFromUrl.php49
1 files changed, 40 insertions, 9 deletions
diff --git a/includes/upload/UploadFromUrl.php b/includes/upload/UploadFromUrl.php
index 70b69034..0201d5f4 100644
--- a/includes/upload/UploadFromUrl.php
+++ b/includes/upload/UploadFromUrl.php
@@ -34,6 +34,8 @@ class UploadFromUrl extends UploadBase {
protected $mTempPath, $mTmpHandle;
+ protected static $allowedUrls = array();
+
/**
* Checks if the user is allowed to use the upload-by-URL feature. If the
* user is not allowed, return the name of the user right as a string. If
@@ -77,7 +79,7 @@ class UploadFromUrl extends UploadBase {
return false;
}
$valid = false;
- foreach( $wgCopyUploadsDomains as $domain ) {
+ foreach ( $wgCopyUploadsDomains as $domain ) {
// See if the domain for the upload matches this whitelisted domain
$whitelistedDomainPieces = explode( '.', $domain );
$uploadDomainPieces = explode( '.', $parsedUrl['host'] );
@@ -105,6 +107,21 @@ class UploadFromUrl extends UploadBase {
}
/**
+ * Checks whether the URL is not allowed.
+ *
+ * @param $url string
+ * @return bool
+ */
+ public static function isAllowedUrl( $url ) {
+ if ( !isset( self::$allowedUrls[$url] ) ) {
+ $allowed = true;
+ wfRunHooks( 'IsUploadAllowedFromUrl', array( $url, &$allowed ) );
+ self::$allowedUrls[$url] = $allowed;
+ }
+ return self::$allowedUrls[$url];
+ }
+
+ /**
* Entry point for API upload
*
* @param $name string
@@ -160,21 +177,30 @@ class UploadFromUrl extends UploadBase {
/**
* @return string
*/
- public function getSourceType() { return 'url'; }
+ public function getSourceType() {
+ return 'url';
+ }
/**
+ * Download the file (if not async)
+ *
+ * @param Array $httpOptions Array of options for MWHttpRequest. Ignored if async.
+ * This could be used to override the timeout on the http request.
* @return Status
*/
- public function fetchFile() {
+ public function fetchFile( $httpOptions = array() ) {
if ( !Http::isValidURI( $this->mUrl ) ) {
return Status::newFatal( 'http-invalid-url' );
}
- if( !self::isAllowedHost( $this->mUrl ) ) {
+ if ( !self::isAllowedHost( $this->mUrl ) ) {
return Status::newFatal( 'upload-copy-upload-invalid-domain' );
}
+ if ( !self::isAllowedUrl( $this->mUrl ) ) {
+ return Status::newFatal( 'upload-copy-upload-invalid-url' );
+ }
if ( !$this->mAsync ) {
- return $this->reallyFetchFile();
+ return $this->reallyFetchFile( $httpOptions );
}
return Status::newGood();
}
@@ -211,9 +237,12 @@ class UploadFromUrl extends UploadBase {
/**
* Download the file, save it to the temporary file and update the file
* size and set $mRemoveTempFile to true.
+ *
+ * @param Array $httpOptions Array of options for MWHttpRequest
* @return Status
*/
- protected function reallyFetchFile() {
+ protected function reallyFetchFile( $httpOptions = array() ) {
+ global $wgCopyUploadProxy, $wgCopyUploadTimeout;
if ( $this->mTempPath === false ) {
return Status::newFatal( 'tmp-create-error' );
}
@@ -227,13 +256,15 @@ class UploadFromUrl extends UploadBase {
$this->mRemoveTempFile = true;
$this->mFileSize = 0;
- $options = array(
- 'followRedirects' => true
+ $options = $httpOptions + array(
+ 'followRedirects' => true,
);
- global $wgCopyUploadProxy;
if ( $wgCopyUploadProxy !== false ) {
$options['proxy'] = $wgCopyUploadProxy;
}
+ if ( $wgCopyUploadTimeout && !isset( $options['timeout'] ) ) {
+ $options['timeout'] = $wgCopyUploadTimeout;
+ }
$req = MWHttpRequest::factory( $this->mUrl, $options );
$req->setCallback( array( $this, 'saveTempFileChunk' ) );
$status = $req->execute();