summaryrefslogtreecommitdiff
path: root/includes/upload/UploadFromUrl.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/upload/UploadFromUrl.php')
-rw-r--r--includes/upload/UploadFromUrl.php22
1 files changed, 21 insertions, 1 deletions
diff --git a/includes/upload/UploadFromUrl.php b/includes/upload/UploadFromUrl.php
index 927c3cd9..70b69034 100644
--- a/includes/upload/UploadFromUrl.php
+++ b/includes/upload/UploadFromUrl.php
@@ -61,6 +61,8 @@ class UploadFromUrl extends UploadBase {
/**
* Checks whether the URL is for an allowed host
+ * The domains in the whitelist can include wildcard characters (*) in place
+ * of any of the domain levels, e.g. '*.flickr.com' or 'upload.*.gov.uk'.
*
* @param $url string
* @return bool
@@ -76,10 +78,28 @@ class UploadFromUrl extends UploadBase {
}
$valid = false;
foreach( $wgCopyUploadsDomains as $domain ) {
+ // See if the domain for the upload matches this whitelisted domain
+ $whitelistedDomainPieces = explode( '.', $domain );
+ $uploadDomainPieces = explode( '.', $parsedUrl['host'] );
+ if ( count( $whitelistedDomainPieces ) === count( $uploadDomainPieces ) ) {
+ $valid = true;
+ // See if all the pieces match or not (excluding wildcards)
+ foreach ( $whitelistedDomainPieces as $index => $piece ) {
+ if ( $piece !== '*' && $piece !== $uploadDomainPieces[$index] ) {
+ $valid = false;
+ }
+ }
+ if ( $valid ) {
+ // We found a match, so quit comparing against the list
+ break;
+ }
+ }
+ /* Non-wildcard test
if ( $parsedUrl['host'] === $domain ) {
$valid = true;
break;
}
+ */
}
return $valid;
}
@@ -312,7 +332,7 @@ class UploadFromUrl extends UploadBase {
'sessionKey' => $sessionKey,
) );
$job->initializeSessionData();
- $job->insert();
+ JobQueueGroup::singleton()->push( $job );
return $sessionKey;
}
generated by cgit v1.2.2 (git 2.25.0) at 2024-04-25 09:43:30 +0000