From 9db190c7e736ec8d063187d4241b59feaf7dc2d1 Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Wed, 22 Jun 2011 11:28:20 +0200 Subject: update to MediaWiki 1.17.0 --- includes/api/ApiUpload.php | 455 +++++++++++++++++++++++++++++++-------------- 1 file changed, 319 insertions(+), 136 deletions(-) (limited to 'includes/api/ApiUpload.php') diff --git a/includes/api/ApiUpload.php b/includes/api/ApiUpload.php index 06688997..e7d7b939 100644 --- a/includes/api/ApiUpload.php +++ b/includes/api/ApiUpload.php @@ -1,9 +1,10 @@ + * Created on Aug 21, 2008 + * + * Copyright © 2008 - 2010 Bryan Tong Minh * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,8 +18,10 @@ * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html + * + * @file */ if ( !defined( 'MEDIAWIKI' ) ) { @@ -38,141 +41,269 @@ class ApiUpload extends ApiBase { } public function execute() { - global $wgUser, $wgAllowCopyUploads; + global $wgUser; // Check whether upload is enabled - if ( !UploadBase::isEnabled() ) + if ( !UploadBase::isEnabled() ) { $this->dieUsageMsg( array( 'uploaddisabled' ) ); + } + // Parameter handling $this->mParams = $this->extractRequestParams(); $request = $this->getMain()->getRequest(); - // Add the uploaded file to the params array $this->mParams['file'] = $request->getFileName( 'file' ); + // Select an upload module + if ( !$this->selectUploadModule() ) { + // This is not a true upload, but a status request or similar + return; + } + if ( !isset( $this->mUpload ) ) { + $this->dieUsage( 'No upload module set', 'nomodule' ); + } + + // First check permission to upload + $this->checkPermissions( $wgUser ); + + // Fetch the file + $status = $this->mUpload->fetchFile(); + if ( !$status->isGood() ) { + $errors = $status->getErrorsArray(); + $error = array_shift( $errors[0] ); + $this->dieUsage( 'Error fetching file from remote source', $error, 0, $errors[0] ); + } + + // Check if the uploaded file is sane + $this->verifyUpload(); + + // Check permission to upload this file + $permErrors = $this->mUpload->verifyPermissions( $wgUser ); + if ( $permErrors !== true ) { + // TODO: stash the upload and allow choosing a new name + $this->dieUsageMsg( array( 'badaccess-groups' ) ); + } + + // Prepare the API result + $result = array(); + + $warnings = $this->getApiWarnings(); + if ( $warnings ) { + $result['result'] = 'Warning'; + $result['warnings'] = $warnings; + // in case the warnings can be fixed with some further user action, let's stash this upload + // and return a key they can use to restart it + try { + $result['sessionkey'] = $this->performStash(); + } catch ( MWException $e ) { + $result['warnings']['stashfailed'] = $e->getMessage(); + } + } elseif ( $this->mParams['stash'] ) { + // Some uploads can request they be stashed, so as not to publish them immediately. + // In this case, a failure to stash ought to be fatal + try { + $result['result'] = 'Success'; + $result['sessionkey'] = $this->performStash(); + } catch ( MWException $e ) { + $this->dieUsage( $e->getMessage(), 'stashfailed' ); + } + } else { + // This is the most common case -- a normal upload with no warnings + // $result will be formatted properly for the API already, with a status + $result = $this->performUpload(); + } + + if ( $result['result'] === 'Success' ) { + $result['imageinfo'] = $this->mUpload->getImageInfo( $this->getResult() ); + } + + $this->getResult()->addValue( null, $this->getModuleName(), $result ); + + // Cleanup any temporary mess + $this->mUpload->cleanupTempFile(); + } + + /** + * Stash the file and return the session key + * Also re-raises exceptions with slightly more informative message strings (useful for API) + * @throws MWException + * @return {String} session key + */ + function performStash() { + try { + $sessionKey = $this->mUpload->stashSessionFile()->getSessionKey(); + } catch ( MWException $e ) { + throw new MWException( 'Stashing temporary file failed: ' . get_class($e) . ' ' . $e->getMessage() ); + } + return $sessionKey; + } + + + /** + * Select an upload module and set it to mUpload. Dies on failure. If the + * request was a status request and not a true upload, returns false; + * otherwise true + * + * @return bool + */ + protected function selectUploadModule() { + global $wgAllowAsyncCopyUploads; + $request = $this->getMain()->getRequest(); + // One and only one of the following parameters is needed $this->requireOnlyOneParameter( $this->mParams, - 'sessionkey', 'file', 'url' ); + 'sessionkey', 'file', 'url', 'statuskey' ); + + if ( $wgAllowAsyncCopyUploads && $this->mParams['statuskey'] ) { + // Status request for an async upload + $sessionData = UploadFromUrlJob::getSessionData( $this->mParams['statuskey'] ); + if ( !isset( $sessionData['result'] ) ) { + $this->dieUsage( 'No result in session data', 'missingresult'); + } + if ( $sessionData['result'] == 'Warning' ) { + $sessionData['warnings'] = $this->transformWarnings( $sessionData['warnings'] ); + $sessionData['sessionkey'] = $this->mParams['statuskey']; + } + $this->getResult()->addValue( null, $this->getModuleName(), $sessionData ); + return false; + + } + + + // The following modules all require the filename parameter to be set + if ( is_null( $this->mParams['filename'] ) ) { + $this->dieUsageMsg( array( 'missingparam', 'filename' ) ); + } + if ( $this->mParams['sessionkey'] ) { - /** - * Upload stashed in a previous request - */ - // Check the session key - if ( !isset( $_SESSION['wsUploadData'][$this->mParams['sessionkey']] ) ) + // Upload stashed in a previous request + $sessionData = $request->getSessionData( UploadBase::getSessionKeyName() ); + if ( !UploadFromStash::isValidSessionKey( $this->mParams['sessionkey'], $sessionData ) ) { $this->dieUsageMsg( array( 'invalid-session-key' ) ); + } $this->mUpload = new UploadFromStash(); $this->mUpload->initialize( $this->mParams['filename'], $this->mParams['sessionkey'], - $_SESSION['wsUploadData'][$this->mParams['sessionkey']] ); - } elseif ( isset( $this->mParams['filename'] ) ) { - /** - * Upload from url, etc - * Parameter filename is required - */ - - if ( isset( $this->mParams['file'] ) ) { - $this->mUpload = new UploadFromFile(); - $this->mUpload->initialize( - $this->mParams['filename'], - $request->getFileTempName( 'file' ), - $request->getFileSize( 'file' ) - ); - } elseif ( isset( $this->mParams['url'] ) ) { - // make sure upload by url is enabled: - if ( !$wgAllowCopyUploads ) - $this->dieUsageMsg( array( 'uploaddisabled' ) ); - - // make sure the current user can upload - if ( ! $wgUser->isAllowed( 'upload_by_url' ) ) - $this->dieUsageMsg( array( 'badaccess-groups' ) ); - - $this->mUpload = new UploadFromUrl(); - $this->mUpload->initialize( $this->mParams['filename'], - $this->mParams['url'] ); - - $status = $this->mUpload->fetchFile(); - if ( !$status->isOK() ) { - $this->dieUsage( $status->getWikiText(), 'fetchfileerror' ); + $sessionData[$this->mParams['sessionkey']] ); + + + } elseif ( isset( $this->mParams['file'] ) ) { + $this->mUpload = new UploadFromFile(); + $this->mUpload->initialize( + $this->mParams['filename'], + $request->getUpload( 'file' ) + ); + } elseif ( isset( $this->mParams['url'] ) ) { + // Make sure upload by URL is enabled: + if ( !UploadFromUrl::isEnabled() ) { + $this->dieUsageMsg( array( 'copyuploaddisabled' ) ); + } + + $async = false; + if ( $this->mParams['asyncdownload'] ) { + if ( $this->mParams['leavemessage'] && !$this->mParams['ignorewarnings'] ) { + $this->dieUsage( 'Using leavemessage without ignorewarnings is not supported', + 'missing-ignorewarnings' ); + } + + if ( $this->mParams['leavemessage'] ) { + $async = 'async-leavemessage'; + } else { + $async = 'async'; } } - } else $this->dieUsageMsg( array( 'missingparam', 'filename' ) ); + $this->mUpload = new UploadFromUrl; + $this->mUpload->initialize( $this->mParams['filename'], + $this->mParams['url'], $async ); - if ( !isset( $this->mUpload ) ) - $this->dieUsage( 'No upload module set', 'nomodule' ); + } + + return true; + } + /** + * Checks that the user has permissions to perform this upload. + * Dies with usage message on inadequate permissions. + * @param $user User The user to check. + */ + protected function checkPermissions( $user ) { // Check whether the user has the appropriate permissions to upload anyway - $permission = $this->mUpload->isAllowed( $wgUser ); + $permission = $this->mUpload->isAllowed( $user ); if ( $permission !== true ) { - if ( !$wgUser->isLoggedIn() ) + if ( !$user->isLoggedIn() ) { $this->dieUsageMsg( array( 'mustbeloggedin', 'upload' ) ); - else + } else { $this->dieUsageMsg( array( 'badaccess-groups' ) ); + } } - // Perform the upload - $result = $this->performUpload(); - - // Cleanup any temporary mess - $this->mUpload->cleanupTempFile(); - - $this->getResult()->addValue( null, $this->getModuleName(), $result ); } - protected function performUpload() { - global $wgUser; - $result = array(); - $permErrors = $this->mUpload->verifyPermissions( $wgUser ); - if ( $permErrors !== true ) { - $this->dieUsageMsg( array( 'badaccess-groups' ) ); + /** + * Performs file verification, dies on error. + */ + protected function verifyUpload( ) { + global $wgFileExtensions; + + $verification = $this->mUpload->verifyUpload( ); + if ( $verification['status'] === UploadBase::OK ) { + return; } // TODO: Move them to ApiBase's message map - $verification = $this->mUpload->verifyUpload(); - if ( $verification['status'] !== UploadBase::OK ) { - $result['result'] = 'Failure'; - switch( $verification['status'] ) { - case UploadBase::EMPTY_FILE: - $this->dieUsage( 'The file you submitted was empty', 'empty-file' ); - break; - case UploadBase::FILETYPE_MISSING: - $this->dieUsage( 'The file is missing an extension', 'filetype-missing' ); - break; - case UploadBase::FILETYPE_BADTYPE: - global $wgFileExtensions; - $this->dieUsage( 'This type of file is banned', 'filetype-banned', - 0, array( - 'filetype' => $verification['finalExt'], - 'allowed' => $wgFileExtensions - ) ); - break; - case UploadBase::MIN_LENGTH_PARTNAME: - $this->dieUsage( 'The filename is too short', 'filename-tooshort' ); - break; - case UploadBase::ILLEGAL_FILENAME: - $this->dieUsage( 'The filename is not allowed', 'illegal-filename', - 0, array( 'filename' => $verification['filtered'] ) ); - break; - case UploadBase::OVERWRITE_EXISTING_FILE: - $this->dieUsage( 'Overwriting an existing file is not allowed', 'overwrite' ); - break; - case UploadBase::VERIFICATION_ERROR: - $this->getResult()->setIndexedTagName( $verification['details'], 'detail' ); - $this->dieUsage( 'This file did not pass file verification', 'verification-error', - 0, array( 'details' => $verification['details'] ) ); - break; - case UploadBase::HOOK_ABORTED: - $this->dieUsage( "The modification you tried to make was aborted by an extension hook", - 'hookaborted', 0, array( 'error' => $verification['error'] ) ); - break; - default: - $this->dieUsage( 'An unknown error occurred', 'unknown-error', - 0, array( 'code' => $verification['status'] ) ); - break; - } - return $result; + switch( $verification['status'] ) { + case UploadBase::EMPTY_FILE: + $this->dieUsage( 'The file you submitted was empty', 'empty-file' ); + break; + case UploadBase::FILE_TOO_LARGE: + $this->dieUsage( 'The file you submitted was too large', 'file-too-large' ); + break; + case UploadBase::FILETYPE_MISSING: + $this->dieUsage( 'The file is missing an extension', 'filetype-missing' ); + break; + case UploadBase::FILETYPE_BADTYPE: + $this->dieUsage( 'This type of file is banned', 'filetype-banned', + 0, array( + 'filetype' => $verification['finalExt'], + 'allowed' => $wgFileExtensions + ) ); + break; + case UploadBase::MIN_LENGTH_PARTNAME: + $this->dieUsage( 'The filename is too short', 'filename-tooshort' ); + break; + case UploadBase::ILLEGAL_FILENAME: + $this->dieUsage( 'The filename is not allowed', 'illegal-filename', + 0, array( 'filename' => $verification['filtered'] ) ); + break; + case UploadBase::VERIFICATION_ERROR: + $this->getResult()->setIndexedTagName( $verification['details'], 'detail' ); + $this->dieUsage( 'This file did not pass file verification', 'verification-error', + 0, array( 'details' => $verification['details'] ) ); + break; + case UploadBase::HOOK_ABORTED: + $this->dieUsage( "The modification you tried to make was aborted by an extension hook", + 'hookaborted', 0, array( 'error' => $verification['error'] ) ); + break; + default: + $this->dieUsage( 'An unknown error occurred', 'unknown-error', + 0, array( 'code' => $verification['status'] ) ); + break; } + } + + + /** + * Check warnings if ignorewarnings is not set. + * Returns a suitable array for inclusion into API results if there were warnings + * Returns the empty array if there were no warnings + * + * @return array + */ + protected function getApiWarnings() { + $warnings = array(); + if ( !$this->mParams['ignorewarnings'] ) { $warnings = $this->mUpload->checkWarnings(); if ( $warnings ) { @@ -181,51 +312,70 @@ class ApiUpload extends ApiBase { if ( isset( $warnings['duplicate'] ) ) { $dupes = array(); - foreach ( $warnings['duplicate'] as $key => $dupe ) + foreach ( $warnings['duplicate'] as $dupe ) { $dupes[] = $dupe->getName(); + } $this->getResult()->setIndexedTagName( $dupes, 'duplicate' ); $warnings['duplicate'] = $dupes; } - if ( isset( $warnings['exists'] ) ) { $warning = $warnings['exists']; unset( $warnings['exists'] ); $warnings[$warning['warning']] = $warning['file']->getName(); } - - $result['result'] = 'Warning'; - $result['warnings'] = $warnings; - - $sessionKey = $this->mUpload->stashSession(); - if ( !$sessionKey ) - $this->dieUsage( 'Stashing temporary file failed', 'stashfailed' ); - - $result['sessionkey'] = $sessionKey; - - return $result; } } + return $warnings; + } + + /** + * Perform the actual upload. Returns a suitable result array on success; + * dies on failure. + */ + protected function performUpload() { + global $wgUser; + // Use comment as initial page text by default - if ( is_null( $this->mParams['text'] ) ) + if ( is_null( $this->mParams['text'] ) ) { $this->mParams['text'] = $this->mParams['comment']; + } + + $file = $this->mUpload->getLocalFile(); + $watch = $this->getWatchlistValue( $this->mParams['watchlist'], $file->getTitle() ); + + // Deprecated parameters + if ( $this->mParams['watch'] ) { + $watch = true; + } // No errors, no warnings: do the upload $status = $this->mUpload->performUpload( $this->mParams['comment'], - $this->mParams['text'], $this->mParams['watch'], $wgUser ); + $this->mParams['text'], $watch, $wgUser ); if ( !$status->isGood() ) { $error = $status->getErrorsArray(); - $this->getResult()->setIndexedTagName( $result['details'], 'error' ); - $this->dieUsage( 'An internal error occurred', 'internal-error', 0, $error ); + if ( count( $error ) == 1 && $error[0][0] == 'async' ) { + // The upload can not be performed right now, because the user + // requested so + return array( + 'result' => 'Queued', + 'statuskey' => $error[0][1], + ); + } else { + $this->getResult()->setIndexedTagName( $error, 'error' ); + + $this->dieUsage( 'An internal error occurred', 'internal-error', 0, $error ); + } } $file = $this->mUpload->getLocalFile(); + $result['result'] = 'Success'; $result['filename'] = $file->getName(); - $result['imageinfo'] = $this->mUpload->getImageInfo( $this->getResult() ); + return $result; } @@ -240,36 +390,70 @@ class ApiUpload extends ApiBase { public function getAllowedParams() { $params = array( - 'filename' => null, + 'filename' => array( + ApiBase::PARAM_TYPE => 'string', + ), 'comment' => array( ApiBase::PARAM_DFLT => '' ), 'text' => null, 'token' => null, - 'watch' => false, + 'watch' => array( + ApiBase::PARAM_DFLT => false, + ApiBase::PARAM_DEPRECATED => true, + ), + 'watchlist' => array( + ApiBase::PARAM_DFLT => 'preferences', + ApiBase::PARAM_TYPE => array( + 'watch', + 'preferences', + 'nochange' + ), + ), 'ignorewarnings' => false, 'file' => null, 'url' => null, 'sessionkey' => null, + 'stash' => false, ); - return $params; + global $wgAllowAsyncCopyUploads; + if ( $wgAllowAsyncCopyUploads ) { + $params += array( + 'asyncdownload' => false, + 'leavemessage' => false, + 'statuskey' => null, + ); + } + return $params; } public function getParamDescription() { - return array( + $params = array( 'filename' => 'Target filename', 'token' => 'Edit token. You can get one of these through prop=info', 'comment' => 'Upload comment. Also used as the initial page text for new files if "text" is not specified', 'text' => 'Initial page text for new files', 'watch' => 'Watch the page', + 'watchlist' => 'Unconditionally add or remove the page from your watchlist, use preferences or do not change watch', 'ignorewarnings' => 'Ignore any warnings', 'file' => 'File contents', 'url' => 'Url to fetch the file from', - 'sessionkey' => array( - 'Session key returned by a previous upload that failed due to warnings', - ), + 'sessionkey' => 'Session key that identifies a previous upload that was stashed temporarily.', + 'stash' => 'If set, the server will not add the file to the repository and stash it temporarily.' ); + + global $wgAllowAsyncCopyUploads; + if ( $wgAllowAsyncCopyUploads ) { + $params += array( + 'asyncdownload' => 'Make fetching a URL asynchronous', + 'leavemessage' => 'If asyncdownload is used, leave a message on the user talk page if finished', + 'statuskey' => 'Fetch the upload status for this session key', + ); + } + + return $params; + } public function getDescription() { @@ -281,17 +465,16 @@ class ApiUpload extends ApiBase { 'Note that the HTTP POST must be done as a file upload (i.e. using multipart/form-data) when', 'sending the "file". Note also that queries using session keys must be', 'done in the same login session as the query that originally returned the key (i.e. do not', - 'log out and then log back in). Also you must get and send an edit token before doing any upload stuff.' + 'log out and then log back in). Also you must get and send an edit token before doing any upload stuff' ); } - - public function getPossibleErrors() { + + public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'uploaddisabled' ), array( 'invalid-session-key' ), array( 'uploaddisabled' ), array( 'badaccess-groups' ), - array( 'missingparam', 'filename' ), array( 'mustbeloggedin', 'upload' ), array( 'badaccess-groups' ), array( 'badaccess-groups' ), @@ -303,9 +486,9 @@ class ApiUpload extends ApiBase { array( 'code' => 'overwrite', 'info' => 'Overwriting an existing file is not allowed' ), array( 'code' => 'stashfailed', 'info' => 'Stashing temporary file failed' ), array( 'code' => 'internal-error', 'info' => 'An internal error occurred' ), - ) ); + ) ); } - + public function needsToken() { return true; } -- cgit v1.2.2