<?php
/**
- * API for MediaWiki 1.8+
+ *
*
* Created on Aug 21, 2008
*
* @file
*/
-if ( !defined( 'MEDIAWIKI' ) ) {
- // Eclipse helper - will be ignored in production
- require_once( "ApiBase.php" );
-}
-
/**
* @ingroup API
*/
class ApiUpload extends ApiBase {
+ /** @var UploadBase|UploadFromChunks */
protected $mUpload = null;
- protected $mParams;
- public function __construct( $main, $action ) {
- parent::__construct( $main, $action );
- }
+ protected $mParams;
public function execute() {
- global $wgUser;
-
// Check whether upload is enabled
if ( !UploadBase::isEnabled() ) {
- $this->dieUsageMsg( array( 'uploaddisabled' ) );
+ $this->dieWithError( 'uploaddisabled' );
}
+ $user = $this->getUser();
+
// Parameter handling
$this->mParams = $this->extractRequestParams();
$request = $this->getMain()->getRequest();
+ // Check if async mode is actually supported (jobs done in cli mode)
+ $this->mParams['async'] = ( $this->mParams['async'] &&
+ $this->getConfig()->get( 'EnableAsyncUploads' ) );
// Add the uploaded file to the params array
$this->mParams['file'] = $request->getFileName( 'file' );
+ $this->mParams['chunk'] = $request->getFileName( 'chunk' );
- // Select an upload module
- if ( !$this->selectUploadModule() ) {
- // This is not a true upload, but a status request or similar
- return;
+ // Copy the session key to the file key, for backward compatibility.
+ if ( !$this->mParams['filekey'] && $this->mParams['sessionkey'] ) {
+ $this->mParams['filekey'] = $this->mParams['sessionkey'];
}
- if ( !isset( $this->mUpload ) ) {
- $this->dieUsage( 'No upload module set', 'nomodule' );
+
+ // Select an upload module
+ try {
+ if ( !$this->selectUploadModule() ) {
+ return; // not a true upload, but a status request or similar
+ } elseif ( !isset( $this->mUpload ) ) {
+ $this->dieDebug( __METHOD__, 'No upload module set' );
+ }
+ } catch ( UploadStashException $e ) { // XXX: don't spam exception log
+ $this->dieStatus( $this->handleStashException( $e ) );
}
// First check permission to upload
- $this->checkPermissions( $wgUser );
+ $this->checkPermissions( $user );
- // Fetch the file
+ // Fetch the file (usually a no-op)
+ /** @var Status $status */
$status = $this->mUpload->fetchFile();
if ( !$status->isGood() ) {
- $errors = $status->getErrorsArray();
- $error = array_shift( $errors[0] );
- $this->dieUsage( 'Error fetching file from remote source', $error, 0, $errors[0] );
+ $this->dieStatus( $status );
}
// Check if the uploaded file is sane
- $this->verifyUpload();
+ if ( $this->mParams['chunk'] ) {
+ $maxSize = UploadBase::getMaxUploadSize();
+ if ( $this->mParams['filesize'] > $maxSize ) {
+ $this->dieWithError( 'file-too-large' );
+ }
+ if ( !$this->mUpload->getTitle() ) {
+ $this->dieWithError( 'illegal-filename' );
+ }
+ } elseif ( $this->mParams['async'] && $this->mParams['filekey'] ) {
+ // defer verification to background process
+ } else {
+ wfDebug( __METHOD__ . " about to verify\n" );
+ $this->verifyUpload();
+ }
+
+ // Check if the user has the rights to modify or overwrite the requested title
+ // (This check is irrelevant if stashing is already requested, since the errors
+ // can always be fixed by changing the title)
+ if ( !$this->mParams['stash'] ) {
+ $permErrors = $this->mUpload->verifyTitlePermissions( $user );
+ if ( $permErrors !== true ) {
+ $this->dieRecoverableError( $permErrors, 'filename' );
+ }
+ }
- // Check permission to upload this file
- $permErrors = $this->mUpload->verifyPermissions( $wgUser );
- if ( $permErrors !== true ) {
- // TODO: stash the upload and allow choosing a new name
- $this->dieUsageMsg( array( 'badaccess-groups' ) );
+ // Get the result based on the current upload context:
+ try {
+ $result = $this->getContextResult();
+ } catch ( UploadStashException $e ) { // XXX: don't spam exception log
+ $this->dieStatus( $this->handleStashException( $e ) );
}
+ $this->getResult()->addValue( null, $this->getModuleName(), $result );
- // Prepare the API result
- $result = array();
-
+ // Add 'imageinfo' in a separate addValue() call. File metadata can be unreasonably large,
+ // so otherwise when it exceeded $wgAPIMaxResultSize, no result would be returned (T143993).
+ if ( $result['result'] === 'Success' ) {
+ $imageinfo = $this->mUpload->getImageInfo( $this->getResult() );
+ $this->getResult()->addValue( $this->getModuleName(), 'imageinfo', $imageinfo );
+ }
+
+ // Cleanup any temporary mess
+ $this->mUpload->cleanupTempFile();
+ }
+
+ /**
+ * Get an upload result based on upload context
+ * @return array
+ */
+ private function getContextResult() {
$warnings = $this->getApiWarnings();
- if ( $warnings ) {
- $result['result'] = 'Warning';
+ if ( $warnings && !$this->mParams['ignorewarnings'] ) {
+ // Get warnings formatted in result array format
+ return $this->getWarningsResult( $warnings );
+ } elseif ( $this->mParams['chunk'] ) {
+ // Add chunk, and get result
+ return $this->getChunkResult( $warnings );
+ } elseif ( $this->mParams['stash'] ) {
+ // Stash the file and get stash result
+ return $this->getStashResult( $warnings );
+ }
+
+ // Check throttle after we've handled warnings
+ if ( UploadBase::isThrottled( $this->getUser() )
+ ) {
+ $this->dieWithError( 'apierror-ratelimited' );
+ }
+
+ // This is the most common case -- a normal upload with no warnings
+ // performUpload will return a formatted properly for the API with status
+ return $this->performUpload( $warnings );
+ }
+
+ /**
+ * Get Stash Result, throws an exception if the file could not be stashed.
+ * @param array $warnings Array of Api upload warnings
+ * @return array
+ */
+ private function getStashResult( $warnings ) {
+ $result = [];
+ $result['result'] = 'Success';
+ if ( $warnings && count( $warnings ) > 0 ) {
$result['warnings'] = $warnings;
- // in case the warnings can be fixed with some further user action, let's stash this upload
- // and return a key they can use to restart it
- try {
- $result['sessionkey'] = $this->performStash();
- } catch ( MWException $e ) {
- $result['warnings']['stashfailed'] = $e->getMessage();
+ }
+ // Some uploads can request they be stashed, so as not to publish them immediately.
+ // In this case, a failure to stash ought to be fatal
+ $this->performStash( 'critical', $result );
+
+ return $result;
+ }
+
+ /**
+ * Get Warnings Result
+ * @param array $warnings Array of Api upload warnings
+ * @return array
+ */
+ private function getWarningsResult( $warnings ) {
+ $result = [];
+ $result['result'] = 'Warning';
+ $result['warnings'] = $warnings;
+ // in case the warnings can be fixed with some further user action, let's stash this upload
+ // and return a key they can use to restart it
+ $this->performStash( 'optional', $result );
+
+ return $result;
+ }
+
+ /**
+ * Get the result of a chunk upload.
+ * @param array $warnings Array of Api upload warnings
+ * @return array
+ */
+ private function getChunkResult( $warnings ) {
+ $result = [];
+
+ if ( $warnings && count( $warnings ) > 0 ) {
+ $result['warnings'] = $warnings;
+ }
+
+ $request = $this->getMain()->getRequest();
+ $chunkPath = $request->getFileTempname( 'chunk' );
+ $chunkSize = $request->getUpload( 'chunk' )->getSize();
+ $totalSoFar = $this->mParams['offset'] + $chunkSize;
+ $minChunkSize = $this->getConfig()->get( 'MinUploadChunkSize' );
+
+ // Sanity check sizing
+ if ( $totalSoFar > $this->mParams['filesize'] ) {
+ $this->dieWithError( 'apierror-invalid-chunk' );
+ }
+
+ // Enforce minimum chunk size
+ if ( $totalSoFar != $this->mParams['filesize'] && $chunkSize < $minChunkSize ) {
+ $this->dieWithError( [ 'apierror-chunk-too-small', Message::numParam( $minChunkSize ) ] );
+ }
+
+ if ( $this->mParams['offset'] == 0 ) {
+ $filekey = $this->performStash( 'critical' );
+ } else {
+ $filekey = $this->mParams['filekey'];
+
+ // Don't allow further uploads to an already-completed session
+ $progress = UploadBase::getSessionStatus( $this->getUser(), $filekey );
+ if ( !$progress ) {
+ // Probably can't get here, but check anyway just in case
+ $this->dieWithError( 'apierror-stashfailed-nosession', 'stashfailed' );
+ } elseif ( $progress['result'] !== 'Continue' || $progress['stage'] !== 'uploading' ) {
+ $this->dieWithError( 'apierror-stashfailed-complete', 'stashfailed' );
}
- } elseif ( $this->mParams['stash'] ) {
- // Some uploads can request they be stashed, so as not to publish them immediately.
- // In this case, a failure to stash ought to be fatal
- try {
- $result['result'] = 'Success';
- $result['sessionkey'] = $this->performStash();
- } catch ( MWException $e ) {
- $this->dieUsage( $e->getMessage(), 'stashfailed' );
+
+ $status = $this->mUpload->addChunk(
+ $chunkPath, $chunkSize, $this->mParams['offset'] );
+ if ( !$status->isGood() ) {
+ $extradata = [
+ 'offset' => $this->mUpload->getOffset(),
+ ];
+
+ $this->dieStatusWithCode( $status, 'stashfailed', $extradata );
}
- } else {
- // This is the most common case -- a normal upload with no warnings
- // $result will be formatted properly for the API already, with a status
- $result = $this->performUpload();
}
- if ( $result['result'] === 'Success' ) {
- $result['imageinfo'] = $this->mUpload->getImageInfo( $this->getResult() );
+ // Check we added the last chunk:
+ if ( $totalSoFar == $this->mParams['filesize'] ) {
+ if ( $this->mParams['async'] ) {
+ UploadBase::setSessionStatus(
+ $this->getUser(),
+ $filekey,
+ [ 'result' => 'Poll',
+ 'stage' => 'queued', 'status' => Status::newGood() ]
+ );
+ JobQueueGroup::singleton()->push( new AssembleUploadChunksJob(
+ Title::makeTitle( NS_FILE, $filekey ),
+ [
+ 'filename' => $this->mParams['filename'],
+ 'filekey' => $filekey,
+ 'session' => $this->getContext()->exportSession()
+ ]
+ ) );
+ $result['result'] = 'Poll';
+ $result['stage'] = 'queued';
+ } else {
+ $status = $this->mUpload->concatenateChunks();
+ if ( !$status->isGood() ) {
+ UploadBase::setSessionStatus(
+ $this->getUser(),
+ $filekey,
+ [ 'result' => 'Failure', 'stage' => 'assembling', 'status' => $status ]
+ );
+ $this->dieStatusWithCode( $status, 'stashfailed' );
+ }
+
+ // We can only get warnings like 'duplicate' after concatenating the chunks
+ $warnings = $this->getApiWarnings();
+ if ( $warnings ) {
+ $result['warnings'] = $warnings;
+ }
+
+ // The fully concatenated file has a new filekey. So remove
+ // the old filekey and fetch the new one.
+ UploadBase::setSessionStatus( $this->getUser(), $filekey, false );
+ $this->mUpload->stash->removeFile( $filekey );
+ $filekey = $this->mUpload->getStashFile()->getFileKey();
+
+ $result['result'] = 'Success';
+ }
+ } else {
+ UploadBase::setSessionStatus(
+ $this->getUser(),
+ $filekey,
+ [
+ 'result' => 'Continue',
+ 'stage' => 'uploading',
+ 'offset' => $totalSoFar,
+ 'status' => Status::newGood(),
+ ]
+ );
+ $result['result'] = 'Continue';
+ $result['offset'] = $totalSoFar;
}
- $this->getResult()->addValue( null, $this->getModuleName(), $result );
-
- // Cleanup any temporary mess
- $this->mUpload->cleanupTempFile();
+ $result['filekey'] = $filekey;
+
+ return $result;
}
/**
- * Stash the file and return the session key
- * Also re-raises exceptions with slightly more informative message strings (useful for API)
- * @throws MWException
- * @return {String} session key
+ * Stash the file and add the file key, or error information if it fails, to the data.
+ *
+ * @param string $failureMode What to do on failure to stash:
+ * - When 'critical', use dieStatus() to produce an error response and throw an exception.
+ * Use this when stashing the file was the primary purpose of the API request.
+ * - When 'optional', only add a 'stashfailed' key to the data and return null.
+ * Use this when some error happened for a non-stash upload and we're stashing the file
+ * only to save the client the trouble of re-uploading it.
+ * @param array &$data API result to which to add the information
+ * @return string|null File key
*/
- function performStash() {
+ private function performStash( $failureMode, &$data = null ) {
+ $isPartial = (bool)$this->mParams['chunk'];
try {
- $sessionKey = $this->mUpload->stashSessionFile()->getSessionKey();
- } catch ( MWException $e ) {
- throw new MWException( 'Stashing temporary file failed: ' . get_class($e) . ' ' . $e->getMessage() );
+ $status = $this->mUpload->tryStashFile( $this->getUser(), $isPartial );
+
+ if ( $status->isGood() && !$status->getValue() ) {
+ // Not actually a 'good' status...
+ $status->fatal( new ApiMessage( 'apierror-stashinvalidfile', 'stashfailed' ) );
+ }
+ } catch ( Exception $e ) {
+ $debugMessage = 'Stashing temporary file failed: ' . get_class( $e ) . ' ' . $e->getMessage();
+ wfDebug( __METHOD__ . ' ' . $debugMessage . "\n" );
+ $status = Status::newFatal( $this->getErrorFormatter()->getMessageFromException(
+ $e, [ 'wrap' => new ApiMessage( 'apierror-stashexception', 'stashfailed' ) ]
+ ) );
+ }
+
+ if ( $status->isGood() ) {
+ $stashFile = $status->getValue();
+ $data['filekey'] = $stashFile->getFileKey();
+ // Backwards compatibility
+ $data['sessionkey'] = $data['filekey'];
+ return $data['filekey'];
+ }
+
+ if ( $status->getMessage()->getKey() === 'uploadstash-exception' ) {
+ // The exceptions thrown by upload stash code and pretty silly and UploadBase returns poor
+ // Statuses for it. Just extract the exception details and parse them ourselves.
+ list( $exceptionType, $message ) = $status->getMessage()->getParams();
+ $debugMessage = 'Stashing temporary file failed: ' . $exceptionType . ' ' . $message;
+ wfDebug( __METHOD__ . ' ' . $debugMessage . "\n" );
+ }
+
+ // Bad status
+ if ( $failureMode !== 'optional' ) {
+ $this->dieStatus( $status );
+ } else {
+ $data['stasherrors'] = $this->getErrorFormatter()->arrayFromStatus( $status );
+ return null;
}
- return $sessionKey;
}
+ /**
+ * Throw an error that the user can recover from by providing a better
+ * value for $parameter
+ *
+ * @param array $errors Array of Message objects, message keys, key+param
+ * arrays, or StatusValue::getErrors()-style arrays
+ * @param string|null $parameter Parameter that needs revising
+ * @throws ApiUsageException
+ */
+ private function dieRecoverableError( $errors, $parameter = null ) {
+ $this->performStash( 'optional', $data );
+
+ if ( $parameter ) {
+ $data['invalidparameter'] = $parameter;
+ }
+
+ $sv = StatusValue::newGood();
+ foreach ( $errors as $error ) {
+ $msg = ApiMessage::create( $error );
+ $msg->setApiData( $msg->getApiData() + $data );
+ $sv->fatal( $msg );
+ }
+ $this->dieStatus( $sv );
+ }
+
+ /**
+ * Like dieStatus(), but always uses $overrideCode for the error code, unless the code comes from
+ * IApiMessage.
+ *
+ * @param Status $status
+ * @param string $overrideCode Error code to use if there isn't one from IApiMessage
+ * @param array|null $moreExtraData
+ * @throws ApiUsageException
+ */
+ public function dieStatusWithCode( $status, $overrideCode, $moreExtraData = null ) {
+ $sv = StatusValue::newGood();
+ foreach ( $status->getErrors() as $error ) {
+ $msg = ApiMessage::create( $error, $overrideCode );
+ if ( $moreExtraData ) {
+ $msg->setApiData( $msg->getApiData() + $moreExtraData );
+ }
+ $sv->fatal( $msg );
+ }
+ $this->dieStatus( $sv );
+ }
/**
* Select an upload module and set it to mUpload. Dies on failure. If the
- * request was a status request and not a true upload, returns false;
+ * request was a status request and not a true upload, returns false;
* otherwise true
- *
+ *
* @return bool
*/
protected function selectUploadModule() {
- global $wgAllowAsyncCopyUploads;
$request = $this->getMain()->getRequest();
- // One and only one of the following parameters is needed
- $this->requireOnlyOneParameter( $this->mParams,
- 'sessionkey', 'file', 'url', 'statuskey' );
+ // chunk or one and only one of the following parameters is needed
+ if ( !$this->mParams['chunk'] ) {
+ $this->requireOnlyOneParameter( $this->mParams,
+ 'filekey', 'file', 'url' );
+ }
- if ( $wgAllowAsyncCopyUploads && $this->mParams['statuskey'] ) {
- // Status request for an async upload
- $sessionData = UploadFromUrlJob::getSessionData( $this->mParams['statuskey'] );
- if ( !isset( $sessionData['result'] ) ) {
- $this->dieUsage( 'No result in session data', 'missingresult');
+ // Status report for "upload to stash"/"upload from stash"
+ if ( $this->mParams['filekey'] && $this->mParams['checkstatus'] ) {
+ $progress = UploadBase::getSessionStatus( $this->getUser(), $this->mParams['filekey'] );
+ if ( !$progress ) {
+ $this->dieWithError( 'api-upload-missingresult', 'missingresult' );
+ } elseif ( !$progress['status']->isGood() ) {
+ $this->dieStatusWithCode( $progress['status'], 'stashfailed' );
}
- if ( $sessionData['result'] == 'Warning' ) {
- $sessionData['warnings'] = $this->transformWarnings( $sessionData['warnings'] );
- $sessionData['sessionkey'] = $this->mParams['statuskey'];
+ if ( isset( $progress['status']->value['verification'] ) ) {
+ $this->checkVerification( $progress['status']->value['verification'] );
+ }
+ if ( isset( $progress['status']->value['warnings'] ) ) {
+ $warnings = $this->transformWarnings( $progress['status']->value['warnings'] );
+ if ( $warnings ) {
+ $progress['warnings'] = $warnings;
+ }
+ }
+ unset( $progress['status'] ); // remove Status object
+ $imageinfo = null;
+ if ( isset( $progress['imageinfo'] ) ) {
+ $imageinfo = $progress['imageinfo'];
+ unset( $progress['imageinfo'] );
}
- $this->getResult()->addValue( null, $this->getModuleName(), $sessionData );
- return false;
-
- }
+ $this->getResult()->addValue( null, $this->getModuleName(), $progress );
+ // Add 'imageinfo' in a separate addValue() call. File metadata can be unreasonably large,
+ // so otherwise when it exceeded $wgAPIMaxResultSize, no result would be returned (T143993).
+ if ( $imageinfo ) {
+ $this->getResult()->addValue( $this->getModuleName(), 'imageinfo', $imageinfo );
+ }
+
+ return false;
+ }
// The following modules all require the filename parameter to be set
if ( is_null( $this->mParams['filename'] ) ) {
- $this->dieUsageMsg( array( 'missingparam', 'filename' ) );
+ $this->dieWithError( [ 'apierror-missingparam', 'filename' ] );
}
-
- if ( $this->mParams['sessionkey'] ) {
- // Upload stashed in a previous request
- $sessionData = $request->getSessionData( UploadBase::getSessionKeyName() );
- if ( !UploadFromStash::isValidSessionKey( $this->mParams['sessionkey'], $sessionData ) ) {
- $this->dieUsageMsg( array( 'invalid-session-key' ) );
- }
+ if ( $this->mParams['chunk'] ) {
+ // Chunk upload
+ $this->mUpload = new UploadFromChunks( $this->getUser() );
+ if ( isset( $this->mParams['filekey'] ) ) {
+ if ( $this->mParams['offset'] === 0 ) {
+ $this->dieWithError( 'apierror-upload-filekeynotallowed', 'filekeynotallowed' );
+ }
- $this->mUpload = new UploadFromStash();
- $this->mUpload->initialize( $this->mParams['filename'],
- $this->mParams['sessionkey'],
- $sessionData[$this->mParams['sessionkey']] );
+ // handle new chunk
+ $this->mUpload->continueChunks(
+ $this->mParams['filename'],
+ $this->mParams['filekey'],
+ $request->getUpload( 'chunk' )
+ );
+ } else {
+ if ( $this->mParams['offset'] !== 0 ) {
+ $this->dieWithError( 'apierror-upload-filekeyneeded', 'filekeyneeded' );
+ }
+ // handle first chunk
+ $this->mUpload->initialize(
+ $this->mParams['filename'],
+ $request->getUpload( 'chunk' )
+ );
+ }
+ } elseif ( isset( $this->mParams['filekey'] ) ) {
+ // Upload stashed in a previous request
+ if ( !UploadFromStash::isValidKey( $this->mParams['filekey'] ) ) {
+ $this->dieWithError( 'apierror-invalid-file-key' );
+ }
+ $this->mUpload = new UploadFromStash( $this->getUser() );
+ // This will not download the temp file in initialize() in async mode.
+ // We still have enough information to call checkWarnings() and such.
+ $this->mUpload->initialize(
+ $this->mParams['filekey'], $this->mParams['filename'], !$this->mParams['async']
+ );
} elseif ( isset( $this->mParams['file'] ) ) {
+ // Can't async upload directly from a POSTed file, we'd have to
+ // stash the file and then queue the publish job. The user should
+ // just submit the two API queries to perform those two steps.
+ if ( $this->mParams['async'] ) {
+ $this->dieWithError( 'apierror-cannot-async-upload-file' );
+ }
+
$this->mUpload = new UploadFromFile();
$this->mUpload->initialize(
$this->mParams['filename'],
} elseif ( isset( $this->mParams['url'] ) ) {
// Make sure upload by URL is enabled:
if ( !UploadFromUrl::isEnabled() ) {
- $this->dieUsageMsg( array( 'copyuploaddisabled' ) );
+ $this->dieWithError( 'copyuploaddisabled' );
}
- $async = false;
- if ( $this->mParams['asyncdownload'] ) {
- if ( $this->mParams['leavemessage'] && !$this->mParams['ignorewarnings'] ) {
- $this->dieUsage( 'Using leavemessage without ignorewarnings is not supported',
- 'missing-ignorewarnings' );
- }
-
- if ( $this->mParams['leavemessage'] ) {
- $async = 'async-leavemessage';
- } else {
- $async = 'async';
- }
+ if ( !UploadFromUrl::isAllowedHost( $this->mParams['url'] ) ) {
+ $this->dieWithError( 'apierror-copyuploadbaddomain' );
+ }
+
+ if ( !UploadFromUrl::isAllowedUrl( $this->mParams['url'] ) ) {
+ $this->dieWithError( 'apierror-copyuploadbadurl' );
}
+
$this->mUpload = new UploadFromUrl;
$this->mUpload->initialize( $this->mParams['filename'],
- $this->mParams['url'], $async );
-
+ $this->mParams['url'] );
}
-
+
return true;
}
/**
* Checks that the user has permissions to perform this upload.
* Dies with usage message on inadequate permissions.
- * @param $user User The user to check.
+ * @param User $user The user to check.
*/
protected function checkPermissions( $user ) {
// Check whether the user has the appropriate permissions to upload anyway
if ( $permission !== true ) {
if ( !$user->isLoggedIn() ) {
- $this->dieUsageMsg( array( 'mustbeloggedin', 'upload' ) );
- } else {
- $this->dieUsageMsg( array( 'badaccess-groups' ) );
+ $this->dieWithError( [ 'apierror-mustbeloggedin', $this->msg( 'action-upload' ) ] );
}
+
+ $this->dieStatus( User::newFatalPermissionDeniedStatus( $permission ) );
+ }
+
+ // Check blocks
+ if ( $user->isBlocked() ) {
+ $this->dieBlocked( $user->getBlock() );
+ }
+
+ // Global blocks
+ if ( $user->isBlockedGlobally() ) {
+ $this->dieBlocked( $user->getGlobalBlock() );
}
}
/**
* Performs file verification, dies on error.
*/
- protected function verifyUpload( ) {
- global $wgFileExtensions;
-
- $verification = $this->mUpload->verifyUpload( );
+ protected function verifyUpload() {
+ $verification = $this->mUpload->verifyUpload();
if ( $verification['status'] === UploadBase::OK ) {
return;
}
- // TODO: Move them to ApiBase's message map
- switch( $verification['status'] ) {
- case UploadBase::EMPTY_FILE:
- $this->dieUsage( 'The file you submitted was empty', 'empty-file' );
+ $this->checkVerification( $verification );
+ }
+
+ /**
+ * Performs file verification, dies on error.
+ * @param array $verification
+ */
+ protected function checkVerification( array $verification ) {
+ switch ( $verification['status'] ) {
+ // Recoverable errors
+ case UploadBase::MIN_LENGTH_PARTNAME:
+ $this->dieRecoverableError( [ 'filename-tooshort' ], 'filename' );
break;
- case UploadBase::FILE_TOO_LARGE:
- $this->dieUsage( 'The file you submitted was too large', 'file-too-large' );
+ case UploadBase::ILLEGAL_FILENAME:
+ $this->dieRecoverableError(
+ [ ApiMessage::create(
+ 'illegal-filename', null, [ 'filename' => $verification['filtered'] ]
+ ) ], 'filename'
+ );
+ break;
+ case UploadBase::FILENAME_TOO_LONG:
+ $this->dieRecoverableError( [ 'filename-toolong' ], 'filename' );
break;
case UploadBase::FILETYPE_MISSING:
- $this->dieUsage( 'The file is missing an extension', 'filetype-missing' );
+ $this->dieRecoverableError( [ 'filetype-missing' ], 'filename' );
break;
- case UploadBase::FILETYPE_BADTYPE:
- $this->dieUsage( 'This type of file is banned', 'filetype-banned',
- 0, array(
- 'filetype' => $verification['finalExt'],
- 'allowed' => $wgFileExtensions
- ) );
+ case UploadBase::WINDOWS_NONASCII_FILENAME:
+ $this->dieRecoverableError( [ 'windows-nonascii-filename' ], 'filename' );
break;
- case UploadBase::MIN_LENGTH_PARTNAME:
- $this->dieUsage( 'The filename is too short', 'filename-tooshort' );
+
+ // Unrecoverable errors
+ case UploadBase::EMPTY_FILE:
+ $this->dieWithError( 'empty-file' );
break;
- case UploadBase::ILLEGAL_FILENAME:
- $this->dieUsage( 'The filename is not allowed', 'illegal-filename',
- 0, array( 'filename' => $verification['filtered'] ) );
+ case UploadBase::FILE_TOO_LARGE:
+ $this->dieWithError( 'file-too-large' );
break;
+
+ case UploadBase::FILETYPE_BADTYPE:
+ $extradata = [
+ 'filetype' => $verification['finalExt'],
+ 'allowed' => array_values( array_unique( $this->getConfig()->get( 'FileExtensions' ) ) )
+ ];
+ $extensions = array_unique( $this->getConfig()->get( 'FileExtensions' ) );
+ $msg = [
+ 'filetype-banned-type',
+ null, // filled in below
+ Message::listParam( $extensions, 'comma' ),
+ count( $extensions ),
+ null, // filled in below
+ ];
+ ApiResult::setIndexedTagName( $extradata['allowed'], 'ext' );
+
+ if ( isset( $verification['blacklistedExt'] ) ) {
+ $msg[1] = Message::listParam( $verification['blacklistedExt'], 'comma' );
+ $msg[4] = count( $verification['blacklistedExt'] );
+ $extradata['blacklisted'] = array_values( $verification['blacklistedExt'] );
+ ApiResult::setIndexedTagName( $extradata['blacklisted'], 'ext' );
+ } else {
+ $msg[1] = $verification['finalExt'];
+ $msg[4] = 1;
+ }
+
+ $this->dieWithError( $msg, 'filetype-banned', $extradata );
+ break;
+
case UploadBase::VERIFICATION_ERROR:
- $this->getResult()->setIndexedTagName( $verification['details'], 'detail' );
- $this->dieUsage( 'This file did not pass file verification', 'verification-error',
- 0, array( 'details' => $verification['details'] ) );
+ $msg = ApiMessage::create( $verification['details'], 'verification-error' );
+ if ( $verification['details'][0] instanceof MessageSpecifier ) {
+ $details = array_merge( [ $msg->getKey() ], $msg->getParams() );
+ } else {
+ $details = $verification['details'];
+ }
+ ApiResult::setIndexedTagName( $details, 'detail' );
+ $msg->setApiData( $msg->getApiData() + [ 'details' => $details ] );
+ $this->dieWithError( $msg );
break;
+
case UploadBase::HOOK_ABORTED:
- $this->dieUsage( "The modification you tried to make was aborted by an extension hook",
- 'hookaborted', 0, array( 'error' => $verification['error'] ) );
+ $msg = $verification['error'] === '' ? 'hookaborted' : $verification['error'];
+ $this->dieWithError( $msg, 'hookaborted', [ 'details' => $verification['error'] ] );
break;
default:
- $this->dieUsage( 'An unknown error occurred', 'unknown-error',
- 0, array( 'code' => $verification['status'] ) );
+ $this->dieWithError( 'apierror-unknownerror-nocode', 'unknown-error',
+ [ 'details' => [ 'code' => $verification['status'] ] ] );
break;
}
}
-
/**
- * Check warnings if ignorewarnings is not set.
+ * Check warnings.
* Returns a suitable array for inclusion into API results if there were warnings
* Returns the empty array if there were no warnings
*
* @return array
*/
protected function getApiWarnings() {
- $warnings = array();
-
- if ( !$this->mParams['ignorewarnings'] ) {
- $warnings = $this->mUpload->checkWarnings();
- if ( $warnings ) {
- // Add indices
- $this->getResult()->setIndexedTagName( $warnings, 'warning' );
-
- if ( isset( $warnings['duplicate'] ) ) {
- $dupes = array();
- foreach ( $warnings['duplicate'] as $dupe ) {
- $dupes[] = $dupe->getName();
- }
- $this->getResult()->setIndexedTagName( $dupes, 'duplicate' );
- $warnings['duplicate'] = $dupes;
+ $warnings = $this->mUpload->checkWarnings();
+
+ return $this->transformWarnings( $warnings );
+ }
+
+ protected function transformWarnings( $warnings ) {
+ if ( $warnings ) {
+ // Add indices
+ ApiResult::setIndexedTagName( $warnings, 'warning' );
+
+ if ( isset( $warnings['duplicate'] ) ) {
+ $dupes = [];
+ /** @var File $dupe */
+ foreach ( $warnings['duplicate'] as $dupe ) {
+ $dupes[] = $dupe->getName();
}
+ ApiResult::setIndexedTagName( $dupes, 'duplicate' );
+ $warnings['duplicate'] = $dupes;
+ }
+
+ if ( isset( $warnings['exists'] ) ) {
+ $warning = $warnings['exists'];
+ unset( $warnings['exists'] );
+ /** @var LocalFile $localFile */
+ $localFile = isset( $warning['normalizedFile'] )
+ ? $warning['normalizedFile']
+ : $warning['file'];
+ $warnings[$warning['warning']] = $localFile->getName();
+ }
+
+ if ( isset( $warnings['no-change'] ) ) {
+ /** @var File $file */
+ $file = $warnings['no-change'];
+ unset( $warnings['no-change'] );
- if ( isset( $warnings['exists'] ) ) {
- $warning = $warnings['exists'];
- unset( $warnings['exists'] );
- $warnings[$warning['warning']] = $warning['file']->getName();
+ $warnings['nochange'] = [
+ 'timestamp' => wfTimestamp( TS_ISO_8601, $file->getTimestamp() )
+ ];
+ }
+
+ if ( isset( $warnings['duplicate-version'] ) ) {
+ $dupes = [];
+ /** @var File $dupe */
+ foreach ( $warnings['duplicate-version'] as $dupe ) {
+ $dupes[] = [
+ 'timestamp' => wfTimestamp( TS_ISO_8601, $dupe->getTimestamp() )
+ ];
}
+ unset( $warnings['duplicate-version'] );
+
+ ApiResult::setIndexedTagName( $dupes, 'ver' );
+ $warnings['duplicateversions'] = $dupes;
}
}
return $warnings;
}
+ /**
+ * Handles a stash exception, giving a useful error to the user.
+ * @todo Internationalize the exceptions then get rid of this
+ * @param Exception $e
+ * @return StatusValue
+ */
+ protected function handleStashException( $e ) {
+ switch ( get_class( $e ) ) {
+ case 'UploadStashFileNotFoundException':
+ $wrap = 'apierror-stashedfilenotfound';
+ break;
+ case 'UploadStashBadPathException':
+ $wrap = 'apierror-stashpathinvalid';
+ break;
+ case 'UploadStashFileException':
+ $wrap = 'apierror-stashfilestorage';
+ break;
+ case 'UploadStashZeroLengthFileException':
+ $wrap = 'apierror-stashzerolength';
+ break;
+ case 'UploadStashNotLoggedInException':
+ return StatusValue::newFatal( ApiMessage::create(
+ [ 'apierror-mustbeloggedin', $this->msg( 'action-upload' ) ], 'stashnotloggedin'
+ ) );
+ case 'UploadStashWrongOwnerException':
+ $wrap = 'apierror-stashwrongowner';
+ break;
+ case 'UploadStashNoSuchKeyException':
+ $wrap = 'apierror-stashnosuchfilekey';
+ break;
+ default:
+ $wrap = [ 'uploadstash-exception', get_class( $e ) ];
+ break;
+ }
+ return StatusValue::newFatal(
+ $this->getErrorFormatter()->getMessageFromException( $e, [ 'wrap' => $wrap ] )
+ );
+ }
+
/**
* Perform the actual upload. Returns a suitable result array on success;
* dies on failure.
+ *
+ * @param array $warnings Array of Api upload warnings
+ * @return array
*/
- protected function performUpload() {
- global $wgUser;
-
+ protected function performUpload( $warnings ) {
// Use comment as initial page text by default
if ( is_null( $this->mParams['text'] ) ) {
$this->mParams['text'] = $this->mParams['comment'];
}
+ /** @var LocalFile $file */
$file = $this->mUpload->getLocalFile();
- $watch = $this->getWatchlistValue( $this->mParams['watchlist'], $file->getTitle() );
+
+ // For preferences mode, we want to watch if 'watchdefault' is set,
+ // or if the *file* doesn't exist, and either 'watchuploads' or
+ // 'watchcreations' is set. But getWatchlistValue()'s automatic
+ // handling checks if the *title* exists or not, so we need to check
+ // all three preferences manually.
+ $watch = $this->getWatchlistValue(
+ $this->mParams['watchlist'], $file->getTitle(), 'watchdefault'
+ );
+
+ if ( !$watch && $this->mParams['watchlist'] == 'preferences' && !$file->exists() ) {
+ $watch = (
+ $this->getWatchlistValue( 'preferences', $file->getTitle(), 'watchuploads' ) ||
+ $this->getWatchlistValue( 'preferences', $file->getTitle(), 'watchcreations' )
+ );
+ }
// Deprecated parameters
if ( $this->mParams['watch'] ) {
$watch = true;
}
- // No errors, no warnings: do the upload
- $status = $this->mUpload->performUpload( $this->mParams['comment'],
- $this->mParams['text'], $watch, $wgUser );
+ if ( $this->mParams['tags'] ) {
+ $status = ChangeTags::canAddTagsAccompanyingChange( $this->mParams['tags'], $this->getUser() );
+ if ( !$status->isOK() ) {
+ $this->dieStatus( $status );
+ }
+ }
- if ( !$status->isGood() ) {
- $error = $status->getErrorsArray();
-
- if ( count( $error ) == 1 && $error[0][0] == 'async' ) {
- // The upload can not be performed right now, because the user
- // requested so
- return array(
- 'result' => 'Queued',
- 'statuskey' => $error[0][1],
- );
- } else {
- $this->getResult()->setIndexedTagName( $error, 'error' );
+ // No errors, no warnings: do the upload
+ if ( $this->mParams['async'] ) {
+ $progress = UploadBase::getSessionStatus( $this->getUser(), $this->mParams['filekey'] );
+ if ( $progress && $progress['result'] === 'Poll' ) {
+ $this->dieWithError( 'apierror-upload-inprogress', 'publishfailed' );
+ }
+ UploadBase::setSessionStatus(
+ $this->getUser(),
+ $this->mParams['filekey'],
+ [ 'result' => 'Poll', 'stage' => 'queued', 'status' => Status::newGood() ]
+ );
+ JobQueueGroup::singleton()->push( new PublishStashedFileJob(
+ Title::makeTitle( NS_FILE, $this->mParams['filename'] ),
+ [
+ 'filename' => $this->mParams['filename'],
+ 'filekey' => $this->mParams['filekey'],
+ 'comment' => $this->mParams['comment'],
+ 'tags' => $this->mParams['tags'],
+ 'text' => $this->mParams['text'],
+ 'watch' => $watch,
+ 'session' => $this->getContext()->exportSession()
+ ]
+ ) );
+ $result['result'] = 'Poll';
+ $result['stage'] = 'queued';
+ } else {
+ /** @var Status $status */
+ $status = $this->mUpload->performUpload( $this->mParams['comment'],
+ $this->mParams['text'], $watch, $this->getUser(), $this->mParams['tags'] );
- $this->dieUsage( 'An internal error occurred', 'internal-error', 0, $error );
+ if ( !$status->isGood() ) {
+ $this->dieRecoverableError( $status->getErrors() );
}
+ $result['result'] = 'Success';
}
- $file = $this->mUpload->getLocalFile();
-
- $result['result'] = 'Success';
$result['filename'] = $file->getName();
-
+ if ( $warnings && count( $warnings ) > 0 ) {
+ $result['warnings'] = $warnings;
+ }
return $result;
}
}
public function getAllowedParams() {
- $params = array(
- 'filename' => array(
+ $params = [
+ 'filename' => [
ApiBase::PARAM_TYPE => 'string',
- ),
- 'comment' => array(
+ ],
+ 'comment' => [
ApiBase::PARAM_DFLT => ''
- ),
- 'text' => null,
- 'token' => null,
- 'watch' => array(
+ ],
+ 'tags' => [
+ ApiBase::PARAM_TYPE => 'tags',
+ ApiBase::PARAM_ISMULTI => true,
+ ],
+ 'text' => [
+ ApiBase::PARAM_TYPE => 'text',
+ ],
+ 'watch' => [
ApiBase::PARAM_DFLT => false,
ApiBase::PARAM_DEPRECATED => true,
- ),
- 'watchlist' => array(
+ ],
+ 'watchlist' => [
ApiBase::PARAM_DFLT => 'preferences',
- ApiBase::PARAM_TYPE => array(
+ ApiBase::PARAM_TYPE => [
'watch',
'preferences',
'nochange'
- ),
- ),
+ ],
+ ],
'ignorewarnings' => false,
- 'file' => null,
+ 'file' => [
+ ApiBase::PARAM_TYPE => 'upload',
+ ],
'url' => null,
- 'sessionkey' => null,
+ 'filekey' => null,
+ 'sessionkey' => [
+ ApiBase::PARAM_DEPRECATED => true,
+ ],
'stash' => false,
- );
- global $wgAllowAsyncCopyUploads;
- if ( $wgAllowAsyncCopyUploads ) {
- $params += array(
- 'asyncdownload' => false,
- 'leavemessage' => false,
- 'statuskey' => null,
- );
- }
- return $params;
- }
-
- public function getParamDescription() {
- $params = array(
- 'filename' => 'Target filename',
- 'token' => 'Edit token. You can get one of these through prop=info',
- 'comment' => 'Upload comment. Also used as the initial page text for new files if "text" is not specified',
- 'text' => 'Initial page text for new files',
- 'watch' => 'Watch the page',
- 'watchlist' => 'Unconditionally add or remove the page from your watchlist, use preferences or do not change watch',
- 'ignorewarnings' => 'Ignore any warnings',
- 'file' => 'File contents',
- 'url' => 'Url to fetch the file from',
- 'sessionkey' => 'Session key that identifies a previous upload that was stashed temporarily.',
- 'stash' => 'If set, the server will not add the file to the repository and stash it temporarily.'
- );
-
- global $wgAllowAsyncCopyUploads;
- if ( $wgAllowAsyncCopyUploads ) {
- $params += array(
- 'asyncdownload' => 'Make fetching a URL asynchronous',
- 'leavemessage' => 'If asyncdownload is used, leave a message on the user talk page if finished',
- 'statuskey' => 'Fetch the upload status for this session key',
- );
- }
+ 'filesize' => [
+ ApiBase::PARAM_TYPE => 'integer',
+ ApiBase::PARAM_MIN => 0,
+ ApiBase::PARAM_MAX => UploadBase::getMaxUploadSize(),
+ ],
+ 'offset' => [
+ ApiBase::PARAM_TYPE => 'integer',
+ ApiBase::PARAM_MIN => 0,
+ ],
+ 'chunk' => [
+ ApiBase::PARAM_TYPE => 'upload',
+ ],
+
+ 'async' => false,
+ 'checkstatus' => false,
+ ];
return $params;
-
- }
-
- public function getDescription() {
- return array(
- 'Upload a file, or get the status of pending uploads. Several methods are available:',
- ' * Upload file contents directly, using the "file" parameter',
- ' * Have the MediaWiki server fetch a file from a URL, using the "url" parameter',
- ' * Complete an earlier upload that failed due to warnings, using the "sessionkey" parameter',
- 'Note that the HTTP POST must be done as a file upload (i.e. using multipart/form-data) when',
- 'sending the "file". Note also that queries using session keys must be',
- 'done in the same login session as the query that originally returned the key (i.e. do not',
- 'log out and then log back in). Also you must get and send an edit token before doing any upload stuff'
- );
- }
-
- public function getPossibleErrors() {
- return array_merge( parent::getPossibleErrors(), array(
- array( 'uploaddisabled' ),
- array( 'invalid-session-key' ),
- array( 'uploaddisabled' ),
- array( 'badaccess-groups' ),
- array( 'mustbeloggedin', 'upload' ),
- array( 'badaccess-groups' ),
- array( 'badaccess-groups' ),
- array( 'code' => 'fetchfileerror', 'info' => '' ),
- array( 'code' => 'nomodule', 'info' => 'No upload module set' ),
- array( 'code' => 'empty-file', 'info' => 'The file you submitted was empty' ),
- array( 'code' => 'filetype-missing', 'info' => 'The file is missing an extension' ),
- array( 'code' => 'filename-tooshort', 'info' => 'The filename is too short' ),
- array( 'code' => 'overwrite', 'info' => 'Overwriting an existing file is not allowed' ),
- array( 'code' => 'stashfailed', 'info' => 'Stashing temporary file failed' ),
- array( 'code' => 'internal-error', 'info' => 'An internal error occurred' ),
- ) );
}
public function needsToken() {
- return true;
+ return 'csrf';
}
- public function getTokenSalt() {
- return '';
- }
-
- protected function getExamples() {
- return array(
- 'Upload from a URL:',
- ' api.php?action=upload&filename=Wiki.png&url=http%3A//upload.wikimedia.org/wikipedia/en/b/bc/Wiki.png',
- 'Complete an upload that failed due to warnings:',
- ' api.php?action=upload&filename=Wiki.png&sessionkey=sessionkey&ignorewarnings=1',
- );
+ protected function getExamplesMessages() {
+ return [
+ 'action=upload&filename=Wiki.png' .
+ '&url=http%3A//upload.wikimedia.org/wikipedia/en/b/bc/Wiki.png&token=123ABC'
+ => 'apihelp-upload-example-url',
+ 'action=upload&filename=Wiki.png&filekey=filekey&ignorewarnings=1&token=123ABC'
+ => 'apihelp-upload-example-filekey',
+ ];
}
- public function getVersion() {
- return __CLASS__ . ': $Id: ApiUpload.php 51812 2009-06-12 23:45:20Z dale $';
+ public function getHelpUrls() {
+ return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Upload';
}
}