';
- break;
- }
+ global $wgOut;
+ $wgOut->addHTML( $form );
}
- if ( $file->wasDeleted() && !$file->exists() ) {
- # If the file existed before and was deleted, warn the user of this
- # Don't bother doing so if the file exists now, however
- $ltitle = SpecialPage::getTitleFor( 'Log' );
- $llink = $sk->makeKnownLinkObj( $ltitle, wfMsgHtml( 'deletionlog' ),
- 'type=delete&page=' . $file->getTitle()->getPrefixedUrl() );
- $warning .= '
' . wfMsgWikiHtml( 'filewasdeleted', $llink ) . '
';
- }
- return $warning;
}
/**
- * Get a list of warnings
+ * Get an UploadForm instance with title and text properly set.
*
- * @param string local filename, e.g. 'file exists', 'non-descriptive filename'
- * @return array list of warning messages
+ * @param $message String: HTML string to add to the form
+ * @param $sessionKey String: session key in case this is a stashed upload
+ * @param $hideIgnoreWarning Boolean: whether to hide "ignore warning" check box
+ * @return UploadForm
*/
- static function ajaxGetExistsWarning( $filename ) {
- $file = wfFindFile( $filename );
- if( !$file ) {
- // Force local file so we have an object to do further checks against
- // if there isn't an exact match...
- $file = wfLocalFile( $filename );
- }
- $s = ' ';
- if ( $file ) {
- $warning = self::getExistsWarning( $file );
- if ( $warning !== '' ) {
- $s = "
$warning
";
- }
+ protected function getUploadForm( $message = '', $sessionKey = '', $hideIgnoreWarning = false ) {
+ global $wgOut;
+
+ # Initialize form
+ $form = new UploadForm( array(
+ 'watch' => $this->getWatchCheck(),
+ 'forreupload' => $this->mForReUpload,
+ 'sessionkey' => $sessionKey,
+ 'hideignorewarning' => $hideIgnoreWarning,
+ 'destwarningack' => (bool)$this->mDestWarningAck,
+
+ 'description' => $this->mComment,
+ 'texttop' => $this->uploadFormTextTop,
+ 'textaftersummary' => $this->uploadFormTextAfterSummary,
+ 'destfile' => $this->mDesiredDestName,
+ ) );
+ $form->setTitle( $this->getTitle() );
+
+ # Check the token, but only if necessary
+ if(
+ !$this->mTokenOk && !$this->mCancelUpload &&
+ ( $this->mUpload && $this->mUploadClicked )
+ )
+ {
+ $form->addPreText( wfMsgExt( 'session_fail_preview', 'parseinline' ) );
+ }
+
+ # Give a notice if the user is uploading a file that has been deleted or moved
+ # Note that this is independent from the message 'filewasdeleted' that requires JS
+ $desiredTitleObj = Title::makeTitleSafe( NS_FILE, $this->mDesiredDestName );
+ $delNotice = ''; // empty by default
+ if ( $desiredTitleObj instanceof Title && !$desiredTitleObj->exists() ) {
+ LogEventsList::showLogExtract( $delNotice, array( 'delete', 'move' ),
+ $desiredTitleObj->getPrefixedText(),
+ '', array( 'lim' => 10,
+ 'conds' => array( "log_action != 'revision'" ),
+ 'showIfEmpty' => false,
+ 'msgKey' => array( 'upload-recreate-warning' ) )
+ );
}
- return $s;
- }
+ $form->addPreText( $delNotice );
- /**
- * Render a preview of a given license for the AJAX preview on upload
- *
- * @param string $license
- * @return string
- */
- public static function ajaxGetLicensePreview( $license ) {
- global $wgParser, $wgUser;
- $text = '{{' . $license . '}}';
- $title = Title::makeTitle( NS_FILE, 'Sample.jpg' );
- $options = ParserOptions::newFromUser( $wgUser );
+ # Add text to form
+ $form->addPreText( '
\n";
- } elseif ( $archivedImage->getID() > 0 ) {
- global $wgOut;
- $name = Title::makeTitle( NS_FILE, $archivedImage->getName() )->getPrefixedText();
- return Xml::tags( 'li', null, wfMsgExt( 'file-deleted-duplicate', array( 'parseinline' ), array( $name ) ) );
- } else {
- return '';
}
- }
- /**
- * Get a list of blacklisted filename prefixes from [[MediaWiki:filename-prefix-blacklist]]
- *
- * @return array list of prefixes
- */
- public static function getFilenamePrefixBlacklist() {
- $blacklist = array();
- $message = wfMsgForContent( 'filename-prefix-blacklist' );
- if( $message && !( wfEmptyMsg( 'filename-prefix-blacklist', $message ) || $message == '-' ) ) {
- $lines = explode( "\n", $message );
- foreach( $lines as $line ) {
- // Remove comment lines
- $comment = substr( trim( $line ), 0, 1 );
- if ( $comment == '#' || $comment == '' ) {
- continue;
- }
- // Remove additional comments after a prefix
- $comment = strpos( $line, '#' );
- if ( $comment > 0 ) {
- $line = substr( $line, 0, $comment-1 );
- }
- $blacklist[] = trim( $line );
- }
+ // Show the relevant lines from deletion log (for still deleted files only)
+ if( $title instanceof Title && $title->isDeletedQuick() && !$title->exists() ) {
+ $this->showDeletionLog( $wgOut, $title->getPrefixedText() );
}
- return $blacklist;
}
/**
- * Stash a file in a temporary directory for later processing
- * after the user has confirmed it.
+ * Stashes the upload and shows the main upload form.
*
- * If the user doesn't explicitly cancel or accept, these files
- * can accumulate in the temp directory.
+ * Note: only errors that can be handled by changing the name or
+ * description should be redirected here. It should be assumed that the
+ * file itself is sane and has passed UploadBase::verifyFile. This
+ * essentially means that UploadBase::VERIFICATION_ERROR and
+ * UploadBase::EMPTY_FILE should not be passed here.
*
- * @param string $saveName - the destination filename
- * @param string $tempName - the source temporary file to save
- * @return string - full path the stashed file, or false on failure
- * @access private
+ * @param $message String: HTML message to be passed to mainUploadForm
*/
- function saveTempUploadedFile( $saveName, $tempName ) {
- global $wgOut;
- $repo = RepoGroup::singleton()->getLocalRepo();
- $status = $repo->storeTemp( $saveName, $tempName );
- if ( !$status->isGood() ) {
- $this->showError( $status->getWikiText() );
- return false;
- } else {
- return $status->value;
- }
+ protected function showRecoverableUploadError( $message ) {
+ $sessionKey = $this->mUpload->stashSession();
+ $message = '
' . wfMsgHtml( 'uploadwarning' ) . "
\n" .
+ '
' . $message . "
\n";
+
+ $form = $this->getUploadForm( $message, $sessionKey );
+ $form->setSubmitText( wfMsg( 'upload-tryagain' ) );
+ $this->showUploadForm( $form );
}
-
/**
- * Stash a file in a temporary directory for later processing,
- * and save the necessary descriptive info into the session.
- * Returns a key value which will be passed through a form
- * to pick up the path info on a later invocation.
+ * Stashes the upload, shows the main form, but adds an "continue anyway button".
+ * Also checks whether there are actually warnings to display.
*
- * @return int
- * @access private
+ * @param $warnings Array
+ * @return boolean true if warnings were displayed, false if there are no
+ * warnings and the should continue processing like there was no warning
*/
- function stashSession() {
- $stash = $this->saveTempUploadedFile( $this->mDestName, $this->mTempPath );
-
- if( !$stash ) {
- # Couldn't save the file.
+ protected function showUploadWarning( $warnings ) {
+ # If there are no warnings, or warnings we can ignore, return early.
+ # mDestWarningAck is set when some javascript has shown the warning
+ # to the user. mForReUpload is set when the user clicks the "upload a
+ # new version" link.
+ if ( !$warnings || ( count( $warnings ) == 1 &&
+ isset( $warnings['exists'] ) &&
+ ( $this->mDestWarningAck || $this->mForReUpload ) ) )
+ {
return false;
}
- $key = mt_rand( 0, 0x7fffffff );
- $_SESSION['wsUploadData'][$key] = array(
- 'mTempPath' => $stash,
- 'mFileSize' => $this->mFileSize,
- 'mSrcName' => $this->mSrcName,
- 'mFileProps' => $this->mFileProps,
- 'version' => self::SESSION_VERSION,
- );
- return $key;
- }
+ $sessionKey = $this->mUpload->stashSession();
- /**
- * Remove a temporarily kept file stashed by saveTempUploadedFile().
- * @access private
- * @return success
- */
- function unsaveUploadedFile() {
- global $wgOut;
- $repo = RepoGroup::singleton()->getLocalRepo();
- $success = $repo->freeTemp( $this->mTempPath );
- if ( ! $success ) {
- $wgOut->showFileDeleteError( $this->mTempPath );
- return false;
- } else {
- return true;
+ $warningHtml = '
\n" );
- $wgOut->addHTML( '' . $error . '' );
+ $this->showUploadForm( $form );
+
+ # Indicate that we showed a form
+ return true;
}
/**
- * There's something wrong with this file, not enough to reject it
- * totally but we require manual intervention to save it for real.
- * Stash it away, then present a form asking to confirm or cancel.
+ * Show the upload form with error message, but do not stash the file.
*
- * @param string $warning as HTML
- * @access private
+ * @param $message HTML string
*/
- function uploadWarning( $warning ) {
- global $wgOut;
- global $wgUseCopyrightUpload;
-
- $this->mSessionKey = $this->stashSession();
- if( !$this->mSessionKey ) {
- # Couldn't save file; an error has been displayed so let's go.
- return;
- }
-
- $wgOut->addHTML( '
\n" );
- # Print a list of allowed file extensions, if so configured. We ignore
- # MIME type here, it's incomprehensible to most people and too long.
- global $wgCheckFileExtensions, $wgStrictFileExtensions,
- $wgFileExtensions, $wgFileBlacklist;
+ $this->mLocalFile = $this->mUpload->getLocalFile();
- $allowedExtensions = '';
- if( $wgCheckFileExtensions ) {
- if( $wgStrictFileExtensions ) {
- # Everything not permitted is banned
- $extensionsList =
- '
"
- );
+ /**
+ * Get the initial image page text based on a comment and optional file status information
+ */
+ public static function getInitialPageText( $comment = '', $license = '', $copyStatus = '', $source = '' ) {
+ global $wgUseCopyrightUpload, $wgForceUIMsgAsContentMsg;
+ $wgForceUIMsgAsContentMsg = (array) $wgForceUIMsgAsContentMsg;
+
+ /* These messages are transcluded into the actual text of the description page.
+ * Thus, forcing them as content messages makes the upload to produce an int: template
+ * instead of hardcoding it there in the uploader language.
+ */
+ foreach( array( 'license-header', 'filedesc', 'filestatus', 'filesource' ) as $msgName ) {
+ if ( in_array( $msgName, $wgForceUIMsgAsContentMsg ) ) {
+ $msg[$msgName] = "{{int:$msgName}}";
+ } else {
+ $msg[$msgName] = wfMsgForContent( $msgName );
}
}
if ( $wgUseCopyrightUpload ) {
- $filestatus = wfMsgExt( 'filestatus', 'escapenoentities' );
- $copystatus = htmlspecialchars( $this->mCopyrightStatus );
- $filesource = wfMsgExt( 'filesource', 'escapenoentities' );
- $uploadsource = htmlspecialchars( $this->mCopyrightSource );
-
- $wgOut->addHTML( "
-
" .
- Xml::closeElement( 'table' ) .
- Xml::hidden( 'wpDestFileWarningAck', '', array( 'id' => 'wpDestFileWarningAck' ) ) .
- Xml::closeElement( 'fieldset' ) .
- Xml::closeElement( 'form' )
- );
- $uploadfooter = wfMsgNoTrans( 'uploadfooter' );
- if( $uploadfooter != '-' && !wfEmptyMsg( 'uploadfooter', $uploadfooter ) ){
- $wgOut->addWikiText( '' );
+ $licensetxt = '';
+ if ( $license != '' ) {
+ $licensetxt = '== ' . $msg[ 'license-header' ] . " ==\n" . '{{' . $license . '}}' . "\n";
+ }
+ $pageText = '== ' . $msg[ 'filedesc' ] . " ==\n" . $comment . "\n" .
+ '== ' . $msg[ 'filestatus' ] . " ==\n" . $copyStatus . "\n" .
+ "$licensetxt" .
+ '== ' . $msg[ 'filesource' ] . " ==\n" . $source;
+ } else {
+ if ( $license != '' ) {
+ $filedesc = $comment == '' ? '' : '== ' . $msg[ 'filedesc' ] . " ==\n" . $comment . "\n";
+ $pageText = $filedesc .
+ '== ' . $msg[ 'license-header' ] . " ==\n" . '{{' . $license . '}}' . "\n";
+ } else {
+ $pageText = $comment;
+ }
}
+ return $pageText;
}
- /* -------------------------------------------------------------- */
-
/**
* See if we should check the 'watch this page' checkbox on the form
* based on the user's preferences and whether we're being asked
@@ -1254,13 +533,13 @@ wgUploadAutoFill = {$autofill};
* Note that the page target can be changed *on the form*, so our check
* state can get out of sync.
*/
- function watchCheck() {
+ protected function getWatchCheck() {
global $wgUser;
if( $wgUser->getOption( 'watchdefault' ) ) {
// Watch all edits!
return true;
}
-
+
$local = wfLocalFile( $this->mDesiredDestName );
if( $local && $local->exists() ) {
// We're uploading a new version of an existing file.
@@ -1272,540 +551,577 @@ wgUploadAutoFill = {$autofill};
}
}
- /**
- * Split a file into a base name and all dot-delimited 'extensions'
- * on the end. Some web server configurations will fall back to
- * earlier pseudo-'extensions' to determine type and execute
- * scripts, so the blacklist needs to check them all.
- *
- * @return array
- */
- public function splitExtensions( $filename ) {
- $bits = explode( '.', $filename );
- $basename = array_shift( $bits );
- return array( $basename, $bits );
- }
-
- /**
- * Perform case-insensitive match against a list of file extensions.
- * Returns true if the extension is in the list.
- *
- * @param string $ext
- * @param array $list
- * @return bool
- */
- function checkFileExtension( $ext, $list ) {
- return in_array( strtolower( $ext ), $list );
- }
/**
- * Perform case-insensitive match against a list of file extensions.
- * Returns true if any of the extensions are in the list.
+ * Provides output to the user for a result of UploadBase::verifyUpload
*
- * @param array $ext
- * @param array $list
- * @return bool
+ * @param $details Array: result of UploadBase::verifyUpload
*/
- public function checkFileExtensionList( $ext, $list ) {
- foreach( $ext as $e ) {
- if( in_array( strtolower( $e ), $list ) ) {
- return true;
- }
- }
- return false;
- }
+ protected function processVerificationError( $details ) {
+ global $wgFileExtensions, $wgLang;
- /**
- * Verifies that it's ok to include the uploaded file
- *
- * @param string $tmpfile the full path of the temporary file to verify
- * @param string $extension The filename extension that the file is to be served with
- * @return mixed true of the file is verified, a WikiError object otherwise.
- */
- function verify( $tmpfile, $extension ) {
- #magically determine mime type
- $magic = MimeMagic::singleton();
- $mime = $magic->guessMimeType($tmpfile,false);
-
-
- #check mime type, if desired
- global $wgVerifyMimeType;
- if ($wgVerifyMimeType) {
- wfDebug ( "\n\nmime: <$mime> extension: <$extension>\n\n");
- #check mime type against file extension
- if( !self::verifyExtension( $mime, $extension ) ) {
- return new WikiErrorMsg( 'uploadcorrupt' );
- }
+ switch( $details['status'] ) {
- #check mime type blacklist
- global $wgMimeTypeBlacklist;
- if( isset($wgMimeTypeBlacklist) && !is_null($wgMimeTypeBlacklist) ) {
- if ( $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) {
- return new WikiErrorMsg( 'filetype-badmime', htmlspecialchars( $mime ) );
- }
+ /** Statuses that only require name changing **/
+ case UploadBase::MIN_LENGTH_PARTNAME:
+ $this->showRecoverableUploadError( wfMsgHtml( 'minlength1' ) );
+ break;
+ case UploadBase::ILLEGAL_FILENAME:
+ $this->showRecoverableUploadError( wfMsgExt( 'illegalfilename',
+ 'parseinline', $details['filtered'] ) );
+ break;
+ case UploadBase::FILETYPE_MISSING:
+ $this->showRecoverableUploadError( wfMsgExt( 'filetype-missing',
+ 'parseinline' ) );
+ break;
- # Check IE type
- $fp = fopen( $tmpfile, 'rb' );
- $chunk = fread( $fp, 256 );
- fclose( $fp );
- $extMime = $magic->guessTypesForExtension( $extension );
- $ieTypes = $magic->getIEMimeTypes( $tmpfile, $chunk, $extMime );
- foreach ( $ieTypes as $ieType ) {
- if ( $this->checkFileExtension( $ieType, $wgMimeTypeBlacklist ) ) {
- return new WikiErrorMsg( 'filetype-bad-ie-mime', $ieType );
- }
+ /** Statuses that require reuploading **/
+ case UploadBase::EMPTY_FILE:
+ $this->showUploadError( wfMsgHtml( 'emptyfile' ) );
+ break;
+ case UploadBase::FILE_TOO_LARGE:
+ $this->showUploadError( wfMsgHtml( 'largefileserver' ) );
+ break;
+ case UploadBase::FILETYPE_BADTYPE:
+ $finalExt = $details['finalExt'];
+ $this->showUploadError(
+ wfMsgExt( 'filetype-banned-type',
+ array( 'parseinline' ),
+ htmlspecialchars( $finalExt ),
+ implode(
+ wfMsgExt( 'comma-separator', array( 'escapenoentities' ) ),
+ $wgFileExtensions
+ ),
+ $wgLang->formatNum( count( $wgFileExtensions ) )
+ )
+ );
+ break;
+ case UploadBase::VERIFICATION_ERROR:
+ unset( $details['status'] );
+ $code = array_shift( $details['details'] );
+ $this->showUploadError( wfMsgExt( $code, 'parseinline', $details['details'] ) );
+ break;
+ case UploadBase::HOOK_ABORTED:
+ if ( is_array( $details['error'] ) ) { # allow hooks to return error details in an array
+ $args = $details['error'];
+ $error = array_shift( $args );
+ } else {
+ $error = $details['error'];
+ $args = null;
}
- }
- }
-
- #check for htmlish code and javascript
- if( $this->detectScript ( $tmpfile, $mime, $extension ) ) {
- return new WikiErrorMsg( 'uploadscripted' );
- }
- if( $extension == 'svg' || $mime == 'image/svg+xml' ) {
- if( $this->detectScriptInSvg( $tmpfile ) ) {
- return new WikiErrorMsg( 'uploadscripted' );
- }
- }
- /**
- * Scan the uploaded file for viruses
- */
- $virus= $this->detectVirus($tmpfile);
- if ( $virus ) {
- return new WikiErrorMsg( 'uploadvirus', htmlspecialchars($virus) );
+ $this->showUploadError( wfMsgExt( $error, 'parseinline', $args ) );
+ break;
+ default:
+ throw new MWException( __METHOD__ . ": Unknown value `{$details['status']}`" );
}
-
- wfDebug( __METHOD__.": all clear; passing.\n" );
- return true;
}
/**
- * Checks if the mime type of the uploaded file matches the file extension.
+ * Remove a temporarily kept file stashed by saveTempUploadedFile().
*
- * @param string $mime the mime type of the uploaded file
- * @param string $extension The filename extension that the file is to be served with
- * @return bool
+ * @return Boolean: success
*/
- static function verifyExtension( $mime, $extension ) {
- $magic = MimeMagic::singleton();
-
- if ( ! $mime || $mime == 'unknown' || $mime == 'unknown/unknown' )
- if ( ! $magic->isRecognizableExtension( $extension ) ) {
- wfDebug( __METHOD__.": passing file with unknown detected mime type; " .
- "unrecognized extension '$extension', can't verify\n" );
- return true;
- } else {
- wfDebug( __METHOD__.": rejecting file with unknown detected mime type; ".
- "recognized extension '$extension', so probably invalid file\n" );
- return false;
- }
-
- $match= $magic->isMatchingExtension($extension,$mime);
-
- if ($match===NULL) {
- wfDebug( __METHOD__.": no file extension known for mime type $mime, passing file\n" );
- return true;
- } elseif ($match===true) {
- wfDebug( __METHOD__.": mime type $mime matches extension $extension, passing file\n" );
-
- #TODO: if it's a bitmap, make sure PHP or ImageMagic resp. can handle it!
+ protected function unsaveUploadedFile() {
+ global $wgOut;
+ if ( !( $this->mUpload instanceof UploadFromStash ) ) {
return true;
-
- } else {
- wfDebug( __METHOD__.": mime type $mime mismatches file extension $extension, rejecting file\n" );
+ }
+ $success = $this->mUpload->unsaveUploadedFile();
+ if ( !$success ) {
+ $wgOut->showFileDeleteError( $this->mUpload->getTempPath() );
return false;
+ } else {
+ return true;
}
}
+ /*** Functions for formatting warnings ***/
/**
- * Heuristic for detecting files that *could* contain JavaScript instructions or
- * things that may look like HTML to a browser and are thus
- * potentially harmful. The present implementation will produce false positives in some situations.
+ * Formats a result of UploadBase::getExistsWarning as HTML
+ * This check is static and can be done pre-upload via AJAX
*
- * @param string $file Pathname to the temporary upload file
- * @param string $mime The mime type of the file
- * @param string $extension The extension of the file
- * @return bool true if the file contains something looking like embedded scripts
+ * @param $exists Array: the result of UploadBase::getExistsWarning
+ * @return String: empty string if there is no warning or an HTML fragment
*/
- function detectScript($file, $mime, $extension) {
- global $wgAllowTitlesInSVG;
-
- #ugly hack: for text files, always look at the entire file.
- #For binarie field, just check the first K.
-
- if (strpos($mime,'text/')===0) $chunk = file_get_contents( $file );
- else {
- $fp = fopen( $file, 'rb' );
- $chunk = fread( $fp, 1024 );
- fclose( $fp );
- }
-
- $chunk= strtolower( $chunk );
-
- if (!$chunk) return false;
-
- #decode from UTF-16 if needed (could be used for obfuscation).
- if (substr($chunk,0,2)=="\xfe\xff") $enc= "UTF-16BE";
- elseif (substr($chunk,0,2)=="\xff\xfe") $enc= "UTF-16LE";
- else $enc= NULL;
-
- if ($enc) $chunk= iconv($enc,"ASCII//IGNORE",$chunk);
-
- $chunk= trim($chunk);
-
- #FIXME: convert from UTF-16 if necessarry!
-
- wfDebug("SpecialUpload::detectScript: checking for embedded scripts and HTML stuff\n");
-
- #check for HTML doctype
- if (eregi("getTitle()->getPrefixedText();
+ $warning = '';
- #look for html-style script-urls
- if (preg_match('!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim',$chunk)) return true;
+ $sk = $wgUser->getSkin();
- #look for css-style script-urls
- if (preg_match('!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim',$chunk)) return true;
+ if( $exists['warning'] == 'exists' ) {
+ // Exact match
+ $warning = wfMsgExt( 'fileexists', 'parseinline', $filename );
+ } elseif( $exists['warning'] == 'page-exists' ) {
+ // Page exists but file does not
+ $warning = wfMsgExt( 'filepageexists', 'parseinline', $filename );
+ } elseif ( $exists['warning'] == 'exists-normalized' ) {
+ $warning = wfMsgExt( 'fileexists-extension', 'parseinline', $filename,
+ $exists['normalizedFile']->getTitle()->getPrefixedText() );
+ } elseif ( $exists['warning'] == 'thumb' ) {
+ // Swapped argument order compared with other messages for backwards compatibility
+ $warning = wfMsgExt( 'fileexists-thumbnail-yes', 'parseinline',
+ $exists['thumbFile']->getTitle()->getPrefixedText(), $filename );
+ } elseif ( $exists['warning'] == 'thumb-name' ) {
+ // Image w/o '180px-' does not exists, but we do not like these filenames
+ $name = $file->getName();
+ $badPart = substr( $name, 0, strpos( $name, '-' ) + 1 );
+ $warning = wfMsgExt( 'file-thumbnail-no', 'parseinline', $badPart );
+ } elseif ( $exists['warning'] == 'bad-prefix' ) {
+ $warning = wfMsgExt( 'filename-bad-prefix', 'parseinline', $exists['prefix'] );
+ } elseif ( $exists['warning'] == 'was-deleted' ) {
+ # If the file existed before and was deleted, warn the user of this
+ $ltitle = SpecialPage::getTitleFor( 'Log' );
+ $llink = $sk->linkKnown(
+ $ltitle,
+ wfMsgHtml( 'deletionlog' ),
+ array(),
+ array(
+ 'type' => 'delete',
+ 'page' => $filename
+ )
+ );
+ $warning = wfMsgWikiHtml( 'filewasdeleted', $llink );
+ }
- wfDebug("SpecialUpload::detectScript: no scripts found\n");
- return false;
+ return $warning;
}
- function detectScriptInSvg( $filename ) {
- $check = new XmlTypeCheck( $filename, array( $this, 'checkSvgScriptCallback' ) );
- return $check->filterMatch;
- }
-
/**
- * @todo Replace this with a whitelist filter!
+ * Get a list of warnings
+ *
+ * @param $filename String: local filename, e.g. 'file exists', 'non-descriptive filename'
+ * @return Array: list of warning messages
*/
- function checkSvgScriptCallback( $element, $attribs ) {
- $stripped = $this->stripXmlNamespace( $element );
-
- if( $stripped == 'script' ) {
- wfDebug( __METHOD__ . ": Found script element '$element' in uploaded file.\n" );
- return true;
+ public static function ajaxGetExistsWarning( $filename ) {
+ $file = wfFindFile( $filename );
+ if( !$file ) {
+ // Force local file so we have an object to do further checks against
+ // if there isn't an exact match...
+ $file = wfLocalFile( $filename );
}
-
- foreach( $attribs as $attrib => $value ) {
- $stripped = $this->stripXmlNamespace( $attrib );
- if( substr( $stripped, 0, 2 ) == 'on' ) {
- wfDebug( __METHOD__ . ": Found script attribute '$attrib'='value' in uploaded file.\n" );
- return true;
- }
- if( $stripped == 'href' && strpos( strtolower( $value ), 'javascript:' ) !== false ) {
- wfDebug( __METHOD__ . ": Found script href attribute '$attrib'='$value' in uploaded file.\n" );
- return true;
+ $s = ' ';
+ if ( $file ) {
+ $exists = UploadBase::getExistsWarning( $file );
+ $warning = self::getExistsWarning( $exists );
+ if ( $warning !== '' ) {
+ $s = "
$warning
";
}
}
+ return $s;
}
-
- private function stripXmlNamespace( $name ) {
- // 'http://www.w3.org/2000/svg:script' -> 'script'
- $parts = explode( ':', strtolower( $name ) );
- return array_pop( $parts );
- }
-
+
/**
- * Generic wrapper function for a virus scanner program.
- * This relies on the $wgAntivirus and $wgAntivirusSetup variables.
- * $wgAntivirusRequired may be used to deny upload if the scan fails.
- *
- * @param string $file Pathname to the temporary upload file
- * @return mixed false if not virus is found, NULL if the scan fails or is disabled,
- * or a string containing feedback from the virus scanner if a virus was found.
- * If textual feedback is missing but a virus was found, this function returns true.
+ * Construct a warning and a gallery from an array of duplicate files.
*/
- function detectVirus($file) {
- global $wgAntivirus, $wgAntivirusSetup, $wgAntivirusRequired, $wgOut;
-
- if ( !$wgAntivirus ) {
- wfDebug( __METHOD__.": virus scanner disabled\n");
- return NULL;
+ public static function getDupeWarning( $dupes ) {
+ if( $dupes ) {
+ global $wgOut;
+ $msg = '';
+ foreach( $dupes as $file ) {
+ $title = $file->getTitle();
+ $msg .= $title->getPrefixedText() .
+ '|' . $title->getText() . "\n";
+ }
+ $msg .= '';
+ return '