http://www.mediawiki.org/wiki/Special:Code/MediaWiki/62598
Revision: 62598 Author: ashley Date: 2010-02-16 21:33:55 +0000 (Tue, 16 Feb 2010) Log Message: ----------- more braces, documentation and spacing tweaks Modified Paths: -------------- trunk/phase3/includes/upload/UploadBase.php Modified: trunk/phase3/includes/upload/UploadBase.php =================================================================== --- trunk/phase3/includes/upload/UploadBase.php 2010-02-16 21:20:41 UTC (rev 62597) +++ trunk/phase3/includes/upload/UploadBase.php 2010-02-16 21:33:55 UTC (rev 62598) @@ -40,8 +40,9 @@ */ public static function isEnabled() { global $wgEnableUploads; - if ( !$wgEnableUploads ) + if ( !$wgEnableUploads ) { return false; + } # Check php's file_uploads setting if( !wfIniGetBool( 'file_uploads' ) ) { @@ -56,8 +57,9 @@ * Can be overriden by subclasses. */ public static function isAllowed( $user ) { - if( !$user->isAllowed( 'upload' ) ) + if( !$user->isAllowed( 'upload' ) ) { return 'upload'; + } return true; } @@ -70,8 +72,9 @@ public static function createFromRequest( &$request, $type = null ) { $type = $type ? $type : $request->getVal( 'wpSourceType', 'File' ); - if( !$type ) + if( !$type ) { return null; + } // Get the upload class $type = ucfirst( $type ); @@ -82,17 +85,20 @@ if ( is_null( $className ) ) { $className = 'UploadFrom' . $type; wfDebug( __METHOD__ . ": class name: $className\n" ); - if( !in_array( $type, self::$uploadHandlers ) ) + if( !in_array( $type, self::$uploadHandlers ) ) { return null; + } } // Check whether this upload class is enabled - if( !call_user_func( array( $className, 'isEnabled' ) ) ) + if( !call_user_func( array( $className, 'isEnabled' ) ) ) { return null; + } // Check whether the request is valid - if( !call_user_func( array( $className, 'isValidRequest' ), $request ) ) + if( !call_user_func( array( $className, 'isValidRequest' ), $request ) ) { return null; + } $handler = new $className; @@ -139,16 +145,15 @@ /** * Return the file size */ - public function isEmptyFile(){ + public function isEmptyFile() { return empty( $this->mFileSize ); } /** - * getRealPath - * @param string $srcPath the source path - * @returns the real path if it was a virtual url - */ - function getRealPath( $srcPath ){ + * @param string $srcPath the source path + * @returns the real path if it was a virtual URL + */ + function getRealPath( $srcPath ) { $repo = RepoGroup::singleton()->getLocalRepo(); if ( $repo->isVirtualUrl( $srcPath ) ) { return $repo->resolveVirtualUrl( $srcPath ); @@ -164,8 +169,9 @@ /** * If there was no filename or a zero size given, give up quick. */ - if( $this->isEmptyFile() ) + if( $this->isEmptyFile() ) { return array( 'status' => self::EMPTY_FILE ); + } /** * Look at the contents of the file; if we can recognize the @@ -174,20 +180,24 @@ */ $verification = $this->verifyFile(); if( $verification !== true ) { - if( !is_array( $verification ) ) + if( !is_array( $verification ) ) { $verification = array( $verification ); - return array( 'status' => self::VERIFICATION_ERROR, - 'details' => $verification ); - + } + return array( + 'status' => self::VERIFICATION_ERROR, + 'details' => $verification + ); } $nt = $this->getTitle(); if( is_null( $nt ) ) { $result = array( 'status' => $this->mTitleError ); - if( $this->mTitleError == self::ILLEGAL_FILENAME ) + if( $this->mTitleError == self::ILLEGAL_FILENAME ) { $result['filtered'] = $this->mFilteredName; - if ( $this->mTitleError == self::FILETYPE_BADTYPE ) + } + if ( $this->mTitleError == self::FILETYPE_BADTYPE ) { $result['finalExt'] = $this->mFinalExtension; + } return $result; } $this->mDestName = $this->getLocalFile()->getName(); @@ -196,8 +206,12 @@ * In some cases we may forbid overwriting of existing files. */ $overwrite = $this->checkOverwrite(); - if( $overwrite !== true ) - return array( 'status' => self::OVERWRITE_EXISTING_FILE, 'overwrite' => $overwrite ); + if( $overwrite !== true ) { + return array( + 'status' => self::OVERWRITE_EXISTING_FILE, + 'overwrite' => $overwrite + ); + } $error = ''; if( !wfRunHooks( 'UploadVerification', @@ -218,16 +232,17 @@ $this->mFileProps = File::getPropsFromPath( $this->mTempPath, $this->mFinalExtension ); $this->checkMacBinary(); - #magically determine mime type + # magically determine mime type $magic = MimeMagic::singleton(); $mime = $magic->guessMimeType( $this->mTempPath, false ); - #check mime type, if desired + # check mime type, if desired global $wgVerifyMimeType; if ( $wgVerifyMimeType ) { global $wgMimeTypeBlacklist; - if ( $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) + if ( $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) { return array( 'filetype-badmime', $mime ); + } # Check IE type $fp = fopen( $this->mTempPath, 'rb' ); @@ -242,7 +257,7 @@ } } - #check for htmlish code and javascript + # check for htmlish code and javascript if( self::detectScript( $this->mTempPath, $mime, $this->mFinalExtension ) ) { return 'uploadscripted'; } @@ -276,8 +291,9 @@ * to modify it by uploading a new revision. */ $nt = $this->getTitle(); - if( is_null( $nt ) ) + if( is_null( $nt ) ) { return true; + } $permErrors = $nt->getUserPermissionsErrors( 'edit', $user ); $permErrorsUpload = $nt->getUserPermissionsErrors( 'upload', $user ); $permErrorsCreate = ( $nt->exists() ? array() : $nt->getUserPermissionsErrors( 'create', $user ) ); @@ -302,34 +318,38 @@ $n = strrpos( $filename, '.' ); $partname = $n ? substr( $filename, 0, $n ) : $filename; - /* + /** * Check whether the resulting filename is different from the desired one, * but ignore things like ucfirst() and spaces/underscore things */ $comparableName = str_replace( ' ', '_', $this->mDesiredDestName ); $comparableName = Title::capitalize( $comparableName, NS_FILE ); - if( $this->mDesiredDestName != $filename && $comparableName != $filename ) + if( $this->mDesiredDestName != $filename && $comparableName != $filename ) { $warnings['badfilename'] = $filename; + } // Check whether the file extension is on the unwanted list global $wgCheckFileExtensions, $wgFileExtensions; if ( $wgCheckFileExtensions ) { - if ( !$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) + if ( !$this->checkFileExtension( $this->mFinalExtension, $wgFileExtensions ) ) { $warnings['filetype-unwanted-type'] = $this->mFinalExtension; + } } global $wgUploadSizeWarning; - if ( $wgUploadSizeWarning && ( $this->mFileSize > $wgUploadSizeWarning ) ) + if ( $wgUploadSizeWarning && ( $this->mFileSize > $wgUploadSizeWarning ) ) { $warnings['large-file'] = $wgUploadSizeWarning; + } - if ( $this->mFileSize == 0 ) + if ( $this->mFileSize == 0 ) { $warnings['emptyfile'] = true; + } - $exists = self::getExistsWarning( $localFile ); - if( $exists !== false ) + if( $exists !== false ) { $warnings['exists'] = $exists; + } // Check dupes against existing files $hash = File::sha1Base36( $this->mTempPath ); @@ -337,16 +357,19 @@ $title = $this->getTitle(); // Remove all matches against self foreach ( $dupes as $key => $dupe ) { - if( $title->equals( $dupe->getTitle() ) ) + if( $title->equals( $dupe->getTitle() ) ) { unset( $dupes[$key] ); + } } - if( $dupes ) + if( $dupes ) { $warnings['duplicate'] = $dupes; + } // Check dupes against archives $archivedImage = new ArchivedFile( null, 0, "{$hash}.{$this->mFinalExtension}" ); - if ( $archivedImage->getID() > 0 ) + if ( $archivedImage->getID() > 0 ) { $warnings['duplicate-archive'] = $archivedImage->getName(); + } return $warnings; } @@ -362,11 +385,13 @@ $status = $this->getLocalFile()->upload( $this->mTempPath, $comment, $pageText, File::DELETE_SOURCE, $this->mFileProps, false, $user ); - if( $status->isGood() && $watch ) + if( $status->isGood() && $watch ) { $user->addWatch( $this->getLocalFile()->getTitle() ); + } - if( $status->isGood() ) + if( $status->isGood() ) { wfRunHooks( 'UploadComplete', array( &$this ) ); + } return $status; } @@ -378,8 +403,9 @@ * @return Title The title of the file or null in case the name was illegal */ public function getTitle() { - if ( $this->mTitle !== false ) + if ( $this->mTitle !== false ) { return $this->mTitle; + } /** * Chop off any directories in the given filename. Then @@ -425,8 +451,9 @@ # If there was more than one "extension", reassemble the base # filename to prevent bogus complaints about length if( count( $ext ) > 1 ) { - for( $i = 0; $i < count( $ext ) - 1; $i++ ) + for( $i = 0; $i < count( $ext ) - 1; $i++ ) { $partname .= '.' . $ext[$i]; + } } if( strlen( $partname ) < 1 ) { @@ -463,7 +490,6 @@ * @param string $saveName - the destination filename * @param string $tempSrc - the source temporary file to save * @return string - full path the stashed file, or false on failure - * @access private */ protected function saveTempUploadedFile( $saveName, $tempSrc ) { $repo = RepoGroup::singleton()->getLocalRepo(); @@ -485,8 +511,9 @@ # Couldn't save the file. return false; } - if(!isset($_SESSION)) + if( !isset( $_SESSION ) ) { session_start(); // start up the session (might have been previously closed to prevent php session locking) + } $key = $this->getSessionKey(); $_SESSION['wsUploadData'][$key] = array( 'mTempPath' => $status->value, @@ -500,17 +527,15 @@ /** * Generate a random session key from stash in cases where we want to start an upload without much information */ - protected function getSessionKey(){ + protected function getSessionKey() { $key = mt_rand( 0, 0x7fffffff ); $_SESSION['wsUploadData'][$key] = array(); return $key; } - /** * If we've modified the upload file we need to manually remove it * on exit to clean up. - * @access private */ public function cleanupTempFile() { if ( $this->mRemoveTempFile && $this->mTempPath && file_exists( $this->mTempPath ) ) { @@ -607,7 +632,8 @@ /** * Heuristic for detecting files that *could* contain JavaScript instructions or * things that may look like HTML to a browser and are thus - * potentially harmful. The present implementation will produce false positives in some situations. + * potentially harmful. The present implementation will produce false + * positives in some situations. * * @param string $file Pathname to the temporary upload file * @param string $mime The mime type of the file @@ -617,12 +643,12 @@ public static function detectScript( $file, $mime, $extension ) { global $wgAllowTitlesInSVG; - #ugly hack: for text files, always look at the entire file. - #For binary field, just check the first K. + # ugly hack: for text files, always look at the entire file. + # For binary field, just check the first K. - if( strpos( $mime,'text/' ) === 0 ) + if( strpos( $mime,'text/' ) === 0 ) { $chunk = file_get_contents( $file ); - else { + } else { $fp = fopen( $file, 'rb' ); $chunk = fread( $fp, 1024 ); fclose( $fp ); @@ -630,44 +656,48 @@ $chunk = strtolower( $chunk ); - if( !$chunk ) + if( !$chunk ) { return false; + } - #decode from UTF-16 if needed (could be used for obfuscation). - if( substr( $chunk, 0, 2 ) == "\xfe\xff" ) - $enc = "UTF-16BE"; - elseif( substr( $chunk, 0, 2 ) == "\xff\xfe" ) - $enc = "UTF-16LE"; - else + # decode from UTF-16 if needed (could be used for obfuscation). + if( substr( $chunk, 0, 2 ) == "\xfe\xff" ) { + $enc = 'UTF-16BE'; + } elseif( substr( $chunk, 0, 2 ) == "\xff\xfe" ) { + $enc = 'UTF-16LE'; + } else { $enc = null; + } - if( $enc ) + if( $enc ) { $chunk = iconv( $enc, "ASCII//IGNORE", $chunk ); + } $chunk = trim( $chunk ); - #FIXME: convert from UTF-16 if necessarry! + # FIXME: convert from UTF-16 if necessarry! wfDebug( __METHOD__ . ": checking for embedded scripts and HTML stuff\n" ); - #check for HTML doctype - if ( preg_match( "/<!DOCTYPE *X?HTML/i", $chunk ) ) + # check for HTML doctype + if ( preg_match( "/<!DOCTYPE *X?HTML/i", $chunk ) ) { return true; + } /** - * Internet Explorer for Windows performs some really stupid file type - * autodetection which can cause it to interpret valid image files as HTML - * and potentially execute JavaScript, creating a cross-site scripting - * attack vectors. - * - * Apple's Safari browser also performs some unsafe file type autodetection - * which can cause legitimate files to be interpreted as HTML if the - * web server is not correctly configured to send the right content-type - * (or if you're really uploading plain text and octet streams!) - * - * Returns true if IE is likely to mistake the given file for HTML. - * Also returns true if Safari would mistake the given file for HTML - * when served with a generic content-type. - */ + * Internet Explorer for Windows performs some really stupid file type + * autodetection which can cause it to interpret valid image files as HTML + * and potentially execute JavaScript, creating a cross-site scripting + * attack vectors. + * + * Apple's Safari browser also performs some unsafe file type autodetection + * which can cause legitimate files to be interpreted as HTML if the + * web server is not correctly configured to send the right content-type + * (or if you're really uploading plain text and octet streams!) + * + * Returns true if IE is likely to mistake the given file for HTML. + * Also returns true if Safari would mistake the given file for HTML + * when served with a generic content-type. + */ $tags = array( '<a href', '<body', @@ -693,20 +723,23 @@ * look for JavaScript */ - #resolve entity-refs to look at attributes. may be harsh on big files... cache result? + # resolve entity-refs to look at attributes. may be harsh on big files... cache result? $chunk = Sanitizer::decodeCharReferences( $chunk ); - #look for script-types - if( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) ) + # look for script-types + if( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) ) { return true; + } - #look for html-style script-urls - if( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) ) + # look for html-style script-urls + if( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) ) { return true; + } - #look for css-style script-urls - if( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) ) + # look for css-style script-urls + if( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) ) { return true; + } wfDebug( __METHOD__ . ": no scripts found\n" ); return false; @@ -772,12 +805,12 @@ } # look up scanner configuration - $command = $wgAntivirusSetup[$wgAntivirus]["command"]; - $exitCodeMap = $wgAntivirusSetup[$wgAntivirus]["codemap"]; - $msgPattern = isset( $wgAntivirusSetup[$wgAntivirus]["messagepattern"] ) ? - $wgAntivirusSetup[$wgAntivirus]["messagepattern"] : null; + $command = $wgAntivirusSetup[$wgAntivirus]['command']; + $exitCodeMap = $wgAntivirusSetup[$wgAntivirus]['codemap']; + $msgPattern = isset( $wgAntivirusSetup[$wgAntivirus]['messagepattern'] ) ? + $wgAntivirusSetup[$wgAntivirus]['messagepattern'] : null; - if ( strpos( $command,"%f" ) === false ) { + if ( strpos( $command, "%f" ) === false ) { # simple pattern: append file to scan $command .= " " . wfEscapeShellArg( $file ); } else { @@ -790,7 +823,7 @@ # execute virus scanner $exitCode = false; - #NOTE: there's a 50 line workaround to make stderr redirection work on windows, too. + # NOTE: there's a 50 line workaround to make stderr redirection work on windows, too. # that does not seem to be worth the pain. # Ask me (Duesentrieb) about it if it's ever needed. $output = wfShellExec( "$command 2>&1", $exitCode ); @@ -814,11 +847,11 @@ } else { return null; } - } else if ( $mappedCode === AV_SCAN_ABORTED ) { + } elseif ( $mappedCode === AV_SCAN_ABORTED ) { # scan failed because filetype is unknown (probably imune) wfDebug( __METHOD__ . ": unsupported file type $file (code $exitCode).\n" ); return null; - } else if ( $mappedCode === AV_NO_VIRUS ) { + } elseif ( $mappedCode === AV_NO_VIRUS ) { # no virus found wfDebug( __METHOD__ . ": file passed virus scan.\n" ); return false; @@ -846,8 +879,6 @@ * from Internet Explorer on Mac OS Classic and Mac OS X will be. * If so, the data fork will be extracted to a second temporary file, * which will then be checked for validity and either kept or discarded. - * - * @access private */ private function checkMacBinary() { $macbin = new MacBinary( $this->mTempPath ); @@ -872,25 +903,26 @@ * forbid this user from performing the upload. * * @return mixed true on success, error string on failure - * @access private */ private function checkOverwrite() { global $wgUser; // First check whether the local file can be overwritten $file = $this->getLocalFile(); if( $file->exists() ) { - if( !self::userCanReUpload( $wgUser, $file ) ) + if( !self::userCanReUpload( $wgUser, $file ) ) { return 'fileexists-forbidden'; - else + } else { return true; + } } /* Check shared conflicts: if the local file does not exist, but * wfFindFile finds a file, it exists in a shared repository. */ $file = wfFindFile( $this->getTitle() ); - if ( $file && !$wgUser->isAllowed( 'reupload-shared' ) ) + if ( $file && !$wgUser->isAllowed( 'reupload-shared' ) ) { return 'fileexists-shared-forbidden'; + } return true; } @@ -903,14 +935,18 @@ * @return bool */ public static function userCanReUpload( User $user, $img ) { - if( $user->isAllowed( 'reupload' ) ) + if( $user->isAllowed( 'reupload' ) ) { return true; // non-conditional - if( !$user->isAllowed( 'reupload-own' ) ) + } + if( !$user->isAllowed( 'reupload-own' ) ) { return false; - if( is_string( $img ) ) + } + if( is_string( $img ) ) { $img = wfLocalFile( $img ); - if ( !( $img instanceof LocalFile ) ) + } + if ( !( $img instanceof LocalFile ) ) { return false; + } return $user->getId() == $img->getUser( 'id' ); } @@ -927,14 +963,17 @@ * @return mixed False if the file does not exists, else an array */ public static function getExistsWarning( $file ) { - if( $file->exists() ) + if( $file->exists() ) { return array( 'warning' => 'exists', 'file' => $file ); + } - if( $file->getTitle()->getArticleID() ) + if( $file->getTitle()->getArticleID() ) { return array( 'warning' => 'page-exists', 'file' => $file ); + } - if ( $file->wasDeleted() && !$file->exists() ) + if ( $file->wasDeleted() && !$file->exists() ) { return array( 'warning' => 'was-deleted', 'file' => $file ); + } if( strpos( $file->getName(), '.' ) == false ) { $partname = $file->getName(); @@ -955,29 +994,46 @@ $nt_lc = Title::makeTitle( NS_FILE, "{$partname}.{$normalizedExtension}" ); $file_lc = wfLocalFile( $nt_lc ); - if( $file_lc->exists() ) - return array( 'warning' => 'exists-normalized', 'file' => $file, 'normalizedFile' => $file_lc ); + if( $file_lc->exists() ) { + return array( + 'warning' => 'exists-normalized', + 'file' => $file, + 'normalizedFile' => $file_lc + ); + } } if ( self::isThumbName( $file->getName() ) ) { # Check for filenames like 50px- or 180px-, these are mostly thumbnails $nt_thb = Title::newFromText( substr( $partname , strpos( $partname , '-' ) +1 ) . '.' . $extension, NS_FILE ); $file_thb = wfLocalFile( $nt_thb ); - if( $file_thb->exists() ) - return array( 'warning' => 'thumb', 'file' => $file, 'thumbFile' => $file_thb ); - else + if( $file_thb->exists() ) { + return array( + 'warning' => 'thumb', + 'file' => $file, + 'thumbFile' => $file_thb + ); + } else { // File does not exist, but we just don't like the name - return array( 'warning' => 'thumb-name', 'file' => $file, 'thumbFile' => $file_thb ); + return array( + 'warning' => 'thumb-name', + 'file' => $file, + 'thumbFile' => $file_thb + ); + } } foreach( self::getFilenamePrefixBlacklist() as $prefix ) { - if ( substr( $partname, 0, strlen( $prefix ) ) == $prefix ) - return array( 'warning' => 'bad-prefix', 'file' => $file, 'prefix' => $prefix ); + if ( substr( $partname, 0, strlen( $prefix ) ) == $prefix ) { + return array( + 'warning' => 'bad-prefix', + 'file' => $file, + 'prefix' => $prefix + ); + } } - - return false; } @@ -995,7 +1051,7 @@ } /** - * Get a list of blacklisted filename prefixes from [[MediaWiki:filename-prefix-blacklist]] + * Get a list of blacklisted filename prefixes from [[MediaWiki:Filename-prefix-blacklist]] * * @return array list of prefixes */ @@ -1021,7 +1077,7 @@ return $blacklist; } - public function getImageInfo($result) { + public function getImageInfo( $result ) { $file = $this->getLocalFile(); $imParam = ApiQueryImageInfo::getPropertyNames(); return ApiQueryImageInfo::getInfo( $file, array_flip( $imParam ), $result ); _______________________________________________ MediaWiki-CVS mailing list MediaWiki-CVS@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs