[MediaWiki-CVS] SVN: [58291] trunk/phase3/includes/api/ApiUpload.php

Wed, 28 Oct 2009 15:23:38 -0700 

http://www.mediawiki.org/wiki/Special:Code/MediaWiki/58291

Revision: 58291
Author:   btongminh
Date:     2009-10-28 22:23:00 +0000 (Wed, 28 Oct 2009)

Log Message:
-----------
* Validate sessionkey for stashed uploads
* (bug 21235) Switch around fetchfileerror to the proper order

Modified Paths:
--------------
    trunk/phase3/includes/api/ApiUpload.php

Modified: trunk/phase3/includes/api/ApiUpload.php
===================================================================
--- trunk/phase3/includes/api/ApiUpload.php     2009-10-28 21:53:51 UTC (rev 
58290)
+++ trunk/phase3/includes/api/ApiUpload.php     2009-10-28 22:23:00 UTC (rev 
58291)
@@ -73,11 +73,13 @@
                        if( isset( $status['error'] ) )
                                $this->dieUsageMsg( $status['error'] );
 
-               } elseif ( isset( $this->mParams['internalhttpsession'] ) && 
$this->mParams['internalhttpsession'] ) {
+               } elseif ( !empty( $this->mParams['internalhttpsession'] )  ) {
+                       /**
+                        * Internal http mode
+                        */
+                       
                        $sd = & $_SESSION['wsDownload'][ 
$this->mParams['internalhttpsession'] ];
 
-                       //wfDebug("InternalHTTP:: " . print_r($this->mParams, 
true));
-                       // get the params from the init session:
                        $this->mUpload = new UploadFromFile();
 
                        $this->mUpload->initialize( $this->mParams['filename'],
@@ -113,6 +115,10 @@
                        /**
                         * Upload stashed in a previous request
                         */
+                       // Check the session key
+                       if( !isset( 
$_SESSION['wsUploadData'][$this->mParams['sessionkey']] ) )
+                                       return $this->dieUsageMsg( array( 
'invalid-session-key' ) );
+                       
                        $this->mUpload = new UploadFromStash();
                        $this->mUpload->initialize( $this->mParams['filename'],
                                        
$_SESSION['wsUploadData'][$this->mParams['sessionkey']] );
@@ -148,7 +154,7 @@
 
                                $status = $this->mUpload->fetchFile();
                                if( !$status->isOK() ) {
-                                       return $this->dieUsage( 
'fetchfileerror', $status->getWikiText() );
+                                       return $this->dieUsage( 
$status->getWikiText(),  'fetchfileerror' );
                                }
 
                                // check if we doing a async request set 
session info and return the upload_session_key)
@@ -164,8 +170,8 @@
                                        $sd['mParams'] = $this->mParams;
 
                                        return $this->getResult()->addValue( 
null, $this->getModuleName(),
-                                                                       array( 
'upload_session_key' => $upload_session_key
-                                                       ));
+                                                                       array( 
'upload_session_key' => $upload_session_key ) 
+                                       );
                                }
                        }
                }
@@ -193,6 +199,7 @@
                // Perform the upload
                $result = $this->performUpload();
                // Cleanup any temporary mess
+               // FIXME: This should be in a try .. finally block with 
performUpload
                $this->mUpload->cleanupTempFile();
                $this->getResult()->addValue( null, $this->getModuleName(), 
$result );
        }



_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs

Reply via email to