MediaWiki r16162 - Code Review

Jump to: navigation, search
Repository:MediaWiki
Revision:r16161‎ | r16162 (on ViewVC)‎ | r16163 >
Date:12:37, 22 August 2006
Author:magnusmanske
Status:old
Tags:
Comment:
Switched URL upload function to CURL
10 sec timeout, 0.5KB/sec minimum transfer rate
Default URL upload permission for sysops only
Modified paths:

Diff [purge]

Index: trunk/phase3/includes/SpecialUpload.php
@@ -108,23 +108,60 @@
109109 * @access private
110110 */
111111 function initialize_web_file( &$request ) {
112 - global $wgTmpDirectory, $wgMaxUploadSize;
 112+ global $wgTmpDirectory, $wgMaxUploadSize, $wgUploadTempFileSize;
113113 $url = $request->getText( 'wpUploadFile' );
114114 $local_file = tempnam( $wgTmpDirectory, 'WEBUPLOAD' );
115115
116 - if ( $wgMaxUploadSize < @filesize ( $url ) ) $error = true ;
117 - else $error = !@copy( $url, $local_file );
118 -
119116 $this->mUploadTempName = $local_file;
120 - $this->mUploadSize = filesize( $local_file );
 117+ $this->mUploadError = $this->curl_copy( $url, $local_file );
 118+ $this->mUploadSize = $wgUploadTempFileSize ;
121119 $this->mOname = array_pop( explode( '/', $url ) );
122 - $this->mUploadError = $error;
123120 $this->mSessionKey = false;
124121 $this->mStashed = false;
125 - $this->mRemoveTempFile = false; // PHP will *not* handle this
 122+ $this->mRemoveTempFile = file_exists( $local_file ) ; // PHP will *not* handle this
126123 }
127124
128125 /**
 126+ * Safe copy from URL
 127+ * Returns true if there was an error, false otherwise
 128+ * @access private
 129+ */
 130+ function curl_copy ( $url , $dest ) {
 131+ global $wgMaxUploadSize, $wgUploadTempFile, $wgUploadTempFileSize, $wgUser;
 132+
 133+ if( !$wgUser->isAllowed( 'upload_by_url' ) ) {
 134+ $wgOut->permissionRequired( 'upload_by_url' );
 135+ return true;
 136+ }
 137+
 138+ $url = trim ( $url ) ; # Maybe remove some pasting blanks :-)
 139+ $u = strtolower ( $url ) ;
 140+ if( substr( $u, 0, 7 ) != 'http://' AND substr( $u, 0, 6 ) != 'ftp://' ) return true ; # Only HTTP or FTP URLs
 141+
 142+ # Open temporary file
 143+ $wgUploadTempFileSize = 0 ;
 144+ $wgUploadTempFile = @fopen ( $this->mUploadTempName , "wb" ) ;
 145+ if ( $wgUploadTempFile === false ) return true ; # Could not open temporary file to write in
 146+
 147+ $ch = curl_init();
 148+ curl_setopt ($ch, CURLOPT_HTTP_VERSION, 1.0); # Probably not needed, but apparently can work around some bug
 149+ curl_setopt ($ch, CURLOPT_TIMEOUT, 10); # 10 seconds timeout
 150+ curl_setopt ($ch, CURLOPT_LOW_SPEED_LIMIT, 512); # 0.5KB per second minimum transfer speed
 151+ curl_setopt ($ch, CURLOPT_URL, $url);
 152+ curl_setopt ($ch, CURLOPT_WRITEFUNCTION, 'wfUploadCurlCallback' ) ;
 153+ curl_exec ( $ch ) ;
 154+ $error = curl_errno ( $ch ) ? true : false ;
 155+# if ( $error ) print curl_error ( $ch ) ; # Debugging output
 156+ curl_close ($ch);
 157+
 158+ fclose ( $wgUploadTempFile ) ;
 159+ unset ( $wgUploadTempFile ) ;
 160+ if ( $error ) unlink ( $dest ) ;
 161+
 162+ return $error ;
 163+ }
 164+
 165+ /**
129166 * Start doing stuff
130167 * @access public
131168 */
@@ -458,12 +495,15 @@
459496 * @access private
460497 */
461498 function saveTempUploadedFile( $saveName, $tempName ) {
462 - global $wgOut;
 499+ global $wgOut, $wgAllowCopyUploads;
463500 $archive = wfImageArchiveDir( $saveName, 'temp' );
464501 if ( !is_dir ( $archive ) ) wfMkdirParents( $archive );
465502 $stash = $archive . '/' . gmdate( "YmdHis" ) . '!' . $saveName;
466503
467 - $success = $this->mRemoveTempFile
 504+ $remove_file = $this->mRemoveTempFile ;
 505+ if ( !$remove_file AND $wgAllowCopyUploads AND $this->mSourceType == 'web' ) $remove_file = true;
 506+
 507+ $success = $remove_file
468508 ? rename( $tempName, $stash )
469509 : move_uploaded_file( $tempName, $stash );
470510 if ( !$success ) {
@@ -661,8 +701,8 @@
662702 $watchChecked = $wgUser->getOption( 'watchdefault' )
663703 ? 'checked="checked"'
664704 : '';
665 -
666 - if ( $wgAllowCopyUploads AND $wgRequest->getText('source') == 'web' ) {
 705+
 706+ if ( $wgAllowCopyUploads AND $wgRequest->getText('source') == 'web' AND $wgUser->isAllowed( 'upload_by_url' ) ) {
667707 $sourcetype = 'text';
668708 $source_comment = '<input type="hidden" name="wpSourceType" value="web"/>' . wfMsgHtml( 'upload_source_url' );
669709 } else {
@@ -1152,4 +1192,20 @@
11531193 }
11541194
11551195 }
 1196+
 1197+/**
 1198+ * Callback function for CURL-based web transfer
 1199+ * Apparently needs to be global
 1200+ * @access private
 1201+ */
 1202+function wfUploadCurlCallback ($ch, $data) {
 1203+ global $wgUploadTempFile, $wgMaxUploadSize, $wgUploadTempFileSize;
 1204+ $length = strlen($data);
 1205+ $wgUploadTempFileSize += $length;
 1206+ if( $wgUploadTempFileSize > $wgMaxUploadSize ) return 0;
 1207+ fwrite( $wgUploadTempFile , $data );
 1208+ return $length;
 1209+}
 1210+
 1211+
11561212 ?>
Index: trunk/phase3/includes/DefaultSettings.php
@@ -908,7 +908,7 @@
909909 $wgGroupPermissions['sysop']['block'] = true;
910910 $wgGroupPermissions['sysop']['createaccount'] = true;
911911 $wgGroupPermissions['sysop']['delete'] = true;
912 -$wgGroupPermissions['sysop']['deletedhistory'] = true; // can view deleted history entries, but not see or restore the text
 912+$wgGroupPermissions['sysop']['deletedhistory'] = true; // can view deleted history entries, but not see or restore the text
913913 $wgGroupPermissions['sysop']['editinterface'] = true;
914914 $wgGroupPermissions['sysop']['import'] = true;
915915 $wgGroupPermissions['sysop']['importupload'] = true;
@@ -921,8 +921,9 @@
922922 $wgGroupPermissions['sysop']['upload'] = true;
923923 $wgGroupPermissions['sysop']['reupload'] = true;
924924 $wgGroupPermissions['sysop']['reupload-shared'] = true;
925 -$wgGroupPermissions['sysop']['unwatchedpages'] = true;
 925+$wgGroupPermissions['sysop']['unwatchedpages'] = true;
926926 $wgGroupPermissions['sysop']['autoconfirmed'] = true;
 927+$wgGroupPermissions['sysop']['upload_by_url'] = true;
927928
928929 // Permission to change users' group assignments
929930 $wgGroupPermissions['bureaucrat']['userrights'] = true;
Index: trunk/phase3/RELEASE-NOTES
@@ -148,7 +148,7 @@
149149 * Pass page title as parameters to "linkshere" and "nolinkshere" and update
150150 default message text
151151 * Allows to upload from publicy accessible URL. Set $wgAllowCopyUploads = true ; in LocalSettings.php
152 - Limited to $wgMaxUploadSize (default:100MB)
 152+ Limited to $wgMaxUploadSize (default:100MB); URL upload is limited to sysops by default
153153
154154 == Languages updated ==
155155
Retrieved from "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/16162"