Merge "Whitelist the <wbr> element."
[mediawiki.git] / includes / upload / UploadStash.php
blobebeb9c188d7214eb1cc6cf1db014917f3661965e
1 <?php
2 /**
3 * Temporary storage for uploaded files.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
20 * @file
21 * @ingroup Upload
24 /**
25 * UploadStash is intended to accomplish a few things:
26 * - enable applications to temporarily stash files without publishing them to the wiki.
27 * - Several parts of MediaWiki do this in similar ways: UploadBase, UploadWizard, and FirefoggChunkedExtension
28 * And there are several that reimplement stashing from scratch, in idiosyncratic ways. The idea is to unify them all here.
29 * Mostly all of them are the same except for storing some custom fields, which we subsume into the data array.
30 * - enable applications to find said files later, as long as the db table or temp files haven't been purged.
31 * - enable the uploading user (and *ONLY* the uploading user) to access said files, and thumbnails of said files, via a URL.
32 * We accomplish this using a database table, with ownership checking as you might expect. See SpecialUploadStash, which
33 * implements a web interface to some files stored this way.
35 * UploadStash right now is *mostly* intended to show you one user's slice of the entire stash. The user parameter is only optional
36 * because there are few cases where we clean out the stash from an automated script. In the future we might refactor this.
38 * UploadStash represents the entire stash of temporary files.
39 * UploadStashFile is a filestore for the actual physical disk files.
40 * UploadFromStash extends UploadBase, and represents a single stashed file as it is moved from the stash to the regular file repository
42 * @ingroup Upload
44 class UploadStash {
46 // Format of the key for files -- has to be suitable as a filename itself (e.g. ab12cd34ef.jpg)
47 const KEY_FORMAT_REGEX = '/^[\w-\.]+\.\w*$/';
49 /**
50 * repository that this uses to store temp files
51 * public because we sometimes need to get a LocalFile within the same repo.
53 * @var LocalRepo
55 public $repo;
57 // array of initialized repo objects
58 protected $files = array();
60 // cache of the file metadata that's stored in the database
61 protected $fileMetadata = array();
63 // fileprops cache
64 protected $fileProps = array();
66 // current user
67 protected $user, $userId, $isLoggedIn;
69 /**
70 * Represents a temporary filestore, with metadata in the database.
71 * Designed to be compatible with the session stashing code in UploadBase
72 * (should replace it eventually).
74 * @param $repo FileRepo
75 * @param $user User (default null)
77 public function __construct( FileRepo $repo, $user = null ) {
78 // this might change based on wiki's configuration.
79 $this->repo = $repo;
81 // if a user was passed, use it. otherwise, attempt to use the global.
82 // this keeps FileRepo from breaking when it creates an UploadStash object
83 if ( $user ) {
84 $this->user = $user;
85 } else {
86 global $wgUser;
87 $this->user = $wgUser;
90 if ( is_object( $this->user ) ) {
91 $this->userId = $this->user->getId();
92 $this->isLoggedIn = $this->user->isLoggedIn();
96 /**
97 * Get a file and its metadata from the stash.
98 * The noAuth param is a bit janky but is required for automated scripts which clean out the stash.
100 * @param string $key key under which file information is stored
101 * @param $noAuth Boolean (optional) Don't check authentication. Used by maintenance scripts.
102 * @throws UploadStashFileNotFoundException
103 * @throws UploadStashNotLoggedInException
104 * @throws UploadStashWrongOwnerException
105 * @throws UploadStashBadPathException
106 * @return UploadStashFile
108 public function getFile( $key, $noAuth = false ) {
109 if ( ! preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
110 throw new UploadStashBadPathException( "key '$key' is not in a proper format" );
113 if ( !$noAuth && !$this->isLoggedIn ) {
114 throw new UploadStashNotLoggedInException( __METHOD__ .
115 ' No user is logged in, files must belong to users' );
118 if ( !isset( $this->fileMetadata[$key] ) ) {
119 if ( !$this->fetchFileMetadata( $key ) ) {
120 // If nothing was received, it's likely due to replication lag. Check the master to see if the record is there.
121 $this->fetchFileMetadata( $key, DB_MASTER );
124 if ( !isset( $this->fileMetadata[$key] ) ) {
125 throw new UploadStashFileNotFoundException( "key '$key' not found in stash" );
128 // create $this->files[$key]
129 $this->initFile( $key );
131 // fetch fileprops
132 if ( strlen( $this->fileMetadata[$key]['us_props'] ) ) {
133 $this->fileProps[$key] = unserialize( $this->fileMetadata[$key]['us_props'] );
134 } else { // b/c for rows with no us_props
135 wfDebug( __METHOD__ . " fetched props for $key from file\n" );
136 $path = $this->fileMetadata[$key]['us_path'];
137 $this->fileProps[$key] = $this->repo->getFileProps( $path );
141 if ( ! $this->files[$key]->exists() ) {
142 wfDebug( __METHOD__ . " tried to get file at $key, but it doesn't exist\n" );
143 throw new UploadStashBadPathException( "path doesn't exist" );
146 if ( !$noAuth ) {
147 if ( $this->fileMetadata[$key]['us_user'] != $this->userId ) {
148 throw new UploadStashWrongOwnerException( "This file ($key) doesn't belong to the current user." );
152 return $this->files[$key];
156 * Getter for file metadata.
158 * @param string $key key under which file information is stored
159 * @return Array
161 public function getMetadata( $key ) {
162 $this->getFile( $key );
163 return $this->fileMetadata[$key];
167 * Getter for fileProps
169 * @param string $key key under which file information is stored
170 * @return Array
172 public function getFileProps( $key ) {
173 $this->getFile( $key );
174 return $this->fileProps[$key];
178 * Stash a file in a temp directory and record that we did this in the database, along with other metadata.
180 * @param string $path path to file you want stashed
181 * @param string $sourceType the type of upload that generated this file (currently, I believe, 'file' or null)
182 * @throws UploadStashBadPathException
183 * @throws UploadStashFileException
184 * @throws UploadStashNotLoggedInException
185 * @return UploadStashFile: file, or null on failure
187 public function stashFile( $path, $sourceType = null ) {
188 if ( !is_file( $path ) ) {
189 wfDebug( __METHOD__ . " tried to stash file at '$path', but it doesn't exist\n" );
190 throw new UploadStashBadPathException( "path doesn't exist" );
192 $fileProps = FSFile::getPropsFromPath( $path );
193 wfDebug( __METHOD__ . " stashing file at '$path'\n" );
195 // we will be initializing from some tmpnam files that don't have extensions.
196 // most of MediaWiki assumes all uploaded files have good extensions. So, we fix this.
197 $extension = self::getExtensionForPath( $path );
198 if ( !preg_match( "/\\.\\Q$extension\\E$/", $path ) ) {
199 $pathWithGoodExtension = "$path.$extension";
200 } else {
201 $pathWithGoodExtension = $path;
204 // If no key was supplied, make one. a mysql insertid would be totally reasonable here, except
205 // that for historical reasons, the key is this random thing instead. At least it's not guessable.
207 // some things that when combined will make a suitably unique key.
208 // see: http://www.jwz.org/doc/mid.html
209 list( $usec, $sec ) = explode( ' ', microtime() );
210 $usec = substr( $usec, 2 );
211 $key = wfBaseConvert( $sec . $usec, 10, 36 ) . '.' .
212 wfBaseConvert( mt_rand(), 10, 36 ) . '.' .
213 $this->userId . '.' .
214 $extension;
216 $this->fileProps[$key] = $fileProps;
218 if ( ! preg_match( self::KEY_FORMAT_REGEX, $key ) ) {
219 throw new UploadStashBadPathException( "key '$key' is not in a proper format" );
222 wfDebug( __METHOD__ . " key for '$path': $key\n" );
224 // if not already in a temporary area, put it there
225 $storeStatus = $this->repo->storeTemp( basename( $pathWithGoodExtension ), $path );
227 if ( ! $storeStatus->isOK() ) {
228 // It is a convention in MediaWiki to only return one error per API exception, even if multiple errors
229 // are available. We use reset() to pick the "first" thing that was wrong, preferring errors to warnings.
230 // This is a bit lame, as we may have more info in the $storeStatus and we're throwing it away, but to fix it means
231 // redesigning API errors significantly.
232 // $storeStatus->value just contains the virtual URL (if anything) which is probably useless to the caller
233 $error = $storeStatus->getErrorsArray();
234 $error = reset( $error );
235 if ( ! count( $error ) ) {
236 $error = $storeStatus->getWarningsArray();
237 $error = reset( $error );
238 if ( ! count( $error ) ) {
239 $error = array( 'unknown', 'no error recorded' );
242 // at this point, $error should contain the single "most important" error, plus any parameters.
243 $errorMsg = array_shift( $error );
244 throw new UploadStashFileException( "Error storing file in '$path': " . wfMessage( $errorMsg, $error )->text() );
246 $stashPath = $storeStatus->value;
248 // fetch the current user ID
249 if ( !$this->isLoggedIn ) {
250 throw new UploadStashNotLoggedInException( __METHOD__ . ' No user is logged in, files must belong to users' );
253 // insert the file metadata into the db.
254 wfDebug( __METHOD__ . " inserting $stashPath under $key\n" );
255 $dbw = $this->repo->getMasterDb();
257 $this->fileMetadata[$key] = array(
258 'us_id' => $dbw->nextSequenceValue( 'uploadstash_us_id_seq' ),
259 'us_user' => $this->userId,
260 'us_key' => $key,
261 'us_orig_path' => $path,
262 'us_path' => $stashPath, // virtual URL
263 'us_props' => serialize( $fileProps ),
264 'us_size' => $fileProps['size'],
265 'us_sha1' => $fileProps['sha1'],
266 'us_mime' => $fileProps['mime'],
267 'us_media_type' => $fileProps['media_type'],
268 'us_image_width' => $fileProps['width'],
269 'us_image_height' => $fileProps['height'],
270 'us_image_bits' => $fileProps['bits'],
271 'us_source_type' => $sourceType,
272 'us_timestamp' => $dbw->timestamp(),
273 'us_status' => 'finished'
276 $dbw->insert(
277 'uploadstash',
278 $this->fileMetadata[$key],
279 __METHOD__
282 // store the insertid in the class variable so immediate retrieval (possibly laggy) isn't necesary.
283 $this->fileMetadata[$key]['us_id'] = $dbw->insertId();
285 # create the UploadStashFile object for this file.
286 $this->initFile( $key );
288 return $this->getFile( $key );
292 * Remove all files from the stash.
293 * Does not clean up files in the repo, just the record of them.
295 * @throws UploadStashNotLoggedInException
296 * @return boolean: success
298 public function clear() {
299 if ( !$this->isLoggedIn ) {
300 throw new UploadStashNotLoggedInException( __METHOD__ . ' No user is logged in, files must belong to users' );
303 wfDebug( __METHOD__ . ' clearing all rows for user ' . $this->userId . "\n" );
304 $dbw = $this->repo->getMasterDb();
305 $dbw->delete(
306 'uploadstash',
307 array( 'us_user' => $this->userId ),
308 __METHOD__
311 # destroy objects.
312 $this->files = array();
313 $this->fileMetadata = array();
315 return true;
319 * Remove a particular file from the stash. Also removes it from the repo.
321 * @param $key
322 * @throws UploadStashNoSuchKeyException|UploadStashNotLoggedInException|UploadStashWrongOwnerException
323 * @return boolean: success
325 public function removeFile( $key ) {
326 if ( !$this->isLoggedIn ) {
327 throw new UploadStashNotLoggedInException( __METHOD__ . ' No user is logged in, files must belong to users' );
330 $dbw = $this->repo->getMasterDb();
332 // this is a cheap query. it runs on the master so that this function still works when there's lag.
333 // it won't be called all that often.
334 $row = $dbw->selectRow(
335 'uploadstash',
336 'us_user',
337 array( 'us_key' => $key ),
338 __METHOD__
341 if ( !$row ) {
342 throw new UploadStashNoSuchKeyException( "No such key ($key), cannot remove" );
345 if ( $row->us_user != $this->userId ) {
346 throw new UploadStashWrongOwnerException( "Can't delete: the file ($key) doesn't belong to this user." );
349 return $this->removeFileNoAuth( $key );
353 * Remove a file (see removeFile), but doesn't check ownership first.
355 * @return boolean: success
357 public function removeFileNoAuth( $key ) {
358 wfDebug( __METHOD__ . " clearing row $key\n" );
360 // Ensure we have the UploadStashFile loaded for this key
361 $this->getFile( $key );
363 $dbw = $this->repo->getMasterDb();
365 $dbw->delete(
366 'uploadstash',
367 array( 'us_key' => $key ),
368 __METHOD__
371 // TODO: look into UnregisteredLocalFile and find out why the rv here is sometimes wrong (false when file was removed)
372 // for now, ignore.
373 $this->files[$key]->remove();
375 unset( $this->files[$key] );
376 unset( $this->fileMetadata[$key] );
378 return true;
382 * List all files in the stash.
384 * @throws UploadStashNotLoggedInException
385 * @return Array
387 public function listFiles() {
388 if ( !$this->isLoggedIn ) {
389 throw new UploadStashNotLoggedInException( __METHOD__ . ' No user is logged in, files must belong to users' );
392 $dbr = $this->repo->getSlaveDb();
393 $res = $dbr->select(
394 'uploadstash',
395 'us_key',
396 array( 'us_user' => $this->userId ),
397 __METHOD__
400 if ( !is_object( $res ) || $res->numRows() == 0 ) {
401 // nothing to do.
402 return false;
405 // finish the read before starting writes.
406 $keys = array();
407 foreach ( $res as $row ) {
408 array_push( $keys, $row->us_key );
411 return $keys;
415 * Find or guess extension -- ensuring that our extension matches our mime type.
416 * Since these files are constructed from php tempnames they may not start off
417 * with an extension.
418 * XXX this is somewhat redundant with the checks that ApiUpload.php does with incoming
419 * uploads versus the desired filename. Maybe we can get that passed to us...
420 * @param $path
421 * @throws UploadStashFileException
422 * @return string
424 public static function getExtensionForPath( $path ) {
425 global $wgFileBlacklist;
426 // Does this have an extension?
427 $n = strrpos( $path, '.' );
428 $extension = null;
429 if ( $n !== false ) {
430 $extension = $n ? substr( $path, $n + 1 ) : '';
431 } else {
432 // If not, assume that it should be related to the mime type of the original file.
433 $magic = MimeMagic::singleton();
434 $mimeType = $magic->guessMimeType( $path );
435 $extensions = explode( ' ', MimeMagic::singleton()->getExtensionsForType( $mimeType ) );
436 if ( count( $extensions ) ) {
437 $extension = $extensions[0];
441 if ( is_null( $extension ) ) {
442 throw new UploadStashFileException( "extension is null" );
445 $extension = File::normalizeExtension( $extension );
446 if ( in_array( $extension, $wgFileBlacklist ) ) {
447 // The file should already be checked for being evil.
448 // However, if somehow we got here, we definitely
449 // don't want to give it an extension of .php and
450 // put it in a web accesible directory.
451 return '';
453 return $extension;
457 * Helper function: do the actual database query to fetch file metadata.
459 * @param string $key key
460 * @param $readFromDB: constant (default: DB_SLAVE)
461 * @return boolean
463 protected function fetchFileMetadata( $key, $readFromDB = DB_SLAVE ) {
464 // populate $fileMetadata[$key]
465 $dbr = null;
466 if ( $readFromDB === DB_MASTER ) {
467 // sometimes reading from the master is necessary, if there's replication lag.
468 $dbr = $this->repo->getMasterDb();
469 } else {
470 $dbr = $this->repo->getSlaveDb();
473 $row = $dbr->selectRow(
474 'uploadstash',
475 '*',
476 array( 'us_key' => $key ),
477 __METHOD__
480 if ( !is_object( $row ) ) {
481 // key wasn't present in the database. this will happen sometimes.
482 return false;
485 $this->fileMetadata[$key] = (array)$row;
487 return true;
491 * Helper function: Initialize the UploadStashFile for a given file.
493 * @param string $key key under which to store the object
494 * @throws UploadStashZeroLengthFileException
495 * @return bool
497 protected function initFile( $key ) {
498 $file = new UploadStashFile( $this->repo, $this->fileMetadata[$key]['us_path'], $key );
499 if ( $file->getSize() === 0 ) {
500 throw new UploadStashZeroLengthFileException( "File is zero length" );
502 $this->files[$key] = $file;
503 return true;
507 class UploadStashFile extends UnregisteredLocalFile {
508 private $fileKey;
509 private $urlName;
510 protected $url;
513 * A LocalFile wrapper around a file that has been temporarily stashed, so we can do things like create thumbnails for it
514 * Arguably UnregisteredLocalFile should be handling its own file repo but that class is a bit retarded currently
516 * @param $repo FileRepo: repository where we should find the path
517 * @param string $path path to file
518 * @param string $key key to store the path and any stashed data under
519 * @throws UploadStashBadPathException
520 * @throws UploadStashFileNotFoundException
522 public function __construct( $repo, $path, $key ) {
523 $this->fileKey = $key;
525 // resolve mwrepo:// urls
526 if ( $repo->isVirtualUrl( $path ) ) {
527 $path = $repo->resolveVirtualUrl( $path );
528 } else {
530 // check if path appears to be sane, no parent traversals, and is in this repo's temp zone.
531 $repoTempPath = $repo->getZonePath( 'temp' );
532 if ( ( ! $repo->validateFilename( $path ) ) ||
533 ( strpos( $path, $repoTempPath ) !== 0 ) ) {
534 wfDebug( "UploadStash: tried to construct an UploadStashFile from a file that should already exist at '$path', but path is not valid\n" );
535 throw new UploadStashBadPathException( 'path is not valid' );
538 // check if path exists! and is a plain file.
539 if ( ! $repo->fileExists( $path ) ) {
540 wfDebug( "UploadStash: tried to construct an UploadStashFile from a file that should already exist at '$path', but path is not found\n" );
541 throw new UploadStashFileNotFoundException( 'cannot find path, or not a plain file' );
545 parent::__construct( false, $repo, $path, false );
547 $this->name = basename( $this->path );
551 * A method needed by the file transforming and scaling routines in File.php
552 * We do not necessarily care about doing the description at this point
553 * However, we also can't return the empty string, as the rest of MediaWiki demands this (and calls to imagemagick
554 * convert require it to be there)
556 * @return String: dummy value
558 public function getDescriptionUrl() {
559 return $this->getUrl();
563 * Get the path for the thumbnail (actually any transformation of this file)
564 * The actual argument is the result of thumbName although we seem to have
565 * buggy code elsewhere that expects a boolean 'suffix'
567 * @param string $thumbName name of thumbnail (e.g. "120px-123456.jpg" ), or false to just get the path
568 * @return String: path thumbnail should take on filesystem, or containing directory if thumbname is false
570 public function getThumbPath( $thumbName = false ) {
571 $path = dirname( $this->path );
572 if ( $thumbName !== false ) {
573 $path .= "/$thumbName";
575 return $path;
579 * Return the file/url base name of a thumbnail with the specified parameters.
580 * We override this because we want to use the pretty url name instead of the
581 * ugly file name.
583 * @param array $params handler-specific parameters
584 * @param $flags integer Bitfield that supports THUMB_* constants
585 * @return String: base name for URL, like '120px-12345.jpg', or null if there is no handler
587 function thumbName( $params, $flags = 0 ) {
588 return $this->generateThumbName( $this->getUrlName(), $params );
592 * Helper function -- given a 'subpage', return the local URL e.g. /wiki/Special:UploadStash/subpage
593 * @param $subPage String
594 * @return String: local URL for this subpage in the Special:UploadStash space.
596 private function getSpecialUrl( $subPage ) {
597 return SpecialPage::getTitleFor( 'UploadStash', $subPage )->getLocalURL();
601 * Get a URL to access the thumbnail
602 * This is required because the model of how files work requires that
603 * the thumbnail urls be predictable. However, in our model the URL is not based on the filename
604 * (that's hidden in the db)
606 * @param string $thumbName basename of thumbnail file -- however, we don't want to use the file exactly
607 * @return String: URL to access thumbnail, or URL with partial path
609 public function getThumbUrl( $thumbName = false ) {
610 wfDebug( __METHOD__ . " getting for $thumbName \n" );
611 return $this->getSpecialUrl( 'thumb/' . $this->getUrlName() . '/' . $thumbName );
615 * The basename for the URL, which we want to not be related to the filename.
616 * Will also be used as the lookup key for a thumbnail file.
618 * @return String: base url name, like '120px-123456.jpg'
620 public function getUrlName() {
621 if ( ! $this->urlName ) {
622 $this->urlName = $this->fileKey;
624 return $this->urlName;
628 * Return the URL of the file, if for some reason we wanted to download it
629 * We tend not to do this for the original file, but we do want thumb icons
631 * @return String: url
633 public function getUrl() {
634 if ( !isset( $this->url ) ) {
635 $this->url = $this->getSpecialUrl( 'file/' . $this->getUrlName() );
637 return $this->url;
641 * Parent classes use this method, for no obvious reason, to return the path (relative to wiki root, I assume).
642 * But with this class, the URL is unrelated to the path.
644 * @return String: url
646 public function getFullUrl() {
647 return $this->getUrl();
651 * Getter for file key (the unique id by which this file's location & metadata is stored in the db)
653 * @return String: file key
655 public function getFileKey() {
656 return $this->fileKey;
660 * Remove the associated temporary file
661 * @return Status: success
663 public function remove() {
664 if ( !$this->repo->fileExists( $this->path ) ) {
665 // Maybe the file's already been removed? This could totally happen in UploadBase.
666 return true;
669 return $this->repo->freeTemp( $this->path );
672 public function exists() {
673 return $this->repo->fileExists( $this->path );
678 class UploadStashException extends MWException {};
679 class UploadStashNotAvailableException extends UploadStashException {};
680 class UploadStashFileNotFoundException extends UploadStashException {};
681 class UploadStashBadPathException extends UploadStashException {};
682 class UploadStashFileException extends UploadStashException {};
683 class UploadStashZeroLengthFileException extends UploadStashException {};
684 class UploadStashNotLoggedInException extends UploadStashException {};
685 class UploadStashWrongOwnerException extends UploadStashException {};
686 class UploadStashNoSuchKeyException extends UploadStashException {};