1 <?php
31 class UploadFromUrl extends UploadBase {
32  protected $mUrl;
34  protected $mTempPath, $mTmpHandle;
36  protected static $allowedUrls = [];
47  public static function isAllowed( $user ) {
48  if ( !$user->isAllowed( 'upload_by_url' ) ) {
49  return 'upload_by_url';
50  }
52  return parent::isAllowed( $user );
53  }
59  public static function isEnabled() {
62  return $wgAllowCopyUploads && parent::isEnabled();
63  }
73  public static function isAllowedHost( $url ) {
75  if ( !count( $wgCopyUploadsDomains ) ) {
76  return true;
77  }
78  $parsedUrl = wfParseUrl( $url );
79  if ( !$parsedUrl ) {
80  return false;
81  }
82  $valid = false;
83  foreach ( $wgCopyUploadsDomains as $domain ) {
84  // See if the domain for the upload matches this whitelisted domain
85  $whitelistedDomainPieces = explode( '.', $domain );
86  $uploadDomainPieces = explode( '.', $parsedUrl['host'] );
87  if ( count( $whitelistedDomainPieces ) === count( $uploadDomainPieces ) ) {
88  $valid = true;
89  // See if all the pieces match or not (excluding wildcards)
90  foreach ( $whitelistedDomainPieces as $index => $piece ) {
91  if ( $piece !== '*' && $piece !== $uploadDomainPieces[$index] ) {
92  $valid = false;
93  }
94  }
95  if ( $valid ) {
96  // We found a match, so quit comparing against the list
97  break;
98  }
99  }
100  /* Non-wildcard test
101  if ( $parsedUrl['host'] === $domain ) {
102  $valid = true;
103  break;
104  }
105  */
106  }
108  return $valid;
109  }
117  public static function isAllowedUrl( $url ) {
118  if ( !isset( self::$allowedUrls[$url] ) ) {
119  $allowed = true;
120  Hooks::run( 'IsUploadAllowedFromUrl', [ $url, &$allowed ] );
121  self::$allowedUrls[$url] = $allowed;
122  }
124  return self::$allowedUrls[$url];
125  }
134  public function initialize( $name, $url ) {
135  $this->mUrl = $url;
137  $tempPath = $this->makeTemporaryFile();
138  # File size and removeTempFile will be filled in later
139  $this->initializePathInfo( $name, $tempPath, 0, false );
140  }
146  public function initializeFromRequest( &$request ) {
147  $desiredDestName = $request->getText( 'wpDestFile' );
148  if ( !$desiredDestName ) {
149  $desiredDestName = $request->getText( 'wpUploadFileURL' );
150  }
151  $this->initialize(
152  $desiredDestName,
153  trim( $request->getVal( 'wpUploadFileURL' ) ),
154  false
155  );
156  }
162  public static function isValidRequest( $request ) {
163  global $wgUser;
165  $url = $request->getVal( 'wpUploadFileURL' );
167  return !empty( $url )
168  && $wgUser->isAllowed( 'upload_by_url' );
169  }
174  public function getSourceType() {
175  return 'url';
176  }
185  public function fetchFile( $httpOptions = [] ) {
186  if ( !Http::isValidURI( $this->mUrl ) ) {
187  return Status::newFatal( 'http-invalid-url', $this->mUrl );
188  }
190  if ( !self::isAllowedHost( $this->mUrl ) ) {
191  return Status::newFatal( 'upload-copy-upload-invalid-domain' );
192  }
193  if ( !self::isAllowedUrl( $this->mUrl ) ) {
194  return Status::newFatal( 'upload-copy-upload-invalid-url' );
195  }
196  return $this->reallyFetchFile( $httpOptions );
197  }
204  protected function makeTemporaryFile() {
205  $tmpFile = TempFSFile::factory( 'URL' );
206  $tmpFile->bind( $this );
208  return $tmpFile->getPath();
209  }
218  public function saveTempFileChunk( $req, $buffer ) {
219  wfDebugLog( 'fileupload', 'Received chunk of ' . strlen( $buffer ) . ' bytes' );
220  $nbytes = fwrite( $this->mTmpHandle, $buffer );
222  if ( $nbytes == strlen( $buffer ) ) {
223  $this->mFileSize += $nbytes;
224  } else {
225  // Well... that's not good!
226  wfDebugLog(
227  'fileupload',
228  'Short write ' . $this->nbytes . '/' . strlen( $buffer ) .
229  ' bytes, aborting with ' . $this->mFileSize . ' uploaded so far'
230  );
231  fclose( $this->mTmpHandle );
232  $this->mTmpHandle = false;
233  }
235  return $nbytes;
236  }
245  protected function reallyFetchFile( $httpOptions = [] ) {
247  if ( $this->mTempPath === false ) {
248  return Status::newFatal( 'tmp-create-error' );
249  }
251  // Note the temporary file should already be created by makeTemporaryFile()
252  $this->mTmpHandle = fopen( $this->mTempPath, 'wb' );
253  if ( !$this->mTmpHandle ) {
254  return Status::newFatal( 'tmp-create-error' );
255  }
256  wfDebugLog( 'fileupload', 'Temporary file created "' . $this->mTempPath . '"' );
258  $this->mRemoveTempFile = true;
259  $this->mFileSize = 0;
261  $options = $httpOptions + [ 'followRedirects' => true ];
263  if ( $wgCopyUploadProxy !== false ) {
264  $options['proxy'] = $wgCopyUploadProxy;
265  }
267  if ( $wgCopyUploadTimeout && !isset( $options['timeout'] ) ) {
268  $options['timeout'] = $wgCopyUploadTimeout;
269  }
270  wfDebugLog(
271  'fileupload',
272  'Starting download from "' . $this->mUrl . '" ' .
273  '<' . implode( ',', array_keys( array_filter( $options ) ) ) . '>'
274  );
275  $req = MWHttpRequest::factory( $this->mUrl, $options, __METHOD__ );
276  $req->setCallback( [ $this, 'saveTempFileChunk' ] );
277  $status = $req->execute();
279  if ( $this->mTmpHandle ) {
280  // File got written ok...
281  fclose( $this->mTmpHandle );
282  $this->mTmpHandle = null;
283  } else {
284  // We encountered a write error during the download...
285  return Status::newFatal( 'tmp-write-error' );
286  }
288  wfDebugLog( 'fileupload', $status );
289  if ( $status->isOK() ) {
290  wfDebugLog( 'fileupload', 'Download by URL completed successfuly.' );
291  } else {
292  wfDebugLog(
293  'fileupload',
294  'Download by URL completed with HTTP status ' . $req->getStatus()
295  );
296  }
298  return $status;
299  }
300 }
