UploadFromUrl - Code Metrics - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

UploadFromUrl B
last analyzed 2016-11-13 17:42 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	270
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	8

Importance

Changes

Metric	Value
dl	0
loc	270
rs	8.8
c	0
b	0
f	0
wmc	36
lcom	1
cbo	8

12 Methods

Rating	Name	Size	Complexity
A	isAllowed()	7	2
A	isEnabled()	5	2
D	isAllowedHost()	37	9
A	isAllowedUrl()	9	2
A	initialize()	7	1
A	initializeFromRequest()	11	2
A	isValidRequest()	8	2
A	getSourceType()	3	1
A	fetchFile()	13	4
A	makeTemporaryFile()	6	1
A	saveTempFileChunk()	19	2
B	reallyFetchFile()	55	8

<?php
/**
 * Backend for uploading files from a HTTP resource.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 * @ingroup Upload
 */

/**
 * Implements uploading from a HTTP resource.
 *
 * @ingroup Upload
 * @author Bryan Tong Minh
 * @author Michael Dale
 */
class UploadFromUrl extends UploadBase {
	protected $mUrl;

	protected $mTempPath, $mTmpHandle;


	protected static $allowedUrls = [];

	/**
	 * Checks if the user is allowed to use the upload-by-URL feature. If the
	 * user is not allowed, return the name of the user right as a string. If
	 * the user is allowed, have the parent do further permissions checking.
	 *
	 * @param User $user
	 *
	 * @return bool|string
	 */
	public static function isAllowed( $user ) {
		if ( !$user->isAllowed( 'upload_by_url' ) ) {
			return 'upload_by_url';
		}

		return parent::isAllowed( $user );
	}

	/**
	 * Checks if the upload from URL feature is enabled
	 * @return bool
	 */
	public static function isEnabled() {
		global $wgAllowCopyUploads;

		return $wgAllowCopyUploads && parent::isEnabled();
	}

	/**
	 * Checks whether the URL is for an allowed host
	 * The domains in the whitelist can include wildcard characters (*) in place
	 * of any of the domain levels, e.g. '*.flickr.com' or 'upload.*.gov.uk'.
	 *
	 * @param string $url
	 * @return bool
	 */
	public static function isAllowedHost( $url ) {
		global $wgCopyUploadsDomains;
		if ( !count( $wgCopyUploadsDomains ) ) {
			return true;
		}
		$parsedUrl = wfParseUrl( $url );
		if ( !$parsedUrl ) {
			return false;
		}
		$valid = false;
		foreach ( $wgCopyUploadsDomains as $domain ) {
			// See if the domain for the upload matches this whitelisted domain
			$whitelistedDomainPieces = explode( '.', $domain );
			$uploadDomainPieces = explode( '.', $parsedUrl['host'] );
			if ( count( $whitelistedDomainPieces ) === count( $uploadDomainPieces ) ) {
				$valid = true;
				// See if all the pieces match or not (excluding wildcards)
				foreach ( $whitelistedDomainPieces as $index => $piece ) {
					if ( $piece !== '*' && $piece !== $uploadDomainPieces[$index] ) {
						$valid = false;
					}
				}
				if ( $valid ) {
					// We found a match, so quit comparing against the list
					break;
				}
			}
			/* Non-wildcard test
			if ( $parsedUrl['host'] === $domain ) {
				$valid = true;
				break;
			}
			*/
		}

		return $valid;
	}

	/**
	 * Checks whether the URL is not allowed.
	 *
	 * @param string $url
	 * @return bool
	 */
	public static function isAllowedUrl( $url ) {
		if ( !isset( self::$allowedUrls[$url] ) ) {
			$allowed = true;
			Hooks::run( 'IsUploadAllowedFromUrl', [ $url, &$allowed ] );
			self::$allowedUrls[$url] = $allowed;
		}

		return self::$allowedUrls[$url];
	}

	/**
	 * Entry point for API upload
	 *
	 * @param string $name
	 * @param string $url
	 * @throws MWException
	 */
	public function initialize( $name, $url ) {
		$this->mUrl = $url;

		$tempPath = $this->makeTemporaryFile();
		# File size and removeTempFile will be filled in later
		$this->initializePathInfo( $name, $tempPath, 0, false );
	}

	/**
	 * Entry point for SpecialUpload
	 * @param WebRequest $request
	 */
	public function initializeFromRequest( &$request ) {
		$desiredDestName = $request->getText( 'wpDestFile' );
		if ( !$desiredDestName ) {
			$desiredDestName = $request->getText( 'wpUploadFileURL' );
		}
		$this->initialize(
			$desiredDestName,
			trim( $request->getVal( 'wpUploadFileURL' ) ),
			false
		);
	}

	/**
	 * @param WebRequest $request
	 * @return bool
	 */
	public static function isValidRequest( $request ) {
		global $wgUser;

		$url = $request->getVal( 'wpUploadFileURL' );

		return !empty( $url )
			&& $wgUser->isAllowed( 'upload_by_url' );
	}

	/**
	 * @return string
	 */
	public function getSourceType() {
		return 'url';
	}

	/**
	 * Download the file
	 *
	 * @param array $httpOptions Array of options for MWHttpRequest.
	 *   This could be used to override the timeout on the http request.
	 * @return Status
	 */
	public function fetchFile( $httpOptions = [] ) {
		if ( !Http::isValidURI( $this->mUrl ) ) {
			return Status::newFatal( 'http-invalid-url', $this->mUrl );
		}

		if ( !self::isAllowedHost( $this->mUrl ) ) {
			return Status::newFatal( 'upload-copy-upload-invalid-domain' );
		}
		if ( !self::isAllowedUrl( $this->mUrl ) ) {
			return Status::newFatal( 'upload-copy-upload-invalid-url' );
		}
		return $this->reallyFetchFile( $httpOptions );
	}

	/**
	 * Create a new temporary file in the URL subdirectory of wfTempDir().
	 *
	 * @return string Path to the file
	 */
	protected function makeTemporaryFile() {
		$tmpFile = TempFSFile::factory( 'URL', 'urlupload_', wfTempDir() );
		$tmpFile->bind( $this );

		return $tmpFile->getPath();
	}

	/**
	 * Callback: save a chunk of the result of a HTTP request to the temporary file
	 *
	 * @param mixed $req
	 * @param string $buffer
	 * @return int Number of bytes handled
	 */
	public function saveTempFileChunk( $req, $buffer ) {
		wfDebugLog( 'fileupload', 'Received chunk of ' . strlen( $buffer ) . ' bytes' );
		$nbytes = fwrite( $this->mTmpHandle, $buffer );

		if ( $nbytes == strlen( $buffer ) ) {
			$this->mFileSize += $nbytes;
		} else {
			// Well... that's not good!
			wfDebugLog(
				'fileupload',
				'Short write ' . $this->nbytes . '/' . strlen( $buffer ) .
class MyClass { }

$x = new MyClass();
$x->foo = true;
					' bytes, aborting with ' . $this->mFileSize . ' uploaded so far'
			);
			fclose( $this->mTmpHandle );
			$this->mTmpHandle = false;
		}

		return $nbytes;
	}

	/**
	 * Download the file, save it to the temporary file and update the file
	 * size and set $mRemoveTempFile to true.
	 *
	 * @param array $httpOptions Array of options for MWHttpRequest
	 * @return Status
	 */
	protected function reallyFetchFile( $httpOptions = [] ) {
		global $wgCopyUploadProxy, $wgCopyUploadTimeout;
		if ( $this->mTempPath === false ) {
			return Status::newFatal( 'tmp-create-error' );
		}

		// Note the temporary file should already be created by makeTemporaryFile()
		$this->mTmpHandle = fopen( $this->mTempPath, 'wb' );
		if ( !$this->mTmpHandle ) {
			return Status::newFatal( 'tmp-create-error' );
		}
		wfDebugLog( 'fileupload', 'Temporary file created "' . $this->mTempPath . '"' );

		$this->mRemoveTempFile = true;
		$this->mFileSize = 0;

		$options = $httpOptions + [ 'followRedirects' => true ];

		if ( $wgCopyUploadProxy !== false ) {
			$options['proxy'] = $wgCopyUploadProxy;
		}

		if ( $wgCopyUploadTimeout && !isset( $options['timeout'] ) ) {
			$options['timeout'] = $wgCopyUploadTimeout;
		}
		wfDebugLog(
			'fileupload',
			'Starting download from "' . $this->mUrl . '" ' .
				'<' . implode( ',', array_keys( array_filter( $options ) ) ) . '>'
		);
		$req = MWHttpRequest::factory( $this->mUrl, $options, __METHOD__ );
		$req->setCallback( [ $this, 'saveTempFileChunk' ] );
		$status = $req->execute();

		if ( $this->mTmpHandle ) {
			// File got written ok...
			fclose( $this->mTmpHandle );
			$this->mTmpHandle = null;
		} else {
			// We encountered a write error during the download...
			return Status::newFatal( 'tmp-write-error' );
		}

		wfDebugLog( 'fileupload', $status );
		if ( $status->isOK() ) {
			wfDebugLog( 'fileupload', 'Download by URL completed successfuly.' );
		} else {
			wfDebugLog(
				'fileupload',
				'Download by URL completed with HTTP status ' . $req->getStatus()
			);
		}

		return $status;
	}
}


1			<?php
2			/**
3			* Backend for uploading files from a HTTP resource.
4			*
5			* This program is free software; you can redistribute it and/or modify
6			* it under the terms of the GNU General Public License as published by
7			* the Free Software Foundation; either version 2 of the License, or
8			* (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			*
15			* You should have received a copy of the GNU General Public License along
16			* with this program; if not, write to the Free Software Foundation, Inc.,
17			* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18			* http://www.gnu.org/copyleft/gpl.html
19			*
20			* @file
21			* @ingroup Upload
22			*/
23
24			/**
25			* Implements uploading from a HTTP resource.
26			*
27			* @ingroup Upload
28			* @author Bryan Tong Minh
29			* @author Michael Dale
30			*/
31			class UploadFromUrl extends UploadBase {
32			protected $mUrl;
33
34			protected $mTempPath, $mTmpHandle;
			0 ignored issues – show Coding Style introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report It is generally advisable to only define one property per statement. Only declaring a single property per statement allows you to later on add doc comments more easily. It is also recommended by PSR2, so it is a common style that many people expect. Loading history...
35
36			protected static $allowedUrls = [];
37
38			/**
39			* Checks if the user is allowed to use the upload-by-URL feature. If the
40			* user is not allowed, return the name of the user right as a string. If
41			* the user is allowed, have the parent do further permissions checking.
42			*
43			* @param User $user
44			*
45			* @return bool\|string
46			*/
47			public static function isAllowed( $user ) {
48			if ( !$user->isAllowed( 'upload_by_url' ) ) {
49			return 'upload_by_url';
50			}
51
52			return parent::isAllowed( $user );
53			}
54
55			/**
56			* Checks if the upload from URL feature is enabled
57			* @return bool
58			*/
59			public static function isEnabled() {
60			global $wgAllowCopyUploads;
61
62			return $wgAllowCopyUploads && parent::isEnabled();
63			}
64
65			/**
66			* Checks whether the URL is for an allowed host
67			* The domains in the whitelist can include wildcard characters (*) in place
68			* of any of the domain levels, e.g. '.flickr.com' or 'upload..gov.uk'.
69			*
70			* @param string $url
71			* @return bool
72			*/
73			public static function isAllowedHost( $url ) {
74			global $wgCopyUploadsDomains;
75			if ( !count( $wgCopyUploadsDomains ) ) {
76			return true;
77			}
78			$parsedUrl = wfParseUrl( $url );
79			if ( !$parsedUrl ) {
80			return false;
81			}
82			$valid = false;
83			foreach ( $wgCopyUploadsDomains as $domain ) {
84			// See if the domain for the upload matches this whitelisted domain
85			$whitelistedDomainPieces = explode( '.', $domain );
86			$uploadDomainPieces = explode( '.', $parsedUrl['host'] );
87			if ( count( $whitelistedDomainPieces ) === count( $uploadDomainPieces ) ) {
88			$valid = true;
89			// See if all the pieces match or not (excluding wildcards)
90			foreach ( $whitelistedDomainPieces as $index => $piece ) {
91			if ( $piece !== '*' && $piece !== $uploadDomainPieces[$index] ) {
92			$valid = false;
93			}
94			}
95			if ( $valid ) {
96			// We found a match, so quit comparing against the list
97			break;
98			}
99			}
100			/* Non-wildcard test
101			if ( $parsedUrl['host'] === $domain ) {
102			$valid = true;
103			break;
104			}
105			*/
106			}
107
108			return $valid;
109			}
110
111			/**
112			* Checks whether the URL is not allowed.
113			*
114			* @param string $url
115			* @return bool
116			*/
117			public static function isAllowedUrl( $url ) {
118			if ( !isset( self::$allowedUrls[$url] ) ) {
119			$allowed = true;
120			Hooks::run( 'IsUploadAllowedFromUrl', [ $url, &$allowed ] );
121			self::$allowedUrls[$url] = $allowed;
122			}
123
124			return self::$allowedUrls[$url];
125			}
126
127			/**
128			* Entry point for API upload
129			*
130			* @param string $name
131			* @param string $url
132			* @throws MWException
133			*/
134			public function initialize( $name, $url ) {
135			$this->mUrl = $url;
136
137			$tempPath = $this->makeTemporaryFile();
138			# File size and removeTempFile will be filled in later
139			$this->initializePathInfo( $name, $tempPath, 0, false );
140			}
141
142			/**
143			* Entry point for SpecialUpload
144			* @param WebRequest $request
145			*/
146			public function initializeFromRequest( &$request ) {
147			$desiredDestName = $request->getText( 'wpDestFile' );
148			if ( !$desiredDestName ) {
149			$desiredDestName = $request->getText( 'wpUploadFileURL' );
150			}
151			$this->initialize(
152			$desiredDestName,
153			trim( $request->getVal( 'wpUploadFileURL' ) ),
154			false
155			);
156			}
157
158			/**
159			* @param WebRequest $request
160			* @return bool
161			*/
162			public static function isValidRequest( $request ) {
163			global $wgUser;
164
165			$url = $request->getVal( 'wpUploadFileURL' );
166
167			return !empty( $url )
168			&& $wgUser->isAllowed( 'upload_by_url' );
169			}
170
171			/**
172			* @return string
173			*/
174			public function getSourceType() {
175			return 'url';
176			}
177
178			/**
179			* Download the file
180			*
181			* @param array $httpOptions Array of options for MWHttpRequest.
182			* This could be used to override the timeout on the http request.
183			* @return Status
184			*/
185			public function fetchFile( $httpOptions = [] ) {
186			if ( !Http::isValidURI( $this->mUrl ) ) {
187			return Status::newFatal( 'http-invalid-url', $this->mUrl );
188			}
189
190			if ( !self::isAllowedHost( $this->mUrl ) ) {
191			return Status::newFatal( 'upload-copy-upload-invalid-domain' );
192			}
193			if ( !self::isAllowedUrl( $this->mUrl ) ) {
194			return Status::newFatal( 'upload-copy-upload-invalid-url' );
195			}
196			return $this->reallyFetchFile( $httpOptions );
197			}
198
199			/**
200			* Create a new temporary file in the URL subdirectory of wfTempDir().
201			*
202			* @return string Path to the file
203			*/
204			protected function makeTemporaryFile() {
205			$tmpFile = TempFSFile::factory( 'URL', 'urlupload_', wfTempDir() );
206			$tmpFile->bind( $this );
207
208			return $tmpFile->getPath();
209			}
210
211			/**
212			* Callback: save a chunk of the result of a HTTP request to the temporary file
213			*
214			* @param mixed $req
215			* @param string $buffer
216			* @return int Number of bytes handled
217			*/
218			public function saveTempFileChunk( $req, $buffer ) {
219			wfDebugLog( 'fileupload', 'Received chunk of ' . strlen( $buffer ) . ' bytes' );
220			$nbytes = fwrite( $this->mTmpHandle, $buffer );
221
222			if ( $nbytes == strlen( $buffer ) ) {
223			$this->mFileSize += $nbytes;
224			} else {
225			// Well... that's not good!
226			wfDebugLog(
227			'fileupload',
228			'Short write ' . $this->nbytes . '/' . strlen( $buffer ) .
			0 ignored issues – show Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report The property `nbytes` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
229			' bytes, aborting with ' . $this->mFileSize . ' uploaded so far'
230			);
231			fclose( $this->mTmpHandle );
232			$this->mTmpHandle = false;
233			}
234
235			return $nbytes;
236			}
237
238			/**
239			* Download the file, save it to the temporary file and update the file
240			* size and set $mRemoveTempFile to true.
241			*
242			* @param array $httpOptions Array of options for MWHttpRequest
243			* @return Status
244			*/
245			protected function reallyFetchFile( $httpOptions = [] ) {
246			global $wgCopyUploadProxy, $wgCopyUploadTimeout;
247			if ( $this->mTempPath === false ) {
248			return Status::newFatal( 'tmp-create-error' );
249			}
250
251			// Note the temporary file should already be created by makeTemporaryFile()
252			$this->mTmpHandle = fopen( $this->mTempPath, 'wb' );
253			if ( !$this->mTmpHandle ) {
254			return Status::newFatal( 'tmp-create-error' );
255			}
256			wfDebugLog( 'fileupload', 'Temporary file created "' . $this->mTempPath . '"' );
257
258			$this->mRemoveTempFile = true;
259			$this->mFileSize = 0;
260
261			$options = $httpOptions + [ 'followRedirects' => true ];
262
263			if ( $wgCopyUploadProxy !== false ) {
264			$options['proxy'] = $wgCopyUploadProxy;
265			}
266
267			if ( $wgCopyUploadTimeout && !isset( $options['timeout'] ) ) {
268			$options['timeout'] = $wgCopyUploadTimeout;
269			}
270			wfDebugLog(
271			'fileupload',
272			'Starting download from "' . $this->mUrl . '" ' .
273			'<' . implode( ',', array_keys( array_filter( $options ) ) ) . '>'
274			);
275			$req = MWHttpRequest::factory( $this->mUrl, $options, __METHOD__ );
276			$req->setCallback( [ $this, 'saveTempFileChunk' ] );
277			$status = $req->execute();
278
279			if ( $this->mTmpHandle ) {
280			// File got written ok...
281			fclose( $this->mTmpHandle );
282			$this->mTmpHandle = null;
283			} else {
284			// We encountered a write error during the download...
285			return Status::newFatal( 'tmp-write-error' );
286			}
287
288			wfDebugLog( 'fileupload', $status );
289			if ( $status->isOK() ) {
290			wfDebugLog( 'fileupload', 'Download by URL completed successfuly.' );
291			} else {
292			wfDebugLog(
293			'fileupload',
294			'Download by URL completed with HTTP status ' . $req->getStatus()
295			);
296			}
297
298			return $status;
299			}
300			}
301

wikimedia / mediawiki

UploadFromUrl B last analyzed 2016-11-13 17:42 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Importance

12 Methods

Duplication Side-by-Side

Filter issues like

UploadFromUrl B
last analyzed 2016-11-13 17:42 UTC