These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Backend for uploading files from previously stored file. |
||
4 | * |
||
5 | * This program is free software; you can redistribute it and/or modify |
||
6 | * it under the terms of the GNU General Public License as published by |
||
7 | * the Free Software Foundation; either version 2 of the License, or |
||
8 | * (at your option) any later version. |
||
9 | * |
||
10 | * This program is distributed in the hope that it will be useful, |
||
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
13 | * GNU General Public License for more details. |
||
14 | * |
||
15 | * You should have received a copy of the GNU General Public License along |
||
16 | * with this program; if not, write to the Free Software Foundation, Inc., |
||
17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
||
18 | * http://www.gnu.org/copyleft/gpl.html |
||
19 | * |
||
20 | * @file |
||
21 | * @ingroup Upload |
||
22 | */ |
||
23 | |||
24 | /** |
||
25 | * Implements uploading from previously stored file. |
||
26 | * |
||
27 | * @ingroup Upload |
||
28 | * @author Bryan Tong Minh |
||
29 | */ |
||
30 | class UploadFromStash extends UploadBase { |
||
31 | protected $mFileKey; |
||
32 | protected $mVirtualTempPath; |
||
33 | protected $mFileProps; |
||
34 | protected $mSourceType; |
||
35 | |||
36 | // an instance of UploadStash |
||
37 | private $stash; |
||
38 | |||
39 | // LocalFile repo |
||
40 | private $repo; |
||
41 | |||
42 | /** |
||
43 | * @param User|bool $user Default: false |
||
44 | * @param UploadStash|bool $stash Default: false |
||
45 | * @param FileRepo|bool $repo Default: false |
||
46 | */ |
||
47 | View Code Duplication | public function __construct( $user = false, $stash = false, $repo = false ) { |
|
48 | // user object. sometimes this won't exist, as when running from cron. |
||
49 | $this->user = $user; |
||
0 ignored issues
–
show
|
|||
50 | |||
51 | if ( $repo ) { |
||
52 | $this->repo = $repo; |
||
53 | } else { |
||
54 | $this->repo = RepoGroup::singleton()->getLocalRepo(); |
||
55 | } |
||
56 | |||
57 | if ( $stash ) { |
||
58 | $this->stash = $stash; |
||
59 | } else { |
||
60 | if ( $user ) { |
||
61 | wfDebug( __METHOD__ . " creating new UploadStash instance for " . $user->getId() . "\n" ); |
||
0 ignored issues
–
show
It seems like
$user is not always an object, but can also be of type boolean . Maybe add an additional type check?
If a variable is not always an object, we recommend to add an additional type check to ensure your method call is safe: function someFunction(A $objectMaybe = null)
{
if ($objectMaybe instanceof A) {
$objectMaybe->doSomething();
}
}
Loading history...
|
|||
62 | } else { |
||
63 | wfDebug( __METHOD__ . " creating new UploadStash instance with no user\n" ); |
||
64 | } |
||
65 | |||
66 | $this->stash = new UploadStash( $this->repo, $this->user ); |
||
0 ignored issues
–
show
It seems like
$this->repo can also be of type boolean ; however, UploadStash::__construct() does only seem to accept object<FileRepo> , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.
Loading history...
It seems like
$this->user can also be of type boolean ; however, UploadStash::__construct() does only seem to accept object<User>|null , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.
Loading history...
|
|||
67 | } |
||
68 | } |
||
69 | |||
70 | /** |
||
71 | * @param string $key |
||
72 | * @return bool |
||
73 | */ |
||
74 | public static function isValidKey( $key ) { |
||
75 | // this is checked in more detail in UploadStash |
||
76 | return (bool)preg_match( UploadStash::KEY_FORMAT_REGEX, $key ); |
||
77 | } |
||
78 | |||
79 | /** |
||
80 | * @param WebRequest $request |
||
81 | * @return bool |
||
82 | */ |
||
83 | public static function isValidRequest( $request ) { |
||
84 | // this passes wpSessionKey to getText() as a default when wpFileKey isn't set. |
||
85 | // wpSessionKey has no default which guarantees failure if both are missing |
||
86 | // (though that should have been caught earlier) |
||
87 | return self::isValidKey( $request->getText( 'wpFileKey', $request->getText( 'wpSessionKey' ) ) ); |
||
88 | } |
||
89 | |||
90 | /** |
||
91 | * @param string $key |
||
92 | * @param string $name |
||
93 | * @param bool $initTempFile |
||
94 | */ |
||
95 | public function initialize( $key, $name = 'upload_file', $initTempFile = true ) { |
||
96 | /** |
||
97 | * Confirming a temporarily stashed upload. |
||
98 | * We don't want path names to be forged, so we keep |
||
99 | * them in the session on the server and just give |
||
100 | * an opaque key to the user agent. |
||
101 | */ |
||
102 | $metadata = $this->stash->getMetadata( $key ); |
||
103 | $this->initializePathInfo( $name, |
||
104 | $initTempFile ? $this->getRealPath( $metadata['us_path'] ) : false, |
||
105 | $metadata['us_size'], |
||
106 | false |
||
107 | ); |
||
108 | |||
109 | $this->mFileKey = $key; |
||
110 | $this->mVirtualTempPath = $metadata['us_path']; |
||
111 | $this->mFileProps = $this->stash->getFileProps( $key ); |
||
112 | $this->mSourceType = $metadata['us_source_type']; |
||
113 | } |
||
114 | |||
115 | /** |
||
116 | * @param WebRequest $request |
||
117 | */ |
||
118 | public function initializeFromRequest( &$request ) { |
||
119 | // sends wpSessionKey as a default when wpFileKey is missing |
||
120 | $fileKey = $request->getText( 'wpFileKey', $request->getText( 'wpSessionKey' ) ); |
||
121 | |||
122 | // chooses one of wpDestFile, wpUploadFile, filename in that order. |
||
123 | $desiredDestName = $request->getText( |
||
124 | 'wpDestFile', |
||
125 | $request->getText( 'wpUploadFile', $request->getText( 'filename' ) ) |
||
126 | ); |
||
127 | |||
128 | $this->initialize( $fileKey, $desiredDestName ); |
||
129 | } |
||
130 | |||
131 | /** |
||
132 | * @return string |
||
133 | */ |
||
134 | public function getSourceType() { |
||
135 | return $this->mSourceType; |
||
136 | } |
||
137 | |||
138 | /** |
||
139 | * Get the base 36 SHA1 of the file |
||
140 | * @return string |
||
141 | */ |
||
142 | public function getTempFileSha1Base36() { |
||
143 | return $this->mFileProps['sha1']; |
||
144 | } |
||
145 | |||
146 | /** |
||
147 | * Remove a temporarily kept file stashed by saveTempUploadedFile(). |
||
148 | * @return bool Success |
||
149 | */ |
||
150 | public function unsaveUploadedFile() { |
||
151 | return $this->stash->removeFile( $this->mFileKey ); |
||
152 | } |
||
153 | |||
154 | /** |
||
155 | * Remove the database record after a successful upload. |
||
156 | */ |
||
157 | public function postProcessUpload() { |
||
158 | parent::postProcessUpload(); |
||
159 | $this->unsaveUploadedFile(); |
||
160 | } |
||
161 | } |
||
162 |
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code:
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: