jenkins-bot has submitted this change and it was merged.
Change subject: hook to intercept upload_by_url
......................................................................
hook to intercept upload_by_url
This is planned to be used for intercepting by UW for Flickr blacklisting.
Bug: 42307
Change-Id: Ia3daaeba1ce5e69e751ffc2ae5afd5e449cf4aa7
---
M RELEASE-NOTES-1.22
M docs/hooks.txt
M includes/api/ApiBase.php
M includes/api/ApiUpload.php
M includes/upload/UploadFromUrl.php
5 files changed, 31 insertions(+), 0 deletions(-)
Approvals:
Matthias Mullie: Looks good to me, approved
jenkins-bot: Verified
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index f6c304e..0b4a6c5 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -149,6 +149,8 @@
right?" check is used to avoid more expensive checks.
* Display "(No difference)" instead of an empty diff (when comparing revisions
in the history or when previewing changes while editing).
+* New hook 'IsUploadAllowedFromUrl' is added which can be used to intercept
uploads by
+ URL, useful for blacklisting specific URLs
=== Bug fixes in 1.22 ===
* Disable Special:PasswordReset when $wgEnableEmail is false. Previously one
diff --git a/docs/hooks.txt b/docs/hooks.txt
index 9967666..84cc820 100644
--- a/docs/hooks.txt
+++ b/docs/hooks.txt
@@ -1360,6 +1360,10 @@
$ip: IP being check
$result: Change this value to override the result of wfIsTrustedProxy()
+'IsUploadAllowedFromUrl': Override the result of UploadFromUrl::isAllowedUrl()
+$url: URL used to upload from
+&$allowed: Boolean indicating if uploading is allowed for given URL
+
'isValidEmailAddr': Override the result of User::isValidEmailAddr(), for
instance to return false if the domain name doesn't match your organization.
$addr: The e-mail address entered by the user
diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index 8f5185a..2e6846d 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -1404,6 +1404,7 @@
'uploaddisabled' => array( 'code' => 'uploaddisabled', 'info'
=> 'Uploads are not enabled. Make sure $wgEnableUploads is set to true in
LocalSettings.php and the PHP ini setting file_uploads is true' ),
'copyuploaddisabled' => array( 'code' => 'copyuploaddisabled',
'info' => 'Uploads by URL is not enabled. Make sure $wgAllowCopyUploads is set
to true in LocalSettings.php.' ),
'copyuploadbaddomain' => array( 'code' =>
'copyuploadbaddomain', 'info' => 'Uploads by URL are not allowed from this
domain.' ),
+ 'copyuploadbadurl' => array( 'code' => 'copyuploadbadurl',
'info' => 'Upload not allowed from this URL.' ),
'filename-tooshort' => array( 'code' => 'filename-tooshort',
'info' => 'The filename is too short' ),
'filename-toolong' => array( 'code' => 'filename-toolong',
'info' => 'The filename is too long' ),
diff --git a/includes/api/ApiUpload.php b/includes/api/ApiUpload.php
index 34741b5..b903a62 100644
--- a/includes/api/ApiUpload.php
+++ b/includes/api/ApiUpload.php
@@ -410,6 +410,10 @@
$this->dieUsageMsg( 'copyuploadbaddomain' );
}
+ if ( !UploadFromUrl::isAllowedUrl(
$this->mParams['url'] ) ) {
+ $this->dieUsageMsg( 'copyuploadbadurl' );
+ }
+
$async = false;
if ( $this->mParams['asyncdownload'] ) {
$this->checkAsyncDownloadEnabled();
diff --git a/includes/upload/UploadFromUrl.php
b/includes/upload/UploadFromUrl.php
index c99feef..a4374f3 100644
--- a/includes/upload/UploadFromUrl.php
+++ b/includes/upload/UploadFromUrl.php
@@ -34,6 +34,8 @@
protected $mTempPath, $mTmpHandle;
+ protected static $allowedUrls = array();
+
/**
* Checks if the user is allowed to use the upload-by-URL feature. If
the
* user is not allowed, return the name of the user right as a string.
If
@@ -102,6 +104,21 @@
*/
}
return $valid;
+ }
+
+ /**
+ * Checks whether the URL is not allowed.
+ *
+ * @param $url string
+ * @return bool
+ */
+ public static function isAllowedUrl( $url ) {
+ if ( !isset( self::$allowedUrls[$url] ) ) {
+ $allowed = true;
+ wfRunHooks( 'IsUploadAllowedFromUrl', array( $url,
&$allowed ) );
+ self::$allowedUrls[$url] = $allowed;
+ }
+ return self::$allowedUrls[$url];
}
/**
@@ -175,6 +192,9 @@
if ( !self::isAllowedHost( $this->mUrl ) ) {
return Status::newFatal(
'upload-copy-upload-invalid-domain' );
}
+ if ( !self::isAllowedUrl( $this->mUrl ) ) {
+ return Status::newFatal(
'upload-copy-upload-invalid-url' );
+ }
if ( !$this->mAsync ) {
return $this->reallyFetchFile();
}
--
To view, visit https://gerrit.wikimedia.org/r/65102
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ia3daaeba1ce5e69e751ffc2ae5afd5e449cf4aa7
Gerrit-PatchSet: 10
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Nischayn22 <[email protected]>
Gerrit-Reviewer: Anomie <[email protected]>
Gerrit-Reviewer: Krinkle <[email protected]>
Gerrit-Reviewer: MarkTraceur <[email protected]>
Gerrit-Reviewer: Matthias Mullie <[email protected]>
Gerrit-Reviewer: Nischayn22 <[email protected]>
Gerrit-Reviewer: Parent5446 <[email protected]>
Gerrit-Reviewer: Reedy <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
