http://www.mediawiki.org/wiki/Special:Code/MediaWiki/74017
Revision: 74017 Author: neilk Date: 2010-09-30 11:26:40 +0000 (Thu, 30 Sep 2010) Log Message: ----------- miscellaneous fixes from comment http://www.mediawiki.org/wiki/Special:Code/MediaWiki/74014#c9699 Modified Paths: -------------- branches/uploadwizard/phase3/includes/specials/SpecialSessionStash.php branches/uploadwizard/phase3/includes/upload/SessionStash.php Modified: branches/uploadwizard/phase3/includes/specials/SpecialSessionStash.php =================================================================== --- branches/uploadwizard/phase3/includes/specials/SpecialSessionStash.php 2010-09-30 11:19:35 UTC (rev 74016) +++ branches/uploadwizard/phase3/includes/specials/SpecialSessionStash.php 2010-09-30 11:26:40 UTC (rev 74017) @@ -33,13 +33,9 @@ // $request is the request (usually wgRequest) // $subpage is everything in the URL after Special:SessionStash - public function __construct( $request=null, $subpage=null ) { - global $wgRequest; - + public function __construct( $request = null, $subpage = null ) { parent::__construct( 'SessionStash', 'upload' ); - $this->stash = new SessionStash(); - } /** @@ -55,7 +51,6 @@ // prevent callers from doing standard HTML output -- we'll take it from here $wgOut->disable(); - // global $wgScriptPath, $wgLang, $wgUser, $wgOut; wfDebug( __METHOD__ . " in subpage for $subPage \n" ); try { @@ -67,16 +62,14 @@ return true; } catch( SessionStashFileNotFoundException $e ) { - wfHttpError( 404, self::$HttpErrors[404], $e->getCode(), $e->getMessage() ); - + $code = 404; } catch( SessionStashBadPathException $e ) { - wfHttpError( 403, self::$HttpErrors[403], $e->getCode(), $e->getMessage() ); - + $code = 403; } catch( Exception $e ) { - wfHttpError( $code, self::$HttpErrors[$code], $e->getCode(), $e->getMessage() ); - + $code = 500; } + wfHttpError( $code, self::$HttpErrors[$code], $e->getCode(), $e->getMessage() ); return false; } @@ -106,11 +99,11 @@ * @param {File} file */ private function outputFile( $file ) { - header( 'Content-Type: ' . $file->getMimeType() ); - header( 'Content-Transfer-Encoding: binary' ); - header( 'Expires: Sun, 17-Jan-2038 19:14:07 GMT' ); - header( 'Pragma: public' ); - header( 'Content-Length: ' . $file->getSize() ); + header( 'Content-Type: ' . $file->getMimeType(), true ); + header( 'Content-Transfer-Encoding: binary', true ); + header( 'Expires: Sun, 17-Jan-2038 19:14:07 GMT', true ); + header( 'Pragma: public', true ); + header( 'Content-Length: ' . $file->getSize(), true ); readfile( $file->getPath() ); } } Modified: branches/uploadwizard/phase3/includes/upload/SessionStash.php =================================================================== --- branches/uploadwizard/phase3/includes/upload/SessionStash.php 2010-09-30 11:19:35 UTC (rev 74016) +++ branches/uploadwizard/phase3/includes/upload/SessionStash.php 2010-09-30 11:26:40 UTC (rev 74017) @@ -31,7 +31,7 @@ * Designed to be compatible with the session stashing code in UploadBase (should replace eventually) * @param {FileRepo} optional -- repo in which to store files. Will choose LocalRepo if not supplied. */ - public function __construct( $repo=null ) { + public function __construct( $repo = null ) { if ( is_null( $repo ) ) { $repo = RepoGroup::singleton()->getLocalRepo(); @@ -81,7 +81,7 @@ // guards against PHP class changing while session data doesn't if ($stashData['version'] !== UploadBase::SESSION_VERSION ) { - return self::$error['outdated session version']; + throw new MWException( 'outdated session version' ); } // The path is flattened in with the other random props so we have to dig it out. @@ -108,7 +108,7 @@ * @param {Array} data - other data you want added to the session. Do not use 'mTempPath', 'mFileProps', 'mFileSize', or version as keys here * @return {SessionStashFile} file */ - public function stashFile( $key, $path, $data=array() ) { + public function stashFile( $key, $path, $data = array() ) { if ( !$key ) { $key = mt_rand( 0, 0x7fffffff ); } @@ -196,36 +196,6 @@ } /** - * Test if a path looks like it's in the right place - * - * @param {String} $path - * @return {Boolean} - */ - public function isPathValid( $path ) { - - if ( strval( $filename ) == '' ) { - return false; - } - - /** - * Lifted this bit from extensions/WebStore::validateFilename. - * Use the same traversal protection as Title::secureAndSplit() - */ - if ( strpos( $filename, '.' ) !== false && - ( $filename === '.' || $filename === '..' || - strpos( $filename, './' ) === 0 || - strpos( $filename, '../' ) === 0 || - strpos( $filename, '/./' ) !== false || - strpos( $filename, '/../' ) !== false ) ) { - return false; - } - - - return true; - - } - - /** * A method needed by the file transforming and scaling routines in File.php * We do not necessarily care about doing the description at this point * @return {String} the empty string @@ -275,7 +245,7 @@ * @param {String|false} name of thumbnail (e.g. "120px-123456.jpg" ), or false to just get the path * @return {String} path thumbnail should take on filesystem, or containing directory if thumbname is false */ - public function getThumbPath( $thumbName=false ) { + public function getThumbPath( $thumbName = false ) { $path = dirname( $this->path ); if ( $thumbName !== false ) { $path .= "/$thumbName"; @@ -311,7 +281,7 @@ * @param {String} basename of thumbnail file -- however, we don't want to use the file exactly * @return {String} URL to access thumbnail, or URL with partial path */ - public function getThumbUrl( $thumbName=false ) { + public function getThumbUrl( $thumbName = false ) { $path = $this->sessionStash->getBaseUrl(); $extension = $this->getExtension(); if ( $thumbName !== false ) { @@ -367,7 +337,7 @@ * @param {Bitmask} flags suitable for File::transform() * @return {ThumbnailImage} with additional File thumbnailFile property */ - public function transform( $params, $flags=0 ) { + public function transform( $params, $flags = 0 ) { // force it to get a thumbnail right away $flags |= self::RENDER_NOW; _______________________________________________ MediaWiki-CVS mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
