r58291 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r58290‎ \| r58291 \| r58292 >
Date:	22:23, 28 October 2009
Author:	btongminh
Status:	ok
Tags:
Comment:	* Validate sessionkey for stashed uploads * (bug 21235) Switch around fetchfileerror to the proper order
Modified paths:	/trunk/phase3/includes/api/ApiUpload.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiUpload.php
—	—	@@ -73,11 +73,13 @@
74	74	if( isset( $status['error'] ) )
75	75	$this->dieUsageMsg( $status['error'] );
76	76
77		~~- } elseif ( isset( $this->mParams['internalhttpsession'] ) && $this->mParams['internalhttpsession'] ) {~~
	77	+ } elseif ( !empty( $this->mParams['internalhttpsession'] ) ) {
	78	+ /**
	79	+ * Internal http mode
	80	+ */
	81	+
78	82	$sd = & $_SESSION['wsDownload'][ $this->mParams['internalhttpsession'] ];
79	83
80		~~- //wfDebug("InternalHTTP:: " . print_r($this->mParams, true));~~
81		~~- // get the params from the init session:~~
82	84	$this->mUpload = new UploadFromFile();
83	85
84	86	$this->mUpload->initialize( $this->mParams['filename'],
—	—	@@ -113,6 +115,10 @@
114	116	/**
115	117	* Upload stashed in a previous request
116	118	*/
	119	+ // Check the session key
	120	+ if( !isset( $_SESSION['wsUploadData'][$this->mParams['sessionkey']] ) )
	121	+ return $this->dieUsageMsg( array( 'invalid-session-key' ) );
	122	+
117	123	$this->mUpload = new UploadFromStash();
118	124	$this->mUpload->initialize( $this->mParams['filename'],
119	125	$_SESSION['wsUploadData'][$this->mParams['sessionkey']] );
—	—	@@ -148,7 +154,7 @@
149	155
150	156	$status = $this->mUpload->fetchFile();
151	157	if( !$status->isOK() ) {
152		~~- return $this->dieUsage( 'fetchfileerror', $status->getWikiText() );~~
	158	+ return $this->dieUsage( $status->getWikiText(), 'fetchfileerror' );
153	159	}
154	160
155	161	// check if we doing a async request set session info and return the upload_session_key)
—	—	@@ -164,8 +170,8 @@
165	171	$sd['mParams'] = $this->mParams;
166	172
167	173	return $this->getResult()->addValue( null, $this->getModuleName(),
168		~~- array( 'upload_session_key' => $upload_session_key~~
169		~~- ));~~
	174	+ array( 'upload_session_key' => $upload_session_key )
	175	+ );
170	176	}
171	177	}
172	178	}
—	—	@@ -193,6 +199,7 @@
194	200	// Perform the upload
195	201	$result = $this->performUpload();
196	202	// Cleanup any temporary mess
	203	+ // FIXME: This should be in a try .. finally block with performUpload
197	204	$this->mUpload->cleanupTempFile();
198	205	$this->getResult()->addValue( null, $this->getModuleName(), $result );
199	206	}

Status & tagging log

10:32, 2 December 2009 Catrope (talk | contribs) changed the status of r58291 [removed: new added: ok]