Index: trunk/phase3/includes/specials/SpecialUploadStash.php |
— | — | @@ -20,11 +20,16 @@ |
21 | 21 | // UploadStash |
22 | 22 | private $stash; |
23 | 23 | |
24 | | - // we should not be reading in really big files and serving them out |
25 | | - private $maxServeFileSize = 262144; // 256K |
| 24 | + // Since we are directly writing the file to STDOUT, |
| 25 | + // we should not be reading in really big files and serving them out. |
| 26 | + // |
| 27 | + // We also don't want people using this as a file drop, even if they |
| 28 | + // share credentials. |
| 29 | + // |
| 30 | + // This service is really for thumbnails and other such previews while |
| 31 | + // uploading. |
| 32 | + const MAX_SERVE_BYTES = 262144; // 256K |
26 | 33 | |
27 | | - // $request is the request (usually wgRequest) |
28 | | - // $subpage is everything in the URL after Special:UploadStash |
29 | 34 | public function __construct( ) { |
30 | 35 | parent::__construct( 'UploadStash', 'upload' ); |
31 | 36 | try { |
— | — | @@ -52,23 +57,43 @@ |
53 | 58 | // prevent callers from doing standard HTML output -- we'll take it from here |
54 | 59 | $wgOut->disable(); |
55 | 60 | |
56 | | - try { |
57 | | - $file = $this->getStashFile( $subPage ); |
58 | | - if ( $file->getSize() > $this->maxServeFileSize ) { |
59 | | - throw new MWException( 'file size too large' ); |
| 61 | + $code = 500; |
| 62 | + $message = 'Unknown error'; |
| 63 | + |
| 64 | + if ( !isset( $subPage ) or $subPage === '' ) { |
| 65 | + // the user probably visited the page just to see what would happen, so explain it a bit. |
| 66 | + $code = '400'; |
| 67 | + $message = "Missing key\n\n" |
| 68 | + . 'This page provides access to temporarily stashed files for the user that ' |
| 69 | + . 'uploaded those files. See the upload API documentation. To access a stashed file, ' |
| 70 | + . 'use the URL of this page, with a slash and the key of the stashed file appended.'; |
| 71 | + } else { |
| 72 | + try { |
| 73 | + $file = $this->getStashFile( $subPage ); |
| 74 | + $size = $file->getSize(); |
| 75 | + if ( $size === 0 ) { |
| 76 | + $code = 500; |
| 77 | + $message = 'File is zero length'; |
| 78 | + } else if ( $size > self::MAX_SERVE_BYTES ) { |
| 79 | + $code = 500; |
| 80 | + $message = 'Cannot serve a file larger than ' . self::MAX_SERVE_BYTES . ' bytes'; |
| 81 | + } else { |
| 82 | + $this->outputFile( $file ); |
| 83 | + return true; |
| 84 | + } |
| 85 | + } catch( UploadStashFileNotFoundException $e ) { |
| 86 | + $code = 404; |
| 87 | + $message = $e->getMessage(); |
| 88 | + } catch( UploadStashBadPathException $e ) { |
| 89 | + $code = 500; |
| 90 | + $message = $e->getMessage(); |
| 91 | + } catch( Exception $e ) { |
| 92 | + $code = 500; |
| 93 | + $message = $e->getMessage(); |
60 | 94 | } |
61 | | - $this->outputFile( $file ); |
62 | | - return true; |
63 | | - |
64 | | - } catch( UploadStashFileNotFoundException $e ) { |
65 | | - $code = 404; |
66 | | - } catch( UploadStashBadPathException $e ) { |
67 | | - $code = 403; |
68 | | - } catch( Exception $e ) { |
69 | | - $code = 500; |
70 | 95 | } |
71 | 96 | |
72 | | - wfHttpError( $code, OutputPage::getStatusMessage( $code ), $e->getMessage() ); |
| 97 | + wfHttpError( $code, OutputPage::getStatusMessage( $code ), $message ); |
73 | 98 | return false; |
74 | 99 | } |
75 | 100 | |
— | — | @@ -130,8 +155,7 @@ |
131 | 156 | header( 'Content-Type: ' . $file->getMimeType(), true ); |
132 | 157 | header( 'Content-Transfer-Encoding: binary', true ); |
133 | 158 | header( 'Expires: Sun, 17-Jan-2038 19:14:07 GMT', true ); |
134 | | - header( 'Pragma: public', true ); |
135 | | - header( 'Content-Length: ' . $file->getSize(), true ); // FIXME: PHP can handle Content-Length for you just fine --RK |
| 159 | + header( 'Content-Length: ' . $file->getSize(), true ); |
136 | 160 | readfile( $file->getPath() ); |
137 | 161 | } |
138 | 162 | } |