MediaWiki  1.23.0
StreamFile.php
Go to the documentation of this file.
1 <?php
26 class StreamFile {
27  const READY_STREAM = 1;
28  const NOT_MODIFIED = 2;
29 
41  public static function stream( $fname, $headers = array(), $sendErrors = true ) {
42  wfProfileIn( __METHOD__ );
43 
44  if ( FileBackend::isStoragePath( $fname ) ) { // sanity
45  wfProfileOut( __METHOD__ );
46  throw new MWException( __FUNCTION__ . " given storage path '$fname'." );
47  }
48 
50  $stat = stat( $fname );
52 
53  $res = self::prepareForStream( $fname, $stat, $headers, $sendErrors );
54  if ( $res == self::NOT_MODIFIED ) {
55  $ok = true; // use client cache
56  } elseif ( $res == self::READY_STREAM ) {
57  wfProfileIn( __METHOD__ . '-send' );
58  $ok = readfile( $fname );
59  wfProfileOut( __METHOD__ . '-send' );
60  } else {
61  $ok = false; // failed
62  }
63 
64  wfProfileOut( __METHOD__ );
65  return $ok;
66  }
67 
81  public static function prepareForStream(
82  $path, $info, $headers = array(), $sendErrors = true
83  ) {
84  if ( !is_array( $info ) ) {
85  if ( $sendErrors ) {
86  header( 'HTTP/1.0 404 Not Found' );
87  header( 'Cache-Control: no-cache' );
88  header( 'Content-Type: text/html; charset=utf-8' );
89  $encFile = htmlspecialchars( $path );
90  $encScript = htmlspecialchars( $_SERVER['SCRIPT_NAME'] );
91  echo "<html><body>
92  <h1>File not found</h1>
93  <p>Although this PHP script ($encScript) exists, the file requested for output
94  ($encFile) does not.</p>
95  </body></html>
96  ";
97  }
98  return false;
99  }
100 
101  // Sent Last-Modified HTTP header for client-side caching
102  header( 'Last-Modified: ' . wfTimestamp( TS_RFC2822, $info['mtime'] ) );
103 
104  // Cancel output buffering and gzipping if set
106 
108  if ( $type && $type != 'unknown/unknown' ) {
109  header( "Content-type: $type" );
110  } else {
111  // Send a content type which is not known to Internet Explorer, to
112  // avoid triggering IE's content type detection. Sending a standard
113  // unknown content type here essentially gives IE license to apply
114  // whatever content type it likes.
115  header( 'Content-type: application/x-wiki' );
116  }
117 
118  // Don't stream it out as text/html if there was a PHP error
119  if ( headers_sent() ) {
120  echo "Headers already sent, terminating.\n";
121  return false;
122  }
123 
124  // Send additional headers
125  foreach ( $headers as $header ) {
126  header( $header );
127  }
128 
129  // Don't send if client has up to date cache
130  if ( !empty( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
131  $modsince = preg_replace( '/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
132  if ( wfTimestamp( TS_UNIX, $info['mtime'] ) <= strtotime( $modsince ) ) {
133  ini_set( 'zlib.output_compression', 0 );
134  header( "HTTP/1.0 304 Not Modified" );
135  return self::NOT_MODIFIED; // ok
136  }
137  }
138 
139  header( 'Content-Length: ' . $info['size'] );
140 
141  return self::READY_STREAM; // ok
142  }
143 
151  public static function contentTypeFromPath( $filename, $safe = true ) {
153 
154  $ext = strrchr( $filename, '.' );
155  $ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
156 
157  # trivial detection by file extension,
158  # used for thumbnails (thumb.php)
159  if ( $wgTrivialMimeDetection ) {
160  switch ( $ext ) {
161  case 'gif': return 'image/gif';
162  case 'png': return 'image/png';
163  case 'jpg': return 'image/jpeg';
164  case 'jpeg': return 'image/jpeg';
165  }
166 
167  return 'unknown/unknown';
168  }
169 
170  $magic = MimeMagic::singleton();
171  // Use the extension only, rather than magic numbers, to avoid opening
172  // up vulnerabilities due to uploads of files with allowed extensions
173  // but disallowed types.
174  $type = $magic->guessTypesForExtension( $ext );
175 
180  if ( $safe ) {
181  global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
182  $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
183  list( , $extList ) = UploadBase::splitExtensions( $filename );
184  if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
185  return 'unknown/unknown';
186  }
187  if ( $wgCheckFileExtensions && $wgStrictFileExtensions
189  ) {
190  return 'unknown/unknown';
191  }
192  if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
193  return 'unknown/unknown';
194  }
195  }
196  return $type;
197  }
198 }
wfResetOutputBuffers
wfResetOutputBuffers( $resetGzipEncoding=true)
Clear away any user-level output buffers, discarding contents.
Definition: GlobalFunctions.php:2226
php
skin txt MediaWiki includes four core it has been set as the default in MediaWiki since the replacing Monobook it had been been the default skin since before being replaced by Vector largely rewritten in while keeping its appearance Several legacy skins were removed in the as the burden of supporting them became too heavy to bear Those in etc for skin dependent CSS etc for skin dependent JavaScript These can also be customised on a per user by etc This feature has led to a wide variety of user styles becoming that gallery is a good place to ending in php
Definition: skin.txt:62
StreamFile\contentTypeFromPath
static contentTypeFromPath( $filename, $safe=true)
Determine the file type of a file based on the path.
Definition: StreamFile.php:151
StreamFile\NOT_MODIFIED
const NOT_MODIFIED
Definition: StreamFile.php:28
wfTimestamp
wfTimestamp( $outputtype=TS_UNIX, $ts=0)
Get a timestamp string in one of various formats.
Definition: GlobalFunctions.php:2483
UploadBase\checkFileExtensionList
static checkFileExtensionList( $ext, $list)
Perform case-insensitive match against a list of file extensions.
Definition: UploadBase.php:928
wfProfileIn
wfProfileIn( $functionname)
Begin profiling of a function.
Definition: Profiler.php:33
wfSuppressWarnings
wfSuppressWarnings( $end=false)
Reference-counted warning suppression.
Definition: GlobalFunctions.php:2387
$fname
if(!defined( 'MEDIAWIKI')) $fname
This file is not a valid entry point, perform no further processing unless MEDIAWIKI is defined.
Definition: Setup.php:35
$wgTrivialMimeDetection
$wgTrivialMimeDetection
Definition: thumb.php:28
StreamFile\stream
static stream( $fname, $headers=array(), $sendErrors=true)
Stream a file to the browser, adding all the headings and fun stuff.
Definition: StreamFile.php:41
MWException
MediaWiki exception.
Definition: MWException.php:26
wfRestoreWarnings
wfRestoreWarnings()
Restore error level to previous value.
Definition: GlobalFunctions.php:2417
FileBackend\isStoragePath
static isStoragePath( $path)
Check if a given path is a "mwstore://" path.
Definition: FileBackend.php:1330
wfProfileOut
wfProfileOut( $functionname='missing')
Stop profiling of a function.
Definition: Profiler.php:46
StreamFile\READY_STREAM
const READY_STREAM
Definition: StreamFile.php:27
array
the array() calling protocol came about after MediaWiki 1.4rc1.
List of Api Query prop modules.
global
when a variable name is used in a it is silently declared as a new masking the global
Definition: design.txt:93
$wgFileExtensions
if(! $wgHtml5Version && $wgAllowRdfaAttributes) $wgFileExtensions
Definition: Setup.php:362
list
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
Definition: deferred.txt:11
$ok
$ok
Definition: UtfNormalTest.php:71
StreamFile
Functions related to the output of file content.
Definition: StreamFile.php:26
StreamFile\prepareForStream
static prepareForStream( $path, $info, $headers=array(), $sendErrors=true)
Call this function used in preparation before streaming a file.
Definition: StreamFile.php:81
UploadBase\splitExtensions
static splitExtensions( $filename)
Split a file into a base name and all dot-delimited 'extensions' on the end.
Definition: UploadBase.php:902
$ext
$ext
Definition: NoLocalSettings.php:34
TS_UNIX
const TS_UNIX
Unix time - the number of seconds since 1970-01-01 00:00:00 UTC.
Definition: GlobalFunctions.php:2426
$path
$path
Definition: NoLocalSettings.php:35
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
$res
$res
Definition: database.txt:21
TS_RFC2822
const TS_RFC2822
RFC 2822 format, for E-mail and HTTP headers.
Definition: GlobalFunctions.php:2441
$type
$type
Definition: testCompression.php:46