MediaWiki REL1_34
StreamFile.php
Go to the documentation of this file.
1<?php
26class StreamFile {
27 // Do not send any HTTP headers unless requested by caller (e.g. body only)
29 const STREAM_HEADLESS = HTTPFileStreamer::STREAM_HEADLESS;
30 // Do not try to tear down any PHP output buffers
32 const STREAM_ALLOW_OB = HTTPFileStreamer::STREAM_ALLOW_OB;
33
47 public static function stream(
48 $fname, $headers = [], $sendErrors = true, $optHeaders = [], $flags = 0
49 ) {
50 if ( FileBackend::isStoragePath( $fname ) ) { // sanity
51 throw new InvalidArgumentException( __FUNCTION__ . " given storage path '$fname'." );
52 }
53
54 $streamer = new HTTPFileStreamer(
55 $fname,
56 [
57 'obResetFunc' => 'wfResetOutputBuffers',
58 'streamMimeFunc' => [ __CLASS__, 'contentTypeFromPath' ]
59 ]
60 );
61
62 return $streamer->stream( $headers, $sendErrors, $optHeaders, $flags );
63 }
64
73 public static function send404Message( $fname, $flags = 0 ) {
74 wfDeprecated( __METHOD__, '1.34' );
75 HTTPFileStreamer::send404Message( $fname, $flags );
76 }
77
87 public static function parseRange( $range, $size ) {
88 wfDeprecated( __METHOD__, '1.34' );
89 return HTTPFileStreamer::parseRange( $range, $size );
90 }
91
99 public static function contentTypeFromPath( $filename, $safe = true ) {
100 global $wgTrivialMimeDetection;
101
102 $ext = strrchr( $filename, '.' );
103 $ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
104
105 # trivial detection by file extension,
106 # used for thumbnails (thumb.php)
107 if ( $wgTrivialMimeDetection ) {
108 switch ( $ext ) {
109 case 'gif':
110 return 'image/gif';
111 case 'png':
112 return 'image/png';
113 case 'jpg':
114 case 'jpeg':
115 return 'image/jpeg';
116 }
117
118 return 'unknown/unknown';
119 }
120
121 $magic = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer();
122 // Use the extension only, rather than magic numbers, to avoid opening
123 // up vulnerabilities due to uploads of files with allowed extensions
124 // but disallowed types.
125 $type = $magic->guessTypesForExtension( $ext );
126
131 if ( $safe ) {
132 global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
133 $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
134 list( , $extList ) = UploadBase::splitExtensions( $filename );
135 if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
136 return 'unknown/unknown';
137 }
138 if ( $wgCheckFileExtensions && $wgStrictFileExtensions
139 && !UploadBase::checkFileExtensionList( $extList, $wgFileExtensions )
140 ) {
141 return 'unknown/unknown';
142 }
143 if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
144 return 'unknown/unknown';
145 }
146 }
147 return $type;
148 }
149}
$wgFileExtensions
$wgFileExtensions
This is the list of preferred extensions for uploading files.
Definition DefaultSettings.php:963
$wgCheckFileExtensions
$wgCheckFileExtensions
This is a flag to determine whether or not to check file extensions on upload.
Definition DefaultSettings.php:1009
$wgVerifyMimeType
$wgVerifyMimeType
Determines if the MIME type of uploaded files should be checked.
Definition DefaultSettings.php:1417
$wgFileBlacklist
$wgFileBlacklist
Files with these extensions will never be allowed as uploads.
Definition DefaultSettings.php:970
$wgStrictFileExtensions
$wgStrictFileExtensions
If this is turned off, users may override the warning for files not covered by $wgFileExtensions.
Definition DefaultSettings.php:1017
$wgMimeTypeBlacklist
$wgMimeTypeBlacklist
Files with these MIME types will never be allowed as uploads if $wgVerifyMimeType is enabled.
Definition DefaultSettings.php:984
$wgTrivialMimeDetection
$wgTrivialMimeDetection
Switch for trivial MIME detection.
Definition DefaultSettings.php:1460
wfDeprecated
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
Definition GlobalFunctions.php:1044
FileBackend\isStoragePath
static isStoragePath( $path)
Check if a given path is a "mwstore://" path.
Definition FileBackend.php:1508
HTTPFileStreamer
Functions related to the output of file content.
Definition HTTPFileStreamer.php:31
HTTPFileStreamer\send404Message
static send404Message( $fname, $flags=0)
Send out a standard 404 message for a file.
Definition HTTPFileStreamer.php:203
HTTPFileStreamer\parseRange
static parseRange( $range, $size)
Convert a Range header value to an absolute (start, end) range tuple.
Definition HTTPFileStreamer.php:227
StreamFile
Functions related to the output of file content.
Definition StreamFile.php:26
StreamFile\contentTypeFromPath
static contentTypeFromPath( $filename, $safe=true)
Determine the file type of a file based on the path.
Definition StreamFile.php:99
StreamFile\parseRange
static parseRange( $range, $size)
Convert a Range header value to an absolute (start, end) range tuple.
Definition StreamFile.php:87
StreamFile\STREAM_HEADLESS
const STREAM_HEADLESS
Definition StreamFile.php:29
StreamFile\STREAM_ALLOW_OB
const STREAM_ALLOW_OB
Definition StreamFile.php:32
StreamFile\stream
static stream( $fname, $headers=[], $sendErrors=true, $optHeaders=[], $flags=0)
Stream a file to the browser, adding all the headings and fun stuff.
Definition StreamFile.php:47
StreamFile\send404Message
static send404Message( $fname, $flags=0)
Send out a standard 404 message for a file.
Definition StreamFile.php:73
UploadBase\splitExtensions
static splitExtensions( $filename)
Split a file into a base name and all dot-delimited 'extensions' on the end.
Definition UploadBase.php:1200
UploadBase\checkFileExtensionList
static checkFileExtensionList( $ext, $list)
Perform case-insensitive match against a list of file extensions.
Definition UploadBase.php:1227
$ext
if(!is_readable( $file)) $ext
Definition router.php:48