MediaWiki  master
StreamFile.php
Go to the documentation of this file.
1 <?php
26 class StreamFile {
27  // Do not send any HTTP headers unless requested by caller (e.g. body only)
30  // Do not try to tear down any PHP output buffers
33 
47  public static function stream(
48  $fname, $headers = [], $sendErrors = true, $optHeaders = [], $flags = 0
49  ) {
50  if ( FileBackend::isStoragePath( $fname ) ) { // sanity
51  throw new InvalidArgumentException( __FUNCTION__ . " given storage path '$fname'." );
52  }
53 
54  $streamer = new HTTPFileStreamer(
55  $fname,
56  [
57  'obResetFunc' => 'wfResetOutputBuffers',
58  'streamMimeFunc' => [ __CLASS__, 'contentTypeFromPath' ]
59  ]
60  );
61 
62  return $streamer->stream( $headers, $sendErrors, $optHeaders, $flags );
63  }
64 
73  public static function send404Message( $fname, $flags = 0 ) {
74  wfDeprecated( __METHOD__, '1.34' );
75  HTTPFileStreamer::send404Message( $fname, $flags );
76  }
77 
87  public static function parseRange( $range, $size ) {
88  wfDeprecated( __METHOD__, '1.34' );
89  return HTTPFileStreamer::parseRange( $range, $size );
90  }
91 
99  public static function contentTypeFromPath( $filename, $safe = true ) {
101 
102  $ext = strrchr( $filename, '.' );
103  $ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
104 
105  # trivial detection by file extension,
106  # used for thumbnails (thumb.php)
107  if ( $wgTrivialMimeDetection ) {
108  switch ( $ext ) {
109  case 'gif':
110  return 'image/gif';
111  case 'png':
112  return 'image/png';
113  case 'jpg':
114  case 'jpeg':
115  return 'image/jpeg';
116  }
117 
118  return 'unknown/unknown';
119  }
120 
121  $magic = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer();
122  // Use the extension only, rather than magic numbers, to avoid opening
123  // up vulnerabilities due to uploads of files with allowed extensions
124  // but disallowed types.
125  $type = $magic->guessTypesForExtension( $ext );
126 
131  if ( $safe ) {
134  list( , $extList ) = UploadBase::splitExtensions( $filename );
135  if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
136  return 'unknown/unknown';
137  }
138  if ( $wgCheckFileExtensions && $wgStrictFileExtensions
139  && !UploadBase::checkFileExtensionList( $extList, $wgFileExtensions )
140  ) {
141  return 'unknown/unknown';
142  }
143  if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
144  return 'unknown/unknown';
145  }
146  }
147  return $type;
148  }
149 }
$wgStrictFileExtensions
If this is turned off, users may override the warning for files not covered by $wgFileExtensions.
Functions related to the output of file content.
Definition: StreamFile.php:26
const STREAM_ALLOW_OB
Definition: StreamFile.php:32
static send404Message( $fname, $flags=0)
Send out a standard 404 message for a file.
Definition: StreamFile.php:73
static splitExtensions( $filename)
Split a file into a base name and all dot-delimited &#39;extensions&#39; on the end.
static getInstance()
Returns the global default instance of the top level service locator.
static parseRange( $range, $size)
Convert a Range header value to an absolute (start, end) range tuple.
static isStoragePath( $path)
Check if a given path is a "mwstore://" path.
$wgCheckFileExtensions
This is a flag to determine whether or not to check file extensions on upload.
Functions related to the output of file content.
const STREAM_HEADLESS
Definition: StreamFile.php:29
static send404Message( $fname, $flags=0)
Send out a standard 404 message for a file.
static stream( $fname, $headers=[], $sendErrors=true, $optHeaders=[], $flags=0)
Stream a file to the browser, adding all the headings and fun stuff.
Definition: StreamFile.php:47
$wgFileExtensions
This is the list of preferred extensions for uploading files.
$wgTrivialMimeDetection
Switch for trivial MIME detection.
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
if(!is_readable( $file)) $ext
Definition: router.php:48
static checkFileExtensionList( $ext, $list)
Perform case-insensitive match against a list of file extensions.
static contentTypeFromPath( $filename, $safe=true)
Determine the file type of a file based on the path.
Definition: StreamFile.php:99
static parseRange( $range, $size)
Convert a Range header value to an absolute (start, end) range tuple.
Definition: StreamFile.php:87
$wgMimeTypeBlacklist
Files with these MIME types will never be allowed as uploads if $wgVerifyMimeType is enabled...
$wgVerifyMimeType
Determines if the MIME type of uploaded files should be checked.
$wgFileBlacklist
Files with these extensions will never be allowed as uploads.