MediaWiki  master
StreamFile.php
Go to the documentation of this file.
1 <?php
2 
25 
29 class StreamFile {
30  // Do not send any HTTP headers unless requested by caller (e.g. body only)
33  // Do not try to tear down any PHP output buffers
36 
50  public static function stream(
51  $fname, $headers = [], $sendErrors = true, $optHeaders = [], $flags = 0
52  ) {
53  if ( FileBackend::isStoragePath( $fname ) ) {
54  throw new InvalidArgumentException( __FUNCTION__ . " given storage path '$fname'." );
55  }
56 
57  $streamer = new HTTPFileStreamer(
58  $fname,
59  [
60  'obResetFunc' => 'wfResetOutputBuffers',
61  'streamMimeFunc' => [ __CLASS__, 'contentTypeFromPath' ]
62  ]
63  );
64 
65  return $streamer->stream( $headers, $sendErrors, $optHeaders, $flags );
66  }
67 
75  public static function contentTypeFromPath( $filename, $safe = true ) {
76  $trivialMimeDetection = MediaWikiServices::getInstance()->getMainConfig()->get( 'TrivialMimeDetection' );
77 
78  $ext = strrchr( $filename, '.' );
79  $ext = $ext ? strtolower( substr( $ext, 1 ) ) : '';
80 
81  # trivial detection by file extension,
82  # used for thumbnails (thumb.php)
83  if ( $trivialMimeDetection ) {
84  switch ( $ext ) {
85  case 'gif':
86  return 'image/gif';
87  case 'png':
88  return 'image/png';
89  case 'jpg':
90  case 'jpeg':
91  return 'image/jpeg';
92  }
93 
94  return 'unknown/unknown';
95  }
96 
97  $magic = MediaWikiServices::getInstance()->getMimeAnalyzer();
98  // Use the extension only, rather than magic numbers, to avoid opening
99  // up vulnerabilities due to uploads of files with allowed extensions
100  // but disallowed types.
101  $type = $magic->getMimeTypeFromExtensionOrNull( $ext );
102 
107  if ( $safe ) {
108  $mainConfig = MediaWikiServices::getInstance()->getMainConfig();
109  $prohibitedFileExtensions = $mainConfig->get( 'ProhibitedFileExtensions' );
110  $checkFileExtensions = $mainConfig->get( 'CheckFileExtensions' );
111  $strictFileExtensions = $mainConfig->get( 'StrictFileExtensions' );
112  $fileExtensions = $mainConfig->get( 'FileExtensions' );
113  $verifyMimeType = $mainConfig->get( 'VerifyMimeType' );
114  $mimeTypeExclusions = $mainConfig->get( 'MimeTypeExclusions' );
115  list( , $extList ) = UploadBase::splitExtensions( $filename );
116  if ( UploadBase::checkFileExtensionList( $extList, $prohibitedFileExtensions ) ) {
117  return 'unknown/unknown';
118  }
119  if ( $checkFileExtensions && $strictFileExtensions
120  && !UploadBase::checkFileExtensionList( $extList, $fileExtensions )
121  ) {
122  return 'unknown/unknown';
123  }
124  if ( $verifyMimeType && in_array( strtolower( $type ), $mimeTypeExclusions ) ) {
125  return 'unknown/unknown';
126  }
127  }
128  return $type;
129  }
130 }
StreamFile\contentTypeFromPath
static contentTypeFromPath( $filename, $safe=true)
Determine the file type of a file based on the path.
Definition: StreamFile.php:75
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition: MediaWikiServices.php:203
UploadBase\checkFileExtensionList
static checkFileExtensionList( $ext, $list)
Perform case-insensitive match against a list of file extensions.
Definition: UploadBase.php:1261
StreamFile\stream
static stream( $fname, $headers=[], $sendErrors=true, $optHeaders=[], $flags=0)
Stream a file to the browser, adding all the headings and fun stuff.
Definition: StreamFile.php:50
HTTPFileStreamer
Functions related to the output of file content.
Definition: HTTPFileStreamer.php:31
FileBackend\isStoragePath
static isStoragePath( $path)
Check if a given path is a "mwstore://" path.
Definition: FileBackend.php:1510
HTTPFileStreamer\STREAM_ALLOW_OB
const STREAM_ALLOW_OB
Definition: HTTPFileStreamer.php:42
StreamFile
Functions related to the output of file content.
Definition: StreamFile.php:29
HTTPFileStreamer\STREAM_HEADLESS
const STREAM_HEADLESS
Definition: HTTPFileStreamer.php:40
UploadBase\splitExtensions
static splitExtensions( $filename)
Split a file into a base name and all dot-delimited 'extensions' on the end.
Definition: UploadBase.php:1234
$ext
if(!is_readable( $file)) $ext
Definition: router.php:48
StreamFile\STREAM_ALLOW_OB
const STREAM_ALLOW_OB
Definition: StreamFile.php:35
StreamFile\STREAM_HEADLESS
const STREAM_HEADLESS
Definition: StreamFile.php:32
$type
$type
Definition: testCompression.php:52