MediaWiki  master
StreamFile.php
Go to the documentation of this file.
1 <?php
26 class StreamFile {
27  // Do not send any HTTP headers unless requested by caller (e.g. body only)
29  public const STREAM_HEADLESS = HTTPFileStreamer::STREAM_HEADLESS;
30  // Do not try to tear down any PHP output buffers
32  public const STREAM_ALLOW_OB = HTTPFileStreamer::STREAM_ALLOW_OB;
33 
47  public static function stream(
48  $fname, $headers = [], $sendErrors = true, $optHeaders = [], $flags = 0
49  ) {
50  if ( FileBackend::isStoragePath( $fname ) ) { // sanity
51  throw new InvalidArgumentException( __FUNCTION__ . " given storage path '$fname'." );
52  }
53 
54  $streamer = new HTTPFileStreamer(
55  $fname,
56  [
57  'obResetFunc' => 'wfResetOutputBuffers',
58  'streamMimeFunc' => [ __CLASS__, 'contentTypeFromPath' ]
59  ]
60  );
61 
62  return $streamer->stream( $headers, $sendErrors, $optHeaders, $flags );
63  }
64 
72  public static function contentTypeFromPath( $filename, $safe = true ) {
73  global $wgTrivialMimeDetection;
74 
75  $ext = strrchr( $filename, '.' );
76  $ext = $ext ? strtolower( substr( $ext, 1 ) ) : '';
77 
78  # trivial detection by file extension,
79  # used for thumbnails (thumb.php)
80  if ( $wgTrivialMimeDetection ) {
81  switch ( $ext ) {
82  case 'gif':
83  return 'image/gif';
84  case 'png':
85  return 'image/png';
86  case 'jpg':
87  case 'jpeg':
88  return 'image/jpeg';
89  }
90 
91  return 'unknown/unknown';
92  }
93 
94  $magic = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer();
95  // Use the extension only, rather than magic numbers, to avoid opening
96  // up vulnerabilities due to uploads of files with allowed extensions
97  // but disallowed types.
98  $type = $magic->getMimeTypeFromExtensionOrNull( $ext );
99 
104  if ( $safe ) {
105  global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
106  $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
107  list( , $extList ) = UploadBase::splitExtensions( $filename );
108  if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
109  return 'unknown/unknown';
110  }
111  if ( $wgCheckFileExtensions && $wgStrictFileExtensions
112  && !UploadBase::checkFileExtensionList( $extList, $wgFileExtensions )
113  ) {
114  return 'unknown/unknown';
115  }
116  if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
117  return 'unknown/unknown';
118  }
119  }
120  return $type;
121  }
122 }
$wgFileBlacklist
$wgFileBlacklist
Files with these extensions will never be allowed as uploads.
Definition: DefaultSettings.php:1029
StreamFile\contentTypeFromPath
static contentTypeFromPath( $filename, $safe=true)
Determine the file type of a file based on the path.
Definition: StreamFile.php:72
UploadBase\checkFileExtensionList
static checkFileExtensionList( $ext, $list)
Perform case-insensitive match against a list of file extensions.
Definition: UploadBase.php:1276
$wgFileExtensions
$wgFileExtensions
This is the list of preferred extensions for uploading files.
Definition: DefaultSettings.php:1022
$wgMimeTypeBlacklist
$wgMimeTypeBlacklist
Files with these MIME types will never be allowed as uploads if $wgVerifyMimeType is enabled.
Definition: DefaultSettings.php:1044
$wgStrictFileExtensions
$wgStrictFileExtensions
If this is turned off, users may override the warning for files not covered by $wgFileExtensions.
Definition: DefaultSettings.php:1077
StreamFile\stream
static stream( $fname, $headers=[], $sendErrors=true, $optHeaders=[], $flags=0)
Stream a file to the browser, adding all the headings and fun stuff.
Definition: StreamFile.php:47
HTTPFileStreamer
Functions related to the output of file content.
Definition: HTTPFileStreamer.php:31
MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition: MediaWikiServices.php:227
FileBackend\isStoragePath
static isStoragePath( $path)
Check if a given path is a "mwstore://" path.
Definition: FileBackend.php:1528
HTTPFileStreamer\STREAM_ALLOW_OB
const STREAM_ALLOW_OB
Definition: HTTPFileStreamer.php:42
StreamFile
Functions related to the output of file content.
Definition: StreamFile.php:26
HTTPFileStreamer\STREAM_HEADLESS
const STREAM_HEADLESS
Definition: HTTPFileStreamer.php:40
$wgTrivialMimeDetection
$wgTrivialMimeDetection
Switch for trivial MIME detection.
Definition: DefaultSettings.php:1531
UploadBase\splitExtensions
static splitExtensions( $filename)
Split a file into a base name and all dot-delimited 'extensions' on the end.
Definition: UploadBase.php:1249
$wgVerifyMimeType
$wgVerifyMimeType
Determines if the MIME type of uploaded files should be checked.
Definition: DefaultSettings.php:1484
$ext
if(!is_readable( $file)) $ext
Definition: router.php:48
StreamFile\STREAM_ALLOW_OB
const STREAM_ALLOW_OB
Definition: StreamFile.php:32
$wgCheckFileExtensions
$wgCheckFileExtensions
This is a flag to determine whether or not to check file extensions on upload.
Definition: DefaultSettings.php:1069
StreamFile\STREAM_HEADLESS
const STREAM_HEADLESS
Definition: StreamFile.php:29
$type
$type
Definition: testCompression.php:52