MediaWiki  master
StreamFile.php
Go to the documentation of this file.
1 <?php
26 class StreamFile {
27  // Do not send any HTTP headers unless requested by caller (e.g. body only)
29  const STREAM_HEADLESS = HTTPFileStreamer::STREAM_HEADLESS;
30  // Do not try to tear down any PHP output buffers
32  const STREAM_ALLOW_OB = HTTPFileStreamer::STREAM_ALLOW_OB;
33 
47  public static function stream(
48  $fname, $headers = [], $sendErrors = true, $optHeaders = [], $flags = 0
49  ) {
50  if ( FileBackend::isStoragePath( $fname ) ) { // sanity
51  throw new InvalidArgumentException( __FUNCTION__ . " given storage path '$fname'." );
52  }
53 
54  $streamer = new HTTPFileStreamer(
55  $fname,
56  [
57  'obResetFunc' => 'wfResetOutputBuffers',
58  'streamMimeFunc' => [ __CLASS__, 'contentTypeFromPath' ]
59  ]
60  );
61 
62  return $streamer->stream( $headers, $sendErrors, $optHeaders, $flags );
63  }
64 
73  public static function send404Message( $fname, $flags = 0 ) {
74  wfDeprecated( __METHOD__, '1.34' );
75  HTTPFileStreamer::send404Message( $fname, $flags );
76  }
77 
87  public static function parseRange( $range, $size ) {
88  wfDeprecated( __METHOD__, '1.34' );
89  return HTTPFileStreamer::parseRange( $range, $size );
90  }
91 
99  public static function contentTypeFromPath( $filename, $safe = true ) {
100  global $wgTrivialMimeDetection;
101 
102  $ext = strrchr( $filename, '.' );
103  $ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
104 
105  # trivial detection by file extension,
106  # used for thumbnails (thumb.php)
107  if ( $wgTrivialMimeDetection ) {
108  switch ( $ext ) {
109  case 'gif':
110  return 'image/gif';
111  case 'png':
112  return 'image/png';
113  case 'jpg':
114  case 'jpeg':
115  return 'image/jpeg';
116  }
117 
118  return 'unknown/unknown';
119  }
120 
121  $magic = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer();
122  // Use the extension only, rather than magic numbers, to avoid opening
123  // up vulnerabilities due to uploads of files with allowed extensions
124  // but disallowed types.
125  $type = $magic->guessTypesForExtension( $ext );
126 
131  if ( $safe ) {
132  global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
133  $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
134  list( , $extList ) = UploadBase::splitExtensions( $filename );
135  if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
136  return 'unknown/unknown';
137  }
138  if ( $wgCheckFileExtensions && $wgStrictFileExtensions
139  && !UploadBase::checkFileExtensionList( $extList, $wgFileExtensions )
140  ) {
141  return 'unknown/unknown';
142  }
143  if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
144  return 'unknown/unknown';
145  }
146  }
147  return $type;
148  }
149 }
$wgStrictFileExtensions
$wgStrictFileExtensions
If this is turned off, users may override the warning for files not covered by $wgFileExtensions.
Definition: DefaultSettings.php:997
StreamFile
Functions related to the output of file content.
Definition: StreamFile.php:26
StreamFile\STREAM_ALLOW_OB
const STREAM_ALLOW_OB
Definition: StreamFile.php:32
StreamFile\send404Message
static send404Message( $fname, $flags=0)
Send out a standard 404 message for a file.
Definition: StreamFile.php:73
UploadBase\splitExtensions
static splitExtensions( $filename)
Split a file into a base name and all dot-delimited &#39;extensions&#39; on the end.
Definition: UploadBase.php:1195
MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition: MediaWikiServices.php:140
HTTPFileStreamer\parseRange
static parseRange( $range, $size)
Convert a Range header value to an absolute (start, end) range tuple.
Definition: HTTPFileStreamer.php:227
FileBackend\isStoragePath
static isStoragePath( $path)
Check if a given path is a "mwstore://" path.
Definition: FileBackend.php:1508
$wgCheckFileExtensions
$wgCheckFileExtensions
This is a flag to determine whether or not to check file extensions on upload.
Definition: DefaultSettings.php:989
HTTPFileStreamer
Functions related to the output of file content.
Definition: HTTPFileStreamer.php:31
StreamFile\STREAM_HEADLESS
const STREAM_HEADLESS
Definition: StreamFile.php:29
HTTPFileStreamer\send404Message
static send404Message( $fname, $flags=0)
Send out a standard 404 message for a file.
Definition: HTTPFileStreamer.php:203
StreamFile\stream
static stream( $fname, $headers=[], $sendErrors=true, $optHeaders=[], $flags=0)
Stream a file to the browser, adding all the headings and fun stuff.
Definition: StreamFile.php:47
$wgFileExtensions
$wgFileExtensions
This is the list of preferred extensions for uploading files.
Definition: DefaultSettings.php:943
$wgTrivialMimeDetection
$wgTrivialMimeDetection
Switch for trivial MIME detection.
Definition: DefaultSettings.php:1440
wfDeprecated
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
Definition: GlobalFunctions.php:1044
$ext
if(!is_readable( $file)) $ext
Definition: router.php:48
UploadBase\checkFileExtensionList
static checkFileExtensionList( $ext, $list)
Perform case-insensitive match against a list of file extensions.
Definition: UploadBase.php:1222
StreamFile\contentTypeFromPath
static contentTypeFromPath( $filename, $safe=true)
Determine the file type of a file based on the path.
Definition: StreamFile.php:99
StreamFile\parseRange
static parseRange( $range, $size)
Convert a Range header value to an absolute (start, end) range tuple.
Definition: StreamFile.php:87
$wgMimeTypeBlacklist
$wgMimeTypeBlacklist
Files with these MIME types will never be allowed as uploads if $wgVerifyMimeType is enabled...
Definition: DefaultSettings.php:964
$wgVerifyMimeType
$wgVerifyMimeType
Determines if the MIME type of uploaded files should be checked.
Definition: DefaultSettings.php:1397
$wgFileBlacklist
$wgFileBlacklist
Files with these extensions will never be allowed as uploads.
Definition: DefaultSettings.php:950