master/php/StreamFile_8php_source.html

<?php


namespace MediaWiki\Output;


use InvalidArgumentException;

use MediaWiki\Context\RequestContext;

use MediaWiki\MainConfigNames;

use MediaWiki\MediaWikiServices;

use MediaWiki\Upload\UploadBase;

use Wikimedia\FileBackend\FileBackend;

use Wikimedia\FileBackend\HTTPFileStreamer;


class StreamFile {


    private const UNKNOWN_CONTENT_TYPE = 'unknown/unknown';


    public static function stream(

        $fname,

        $headers = [],

        $sendErrors = true,

        $optHeaders = [],

        $flags = 0

    ) {

        if ( FileBackend::isStoragePath( $fname ) ) {

            throw new InvalidArgumentException( __FUNCTION__ . " given storage path '$fname'." );

        }


        $streamer = new HTTPFileStreamer(

            $fname,

            [

                'obResetFunc' => 'wfResetOutputBuffers',

                'streamMimeFunc' => [ self::class, 'contentTypeFromPath' ],

                'headerFunc' => [ self::class, 'setHeader' ],

            ]

        );


        return $streamer->stream( $headers, $sendErrors, $optHeaders, $flags );

    }


    public static function setHeader( $header ) {

        RequestContext::getMain()->getRequest()->response()->header( $header );

    }


    public static function contentTypeFromPath( $filename, $safe = true ) {

        // NOTE: TrivialMimeDetection is forced by ThumbnailEntryPoint. When this

        // code is moved to a non-static method in a service object, we can no

        // longer rely on that.

        $trivialMimeDetection = MediaWikiServices::getInstance()->getMainConfig()

            ->get( MainConfigNames::TrivialMimeDetection );


        $ext = strrchr( $filename, '.' );

        $ext = $ext ? strtolower( substr( $ext, 1 ) ) : '';


        # trivial detection by file extension,

        # used for thumbnails (thumb.php)

        if ( $trivialMimeDetection ) {

            switch ( $ext ) {

                case 'gif':

                    return 'image/gif';

                case 'png':

                    return 'image/png';

                case 'jpg':

                case 'jpeg':

                    return 'image/jpeg';

                case 'webp':

                    return 'image/webp';

            }


            return self::UNKNOWN_CONTENT_TYPE;

        }


        $magic = MediaWikiServices::getInstance()->getMimeAnalyzer();

        // Use the extension only, rather than magic numbers, to avoid opening

        // up vulnerabilities due to uploads of files with allowed extensions

        // but disallowed types.

        $type = $magic->getMimeTypeFromExtensionOrNull( $ext );


        if ( $safe ) {

            $mainConfig = MediaWikiServices::getInstance()->getMainConfig();

            $prohibitedFileExtensions = $mainConfig->get( MainConfigNames::ProhibitedFileExtensions );

            $checkFileExtensions = $mainConfig->get( MainConfigNames::CheckFileExtensions );

            $strictFileExtensions = $mainConfig->get( MainConfigNames::StrictFileExtensions );

            $fileExtensions = $mainConfig->get( MainConfigNames::FileExtensions );

            $verifyMimeType = $mainConfig->get( MainConfigNames::VerifyMimeType );

            $mimeTypeExclusions = $mainConfig->get( MainConfigNames::MimeTypeExclusions );

            [ , $extList ] = UploadBase::splitExtensions( $filename );

            if ( UploadBase::checkFileExtensionList( $extList, $prohibitedFileExtensions ) ) {

                return self::UNKNOWN_CONTENT_TYPE;

            }

            if (

                $checkFileExtensions &&

                $strictFileExtensions &&

                !UploadBase::checkFileExtensionList( $extList, $fileExtensions )

            ) {

                return self::UNKNOWN_CONTENT_TYPE;

            }

            if ( $verifyMimeType && $type !== null && in_array( strtolower( $type ), $mimeTypeExclusions ) ) {

                return self::UNKNOWN_CONTENT_TYPE;

            }

        }

        return $type;

    }


}


class_alias( StreamFile::class, 'StreamFile' );

MediaWiki\Context\RequestContext
Group all the pieces relevant to the context of a request into one instance.
Definition RequestContext.php:53

MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22

MediaWiki\MainConfigNames\MimeTypeExclusions
const MimeTypeExclusions
Name constant for the MimeTypeExclusions setting, for use with Config::get()
Definition MainConfigNames.php:492

MediaWiki\MainConfigNames\ProhibitedFileExtensions
const ProhibitedFileExtensions
Name constant for the ProhibitedFileExtensions setting, for use with Config::get()
Definition MainConfigNames.php:486

MediaWiki\MainConfigNames\TrivialMimeDetection
const TrivialMimeDetection
Name constant for the TrivialMimeDetection setting, for use with Config::get()
Definition MainConfigNames.php:768

MediaWiki\MainConfigNames\VerifyMimeType
const VerifyMimeType
Name constant for the VerifyMimeType setting, for use with Config::get()
Definition MainConfigNames.php:744

MediaWiki\MainConfigNames\StrictFileExtensions
const StrictFileExtensions
Name constant for the StrictFileExtensions setting, for use with Config::get()
Definition MainConfigNames.php:504

MediaWiki\MainConfigNames\FileExtensions
const FileExtensions
Name constant for the FileExtensions setting, for use with Config::get()
Definition MainConfigNames.php:480

MediaWiki\MainConfigNames\CheckFileExtensions
const CheckFileExtensions
Name constant for the CheckFileExtensions setting, for use with Config::get()
Definition MainConfigNames.php:498

MediaWiki\MediaWikiServices
Service locator for MediaWiki core services.
Definition MediaWikiServices.php:257

MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition MediaWikiServices.php:345

MediaWiki\Output\StreamFile
Functions related to the output of file content.
Definition StreamFile.php:23

MediaWiki\Output\StreamFile\setHeader
static setHeader( $header)
Definition StreamFile.php:67

MediaWiki\Output\StreamFile\contentTypeFromPath
static contentTypeFromPath( $filename, $safe=true)
Determine the file type of a file based on the path.
Definition StreamFile.php:78

MediaWiki\Output\StreamFile\stream
static stream( $fname, $headers=[], $sendErrors=true, $optHeaders=[], $flags=0)
Stream a file to the browser, adding all the headings and fun stuff.
Definition StreamFile.php:39

MediaWiki\Upload\UploadBase
UploadBase and subclasses are the backend of MediaWiki's file uploads.
Definition UploadBase.php:62

Wikimedia\FileBackend\FileBackend
Base class for all file backend classes (including multi-write backends).
Definition FileBackend.php:98

Wikimedia\FileBackend\FileBackend\isStoragePath
static isStoragePath( $path)
Check if a given path is a "mwstore://" path.
Definition FileBackend.php:1564

Wikimedia\FileBackend\HTTPFileStreamer
Functions related to the output of file content.
Definition HTTPFileStreamer.php:21

MediaWiki\Output