MediaWiki master
ZipDirectoryReader.php
Go to the documentation of this file.
1<?php
23use MediaWiki\Status\Status;
24
32class ZipDirectoryReader {
90 public static function read( $fileName, $callback, $options = [] ) {
91 $file = fopen( $fileName, 'r' );
92 $zdr = new self( $file, $callback, $options );
93 return $zdr->execute();
94 }
95
107 public static function readHandle( $file, $callback, $options = [] ) {
108 $zdr = new self( $file, $callback, $options );
109 return $zdr->execute();
110 }
111
113 protected $file;
114
116 protected $fileLength;
117
119 protected $buffer;
120
122 protected $callback;
123
125 protected $zip64 = false;
126
128 protected $eocdr;
130 protected $eocdr64;
132 protected $eocdr64Locator;
133
135 private const ZIP64_EXTRA_HEADER = 0x0001;
136
138 private const SEGSIZE = 16384;
139
141 private const GENERAL_UTF8 = 11;
142
144 private const GENERAL_CD_ENCRYPTED = 13;
145
151 protected function __construct( $file, $callback, $options ) {
152 $this->file = $file;
153 $this->callback = $callback;
154
155 if ( isset( $options['zip64'] ) ) {
156 $this->zip64 = $options['zip64'];
157 }
158 }
159
165 private function execute() {
166 if ( !$this->file ) {
167 return Status::newFatal( 'zip-file-open-error' );
168 }
169
170 $status = Status::newGood();
171 try {
172 $this->readEndOfCentralDirectoryRecord();
173 if ( $this->zip64 ) {
174 [ $offset, $size ] = $this->findZip64CentralDirectory();
175 $this->readCentralDirectory( $offset, $size );
176 } else {
177 if ( $this->eocdr['CD size'] == 0xffffffff
178 || $this->eocdr['CD offset'] == 0xffffffff
179 || $this->eocdr['CD entries total'] == 0xffff
180 ) {
181 $this->error( 'zip-unsupported', 'Central directory header indicates ZIP64, ' .
182 'but we are in legacy mode. Rejecting this upload is necessary to avoid ' .
183 'opening vulnerabilities on clients using OpenJDK 7 or later.' );
184 }
185
186 [ $offset, $size ] = $this->findOldCentralDirectory();
187 $this->readCentralDirectory( $offset, $size );
188 }
189 } catch ( ZipDirectoryReaderError $e ) {
190 $status->fatal( $e->getErrorCode() );
191 }
192
193 fclose( $this->file );
194
195 return $status;
196 }
197
205 private function error( $code, $debugMessage ) {
206 wfDebug( __CLASS__ . ": Fatal error: $debugMessage" );
207 throw new ZipDirectoryReaderError( $code );
208 }
209
215 private function readEndOfCentralDirectoryRecord() {
216 $info = [
217 'signature' => 4,
218 'disk' => 2,
219 'CD start disk' => 2,
220 'CD entries this disk' => 2,
221 'CD entries total' => 2,
222 'CD size' => 4,
223 'CD offset' => 4,
224 'file comment length' => 2,
225 ];
226 $structSize = $this->getStructSize( $info );
227 $startPos = $this->getFileLength() - 65536 - $structSize;
228 if ( $startPos < 0 ) {
229 $startPos = 0;
230 }
231
232 if ( $this->getFileLength() === 0 ) {
233 $this->error( 'zip-wrong-format', "The file is empty." );
234 }
235
236 $block = $this->getBlock( $startPos );
237 $sigPos = strrpos( $block, "PK\x05\x06" );
238 if ( $sigPos === false ) {
239 $this->error( 'zip-wrong-format',
240 "zip file lacks EOCDR signature. It probably isn't a zip file." );
241 }
242
243 $this->eocdr = $this->unpack( substr( $block, $sigPos ), $info );
244 $this->eocdr['EOCDR size'] = $structSize + $this->eocdr['file comment length'];
245
246 if ( $structSize + $this->eocdr['file comment length'] != strlen( $block ) - $sigPos ) {
247 // T40432: MS binary documents frequently embed ZIP files
248 $this->error( 'zip-wrong-format', 'there is a ZIP signature but it is not at ' .
249 'the end of the file. It could be an OLE file with a ZIP file embedded.' );
250 }
251 if ( $this->eocdr['disk'] !== 0
252 || $this->eocdr['CD start disk'] !== 0
253 ) {
254 $this->error( 'zip-unsupported', 'more than one disk (in EOCDR)' );
255 }
256 $this->eocdr += $this->unpack(
257 $block,
258 [ 'file comment' => [ 'string', $this->eocdr['file comment length'] ] ],
259 $sigPos + $structSize );
260 $this->eocdr['position'] = $startPos + $sigPos;
261 }
262
267 private function readZip64EndOfCentralDirectoryLocator() {
268 $info = [
269 'signature' => [ 'string', 4 ],
270 'eocdr64 start disk' => 4,
271 'eocdr64 offset' => 8,
272 'number of disks' => 4,
273 ];
274 $structSize = $this->getStructSize( $info );
275
276 $start = $this->getFileLength() - $this->eocdr['EOCDR size'] - $structSize;
277 $block = $this->getBlock( $start, $structSize );
278 $this->eocdr64Locator = $data = $this->unpack( $block, $info );
279
280 if ( $data['signature'] !== "PK\x06\x07" ) {
281 // Note: Java will allow this and continue to read the
282 // EOCDR64, so we have to reject the upload, we can't
283 // just use the EOCDR header instead.
284 $this->error( 'zip-bad', 'wrong signature on Zip64 end of central directory locator' );
285 }
286 }
287
292 private function readZip64EndOfCentralDirectoryRecord() {
293 if ( $this->eocdr64Locator['eocdr64 start disk'] != 0
294 || $this->eocdr64Locator['number of disks'] != 0
295 ) {
296 $this->error( 'zip-unsupported', 'more than one disk (in EOCDR64 locator)' );
297 }
298
299 $info = [
300 'signature' => [ 'string', 4 ],
301 'EOCDR64 size' => 8,
302 'version made by' => 2,
303 'version needed' => 2,
304 'disk' => 4,
305 'CD start disk' => 4,
306 'CD entries this disk' => 8,
307 'CD entries total' => 8,
308 'CD size' => 8,
309 'CD offset' => 8
310 ];
311 $structSize = $this->getStructSize( $info );
312 $block = $this->getBlock( $this->eocdr64Locator['eocdr64 offset'], $structSize );
313 $this->eocdr64 = $data = $this->unpack( $block, $info );
314 if ( $data['signature'] !== "PK\x06\x06" ) {
315 $this->error( 'zip-bad', 'wrong signature on Zip64 end of central directory record' );
316 }
317 if ( $data['disk'] !== 0
318 || $data['CD start disk'] !== 0
319 ) {
320 $this->error( 'zip-unsupported', 'more than one disk (in EOCDR64)' );
321 }
322 }
323
330 private function findOldCentralDirectory() {
331 $size = $this->eocdr['CD size'];
332 $offset = $this->eocdr['CD offset'];
333 $endPos = $this->eocdr['position'];
334
335 // Some readers use the EOCDR position instead of the offset field
336 // to find the directory, so to be safe, we check if they both agree.
337 if ( $offset + $size != $endPos ) {
338 $this->error( 'zip-bad', 'the central directory does not immediately precede the end ' .
339 'of central directory record' );
340 }
341
342 return [ $offset, $size ];
343 }
344
351 private function findZip64CentralDirectory() {
352 // The spec is ambiguous about the exact rules of precedence between the
353 // ZIP64 headers and the original headers. Here we follow zip_util.c
354 // from OpenJDK 7.
355 $size = $this->eocdr['CD size'];
356 $offset = $this->eocdr['CD offset'];
357 $numEntries = $this->eocdr['CD entries total'];
358 $endPos = $this->eocdr['position'];
359 if ( $size == 0xffffffff
360 || $offset == 0xffffffff
361 || $numEntries == 0xffff
362 ) {
363 $this->readZip64EndOfCentralDirectoryLocator();
364
365 if ( isset( $this->eocdr64Locator['eocdr64 offset'] ) ) {
366 $this->readZip64EndOfCentralDirectoryRecord();
367 if ( isset( $this->eocdr64['CD offset'] ) ) {
368 $size = $this->eocdr64['CD size'];
369 $offset = $this->eocdr64['CD offset'];
370 $endPos = $this->eocdr64Locator['eocdr64 offset'];
371 }
372 }
373 }
374 // Some readers use the EOCDR position instead of the offset field
375 // to find the directory, so to be safe, we check if they both agree.
376 if ( $offset + $size != $endPos ) {
377 $this->error( 'zip-bad', 'the central directory does not immediately precede the end ' .
378 'of central directory record' );
379 }
380
381 return [ $offset, $size ];
382 }
383
389 private function readCentralDirectory( $offset, $size ) {
390 $block = $this->getBlock( $offset, $size );
391
392 $fixedInfo = [
393 'signature' => [ 'string', 4 ],
394 'version made by' => 2,
395 'version needed' => 2,
396 'general bits' => 2,
397 'compression method' => 2,
398 'mod time' => 2,
399 'mod date' => 2,
400 'crc-32' => 4,
401 'compressed size' => 4,
402 'uncompressed size' => 4,
403 'name length' => 2,
404 'extra field length' => 2,
405 'comment length' => 2,
406 'disk number start' => 2,
407 'internal attrs' => 2,
408 'external attrs' => 4,
409 'local header offset' => 4,
410 ];
411 $fixedSize = $this->getStructSize( $fixedInfo );
412
413 $pos = 0;
414 while ( $pos < $size ) {
415 $data = $this->unpack( $block, $fixedInfo, $pos );
416 $pos += $fixedSize;
417
418 if ( $data['signature'] !== "PK\x01\x02" ) {
419 $this->error( 'zip-bad', 'Invalid signature found in directory entry' );
420 }
421
422 $variableInfo = [
423 'name' => [ 'string', $data['name length'] ],
424 'extra field' => [ 'string', $data['extra field length'] ],
425 'comment' => [ 'string', $data['comment length'] ],
426 ];
427 $data += $this->unpack( $block, $variableInfo, $pos );
428 $pos += $this->getStructSize( $variableInfo );
429
430 if ( $this->zip64 && (
431 $data['compressed size'] == 0xffffffff
432 || $data['uncompressed size'] == 0xffffffff
433 || $data['local header offset'] == 0xffffffff )
434 ) {
435 $zip64Data = $this->unpackZip64Extra( $data['extra field'] );
436 if ( $zip64Data ) {
437 $data = $zip64Data + $data;
438 }
439 }
440
441 if ( $this->testBit( $data['general bits'], self::GENERAL_CD_ENCRYPTED ) ) {
442 $this->error( 'zip-unsupported', 'central directory encryption is not supported' );
443 }
444
445 // Convert the timestamp into MediaWiki format
446 // For the format, please see the MS-DOS 2.0 Programmer's Reference,
447 // pages 3-5 and 3-6.
448 $time = $data['mod time'];
449 $date = $data['mod date'];
450
451 $year = 1980 + ( $date >> 9 );
452 $month = ( $date >> 5 ) & 15;
453 $day = $date & 31;
454 $hour = ( $time >> 11 ) & 31;
455 $minute = ( $time >> 5 ) & 63;
456 $second = ( $time & 31 ) * 2;
457 $timestamp = sprintf( "%04d%02d%02d%02d%02d%02d",
458 $year, $month, $day, $hour, $minute, $second );
459
460 // Convert the character set in the file name
461 if ( $this->testBit( $data['general bits'], self::GENERAL_UTF8 ) ) {
462 $name = $data['name'];
463 } else {
464 $name = iconv( 'CP437', 'UTF-8', $data['name'] );
465 }
466
467 // Compile a data array for the user, with a sensible format
468 $userData = [
469 'name' => $name,
470 'mtime' => $timestamp,
471 'size' => $data['uncompressed size'],
472 ];
473 call_user_func( $this->callback, $userData );
474 }
475 }
476
482 private function unpackZip64Extra( $extraField ) {
483 $extraHeaderInfo = [
484 'id' => 2,
485 'size' => 2,
486 ];
487 $extraHeaderSize = $this->getStructSize( $extraHeaderInfo );
488
489 $zip64ExtraInfo = [
490 'uncompressed size' => 8,
491 'compressed size' => 8,
492 'local header offset' => 8,
493 'disk number start' => 4,
494 ];
495
496 $extraPos = 0;
497 while ( $extraPos < strlen( $extraField ) ) {
498 $extra = $this->unpack( $extraField, $extraHeaderInfo, $extraPos );
499 $extraPos += $extraHeaderSize;
500 $extra += $this->unpack( $extraField,
501 [ 'data' => [ 'string', $extra['size'] ] ],
502 $extraPos );
503 $extraPos += $extra['size'];
504
505 if ( $extra['id'] == self::ZIP64_EXTRA_HEADER ) {
506 return $this->unpack( $extra['data'], $zip64ExtraInfo );
507 }
508 }
509
510 return false;
511 }
512
517 private function getFileLength() {
518 if ( $this->fileLength === null ) {
519 $stat = fstat( $this->file );
520 $this->fileLength = $stat['size'];
521 }
522
523 return $this->fileLength;
524 }
525
536 private function getBlock( $start, $length = null ) {
537 $fileLength = $this->getFileLength();
538 if ( $start >= $fileLength ) {
539 $this->error( 'zip-bad', "getBlock() requested position $start, " .
540 "file length is $fileLength" );
541 }
542 $length ??= $fileLength - $start;
543 $end = $start + $length;
544 if ( $end > $fileLength ) {
545 $this->error( 'zip-bad', "getBlock() requested end position $end, " .
546 "file length is $fileLength" );
547 }
548 $startSeg = (int)floor( $start / self::SEGSIZE );
549 $endSeg = (int)ceil( $end / self::SEGSIZE );
550
551 $block = '';
552 for ( $segIndex = $startSeg; $segIndex <= $endSeg; $segIndex++ ) {
553 $block .= $this->getSegment( $segIndex );
554 }
555
556 $block = substr( $block,
557 $start - $startSeg * self::SEGSIZE,
558 $length );
559
560 if ( strlen( $block ) < $length ) {
561 $this->error( 'zip-bad', 'getBlock() returned an unexpectedly small amount of data' );
562 }
563
564 return $block;
565 }
566
580 private function getSegment( $segIndex ) {
581 if ( !isset( $this->buffer[$segIndex] ) ) {
582 $bytePos = $segIndex * self::SEGSIZE;
583 if ( $bytePos >= $this->getFileLength() ) {
584 $this->buffer[$segIndex] = '';
585
586 return '';
587 }
588 if ( fseek( $this->file, $bytePos ) ) {
589 $this->error( 'zip-bad', "seek to $bytePos failed" );
590 }
591 $seg = fread( $this->file, self::SEGSIZE );
592 if ( $seg === false ) {
593 $this->error( 'zip-bad', "read from $bytePos failed" );
594 }
595 $this->buffer[$segIndex] = $seg;
596 }
597
598 return $this->buffer[$segIndex];
599 }
600
606 private function getStructSize( $struct ) {
607 $size = 0;
608 foreach ( $struct as $type ) {
609 if ( is_array( $type ) ) {
610 [ , $fieldSize ] = $type;
611 $size += $fieldSize;
612 } else {
613 $size += $type;
614 }
615 }
616
617 return $size;
618 }
619
640 private function unpack( $string, $struct, $offset = 0 ) {
641 $size = $this->getStructSize( $struct );
642 if ( $offset + $size > strlen( $string ) ) {
643 $this->error( 'zip-bad', 'unpack() would run past the end of the supplied string' );
644 }
645
646 $data = [];
647 $pos = $offset;
648 foreach ( $struct as $key => $type ) {
649 if ( is_array( $type ) ) {
650 [ $typeName, $fieldSize ] = $type;
651 switch ( $typeName ) {
652 case 'string':
653 $data[$key] = substr( $string, $pos, $fieldSize );
654 $pos += $fieldSize;
655 break;
656 default:
657 throw new UnexpectedValueException( __METHOD__ . ": invalid type \"$typeName\"" );
658 }
659 } else {
660 // Unsigned little-endian integer
661 $length = intval( $type );
662
663 // Calculate the value. Use an algorithm which automatically
664 // upgrades the value to floating point if necessary.
665 $value = 0;
666 for ( $i = $length - 1; $i >= 0; $i-- ) {
667 $value *= 256;
668 $value += ord( $string[$pos + $i] );
669 }
670
671 // Throw an exception if there was loss of precision
672 if ( $value > 2 ** 52 ) {
673 $this->error( 'zip-unsupported', 'number too large to be stored in a double. ' .
674 'This could happen if we tried to unpack a 64-bit structure ' .
675 'at an invalid location.' );
676 }
677 $data[$key] = $value;
678 $pos += $length;
679 }
680 }
681
682 return $data;
683 }
684
693 private function testBit( $value, $bitIndex ) {
694 return (bool)( ( $value >> $bitIndex ) & 1 );
695 }
696}
wfDebug
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Definition GlobalFunctions.php:663
MediaWiki\Status\Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:54
ZipDirectoryReaderError
Internal exception class.
Definition ZipDirectoryReaderError.php:25
ZipDirectoryReader
A class for reading ZIP file directories, for the purposes of upload verification.
Definition ZipDirectoryReader.php:32
ZipDirectoryReader\readHandle
static readHandle( $file, $callback, $options=[])
Read an opened file handle presumed to be a ZIP and call a function for each file discovered in it.
Definition ZipDirectoryReader.php:107
ZipDirectoryReader\$buffer
string[] $buffer
A segmented cache of the file contents.
Definition ZipDirectoryReader.php:119
ZipDirectoryReader\$eocdr
array $eocdr
Stored headers.
Definition ZipDirectoryReader.php:128
ZipDirectoryReader\$eocdr64Locator
array $eocdr64Locator
Stored headers.
Definition ZipDirectoryReader.php:132
ZipDirectoryReader\read
static read( $fileName, $callback, $options=[])
Read a ZIP file and call a function for each file discovered in it.
Definition ZipDirectoryReader.php:90
ZipDirectoryReader\$callback
callable $callback
The file data callback.
Definition ZipDirectoryReader.php:122
ZipDirectoryReader\$zip64
bool $zip64
The ZIP64 mode.
Definition ZipDirectoryReader.php:125
ZipDirectoryReader\__construct
__construct( $file, $callback, $options)
Definition ZipDirectoryReader.php:151
ZipDirectoryReader\$fileLength
int null $fileLength
The cached length of the file, or null if it has not been loaded yet.
Definition ZipDirectoryReader.php:116
ZipDirectoryReader\$eocdr64
array $eocdr64
Stored headers.
Definition ZipDirectoryReader.php:130
ZipDirectoryReader\$file
resource $file
The opened file resource.
Definition ZipDirectoryReader.php:113