includes/StreamFile.php

   1 <?php
   2 /**
   3  * Functions related to the output of file content
   4  *
   5  * @file
   6  */
   7 class StreamFile {
   8         /**
   9          * Stream a file to the browser, adding all the headings and fun stuff
  10          * @param $fname string Full name and path of the file to stream
  11          * @param $headers array Any additional headers to send
  12          */
  13         public static function stream( $fname, $headers = array(), $request = null ) {
  14                 wfSuppressWarnings();
  15                 $stat = stat( $fname );
  16                 wfRestoreWarnings();
  17                 if ( !$stat ) {
  18                         header( 'HTTP/1.0 404 Not Found' );
  19                         header( 'Cache-Control: no-cache' );
  20                         header( 'Content-Type: text/html; charset=utf-8' );
  21                         $encFile = htmlspecialchars( $fname );
  22                         $encScript = htmlspecialchars( $_SERVER['SCRIPT_NAME'] );
  23                         echo "<html><body>
  24         <h1>File not found</h1>
  25         <p>Although this PHP script ($encScript) exists, the file requested for output
  26         ($encFile) does not.</p>
  27         </body></html>
  28         ";
  29                         return;
  30                 }
  31
  32                 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s', $stat['mtime'] ) . ' GMT' );
  33
  34                 // Cancel output buffering and gzipping if set
  35                 wfResetOutputBuffers();
  36
  37                 $type = self::getType( $fname );
  38                 if ( $type && $type != 'unknown/unknown' ) {
  39                         header( "Content-type: $type" );
  40                 } else {
  41                         header( 'Content-type: application/x-wiki' );
  42                 }
  43
  44                 // Don't stream it out as text/html if there was a PHP error
  45                 if ( headers_sent() ) {
  46                         echo "Headers already sent, terminating.\n";
  47                         return;
  48                 }
  49
  50                 global $wgLanguageCode;
  51                 header( "Content-Disposition: inline;filename*=utf-8'$wgLanguageCode'" . urlencode( basename( $fname ) ) );
  52
  53                 foreach ( $headers as $header ) {
  54                         header( $header );
  55                 }
  56
  57                 if ( !empty( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
  58                         $modsince = preg_replace( '/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
  59                         $sinceTime = strtotime( $modsince );
  60                         if ( $stat['mtime'] <= $sinceTime ) {
  61                                 ini_set( 'zlib.output_compression', 0 );
  62                                 header( "HTTP/1.0 304 Not Modified" );
  63                                 return;
  64                         }
  65                 }
  66
  67                 header( 'Content-Length: ' . $stat['size'] );
  68
  69                 readfile( $fname );
  70         }
  71
  72         /**
  73          * Determine the filetype we're dealing with
  74          * @param $filename string
  75          * @param $safe bool
  76          * @return null|string
  77          */
  78         private static function getType( $filename, $safe = true ) {
  79                 global $wgTrivialMimeDetection;
  80
  81                 $ext = strrchr( $filename, '.' );
  82                 $ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
  83
  84                 # trivial detection by file extension,
  85                 # used for thumbnails (thumb.php)
  86                 if ( $wgTrivialMimeDetection ) {
  87                         switch ( $ext ) {
  88                                 case 'gif': return 'image/gif';
  89                                 case 'png': return 'image/png';
  90                                 case 'jpg': return 'image/jpeg';
  91                                 case 'jpeg': return 'image/jpeg';
  92                         }
  93
  94                         return 'unknown/unknown';
  95                 }
  96
  97                 $magic = MimeMagic::singleton();
  98                 // Use the extension only, rather than magic numbers, to avoid opening
  99                 // up vulnerabilities due to uploads of files with allowed extensions
 100                 // but disallowed types.
 101                 $type = $magic->guessTypesForExtension( $ext );
 102
 103                 /**
 104                  * Double-check some security settings that were done on upload but might
 105                  * have changed since.
 106                  */
 107                 if ( $safe ) {
 108                         global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
 109                                 $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
 110                         list( , $extList ) = UploadBase::splitExtensions( $filename );
 111                         if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
 112                                 return 'unknown/unknown';
 113                         }
 114                         if ( $wgCheckFileExtensions && $wgStrictFileExtensions
 115                                 && !UploadBase::checkFileExtensionList( $extList, $wgFileExtensions ) )
 116                         {
 117                                 return 'unknown/unknown';
 118                         }
 119                         if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
 120                                 return 'unknown/unknown';
 121                         }
 122                 }
 123                 return $type;
 124         }
 125 }