dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
More documentation updates and additions
[lhc/web/wiklou.git] / includes / StreamFile.php
1 <?php
2 /**
3 * Functions related to the output of file content
4 *
5 * @file
6 */
7
8 /** */
9 function wfStreamFile( $fname, $headers = array() ) {
10 $stat = @stat( $fname );
11 if ( !$stat ) {
12 header( 'HTTP/1.0 404 Not Found' );
13 header( 'Cache-Control: no-cache' );
14 header( 'Content-Type: text/html; charset=utf-8' );
15 $encFile = htmlspecialchars( $fname );
16 $encScript = htmlspecialchars( $_SERVER['SCRIPT_NAME'] );
17 echo "<html><body>
18 <h1>File not found</h1>
19 <p>Although this PHP script ($encScript) exists, the file requested for output
20 ($encFile) does not.</p>
21 </body></html>
22 ";
23 return;
24 }
25
26 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s', $stat['mtime'] ) . ' GMT' );
27
28 // Cancel output buffering and gzipping if set
29 wfResetOutputBuffers();
30
31 $type = wfGetType( $fname );
32 if ( $type and $type!="unknown/unknown") {
33 header("Content-type: $type");
34 } else {
35 header('Content-type: application/x-wiki');
36 }
37
38 // Don't stream it out as text/html if there was a PHP error
39 if ( headers_sent() ) {
40 echo "Headers already sent, terminating.\n";
41 return;
42 }
43
44 global $wgLanguageCode;
45 header( "Content-Disposition: inline;filename*=utf-8'$wgLanguageCode'" . urlencode( basename( $fname ) ) );
46
47 foreach ( $headers as $header ) {
48 header( $header );
49 }
50
51 if ( !empty( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
52 $modsince = preg_replace( '/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
53 $sinceTime = strtotime( $modsince );
54 if ( $stat['mtime'] <= $sinceTime ) {
55 ini_set('zlib.output_compression', 0);
56 header( "HTTP/1.0 304 Not Modified" );
57 return;
58 }
59 }
60
61 header( 'Content-Length: ' . $stat['size'] );
62
63 readfile( $fname );
64 }
65
66 /**
67 * @param $filename string
68 * @param $safe bool
69 * @return null|string
70 */
71 function wfGetType( $filename, $safe = true ) {
72 global $wgTrivialMimeDetection;
73
74 $ext = strrchr($filename, '.');
75 $ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
76
77 # trivial detection by file extension,
78 # used for thumbnails (thumb.php)
79 if ($wgTrivialMimeDetection) {
80 switch ($ext) {
81 case 'gif': return 'image/gif';
82 case 'png': return 'image/png';
83 case 'jpg': return 'image/jpeg';
84 case 'jpeg': return 'image/jpeg';
85 }
86
87 return 'unknown/unknown';
88 }
89
90 $magic = MimeMagic::singleton();
91 // Use the extension only, rather than magic numbers, to avoid opening
92 // up vulnerabilities due to uploads of files with allowed extensions
93 // but disallowed types.
94 $type = $magic->guessTypesForExtension( $ext );
95
96 /**
97 * Double-check some security settings that were done on upload but might
98 * have changed since.
99 */
100 if ( $safe ) {
101 global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
102 $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
103 list( , $extList ) = UploadBase::splitExtensions( $filename );
104 if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
105 return 'unknown/unknown';
106 }
107 if ( $wgCheckFileExtensions && $wgStrictFileExtensions
108 && !UploadBase::checkFileExtensionList( $extList, $wgFileExtensions ) )
109 {
110 return 'unknown/unknown';
111 }
112 if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
113 return 'unknown/unknown';
114 }
115 }
116 return $type;
117 }
Wiklou, le Wiki du Wiklou