- * Guess the MIME type from the file contents.
- *
- * @todo Remove $ext param
- *
- * @param string $file
- * @param mixed $ext
- * @return bool|string
- * @throws MWException
- */
- private function doGuessMimeType( $file, $ext ) {
- // Read a chunk of the file
- MediaWiki\suppressWarnings();
- $f = fopen( $file, 'rb' );
- MediaWiki\restoreWarnings();
-
- if ( !$f ) {
- return 'unknown/unknown';
- }
-
- $fsize = filesize( $file );
- if ( $fsize === false ) {
- return 'unknown/unknown';
- }
-
- $head = fread( $f, 1024 );
- $tailLength = min( 65558, $fsize ); // 65558 = maximum size of a zip EOCDR
- if ( fseek( $f, -1 * $tailLength, SEEK_END ) === -1 ) {
- throw new MWException(
- "Seeking $tailLength bytes from EOF failed in " . __METHOD__ );
- }
- $tail = fread( $f, $tailLength );
- fclose( $f );
-
- wfDebug( __METHOD__ . ": analyzing head and tail of $file for magic numbers.\n" );
-
- // Hardcode a few magic number checks...
- $headers = array(
- // Multimedia...
- 'MThd' => 'audio/midi',
- 'OggS' => 'application/ogg',
-
- // Image formats...
- // Note that WMF may have a bare header, no magic number.
- "\x01\x00\x09\x00" => 'application/x-msmetafile', // Possibly prone to false positives?
- "\xd7\xcd\xc6\x9a" => 'application/x-msmetafile',
- '%PDF' => 'application/pdf',
- 'gimp xcf' => 'image/x-xcf',
-
- // Some forbidden fruit...
- 'MZ' => 'application/octet-stream', // DOS/Windows executable
- "\xca\xfe\xba\xbe" => 'application/octet-stream', // Mach-O binary
- "\x7fELF" => 'application/octet-stream', // ELF binary
- );
-
- foreach ( $headers as $magic => $candidate ) {
- if ( strncmp( $head, $magic, strlen( $magic ) ) == 0 ) {
- wfDebug( __METHOD__ . ": magic header in $file recognized as $candidate\n" );
- return $candidate;
- }
- }
-
- /* Look for WebM and Matroska files */
- if ( strncmp( $head, pack( "C4", 0x1a, 0x45, 0xdf, 0xa3 ), 4 ) == 0 ) {
- $doctype = strpos( $head, "\x42\x82" );
- if ( $doctype ) {
- // Next byte is datasize, then data (sizes larger than 1 byte are very stupid muxers)
- $data = substr( $head, $doctype + 3, 8 );
- if ( strncmp( $data, "matroska", 8 ) == 0 ) {
- wfDebug( __METHOD__ . ": recognized file as video/x-matroska\n" );
- return "video/x-matroska";
- } elseif ( strncmp( $data, "webm", 4 ) == 0 ) {
- wfDebug( __METHOD__ . ": recognized file as video/webm\n" );
- return "video/webm";
- }
- }
- wfDebug( __METHOD__ . ": unknown EBML file\n" );
- return "unknown/unknown";
- }
-
- /* Look for WebP */
- if ( strncmp( $head, "RIFF", 4 ) == 0 && strncmp( substr( $head, 8, 7 ), "WEBPVP8", 7 ) == 0 ) {
- wfDebug( __METHOD__ . ": recognized file as image/webp\n" );
- return "image/webp";
- }
-
- /**
- * Look for PHP. Check for this before HTML/XML... Warning: this is a
- * heuristic, and won't match a file with a lot of non-PHP before. It
- * will also match text files which could be PHP. :)
- *
- * @todo FIXME: For this reason, the check is probably useless -- an attacker
- * could almost certainly just pad the file with a lot of nonsense to
- * circumvent the check in any case where it would be a security
- * problem. On the other hand, it causes harmful false positives (bug
- * 16583). The heuristic has been cut down to exclude three-character
- * strings like "<? ", but should it be axed completely?
- */
- if ( ( strpos( $head, '<?php' ) !== false ) ||
- ( strpos( $head, "<\x00?\x00p\x00h\x00p" ) !== false ) ||
- ( strpos( $head, "<\x00?\x00 " ) !== false ) ||
- ( strpos( $head, "<\x00?\x00\n" ) !== false ) ||
- ( strpos( $head, "<\x00?\x00\t" ) !== false ) ||
- ( strpos( $head, "<\x00?\x00=" ) !== false ) ) {
-
- wfDebug( __METHOD__ . ": recognized $file as application/x-php\n" );
- return 'application/x-php';
- }
-
- /**
- * look for XML formats (XHTML and SVG)
- */
- $xml = new XmlTypeCheck( $file );
- if ( $xml->wellFormed ) {
- $xmlMimeTypes = $this->mConfig->get( 'XMLMimeTypes' );
- if ( isset( $xmlMimeTypes[$xml->getRootElement()] ) ) {
- return $xmlMimeTypes[$xml->getRootElement()];
- } else {
- return 'application/xml';
- }
- }
-
- /**
- * look for shell scripts
- */
- $script_type = null;
-
- # detect by shebang
- if ( substr( $head, 0, 2 ) == "#!" ) {
- $script_type = "ASCII";
- } elseif ( substr( $head, 0, 5 ) == "\xef\xbb\xbf#!" ) {
- $script_type = "UTF-8";
- } elseif ( substr( $head, 0, 7 ) == "\xfe\xff\x00#\x00!" ) {
- $script_type = "UTF-16BE";
- } elseif ( substr( $head, 0, 7 ) == "\xff\xfe#\x00!" ) {
- $script_type = "UTF-16LE";
- }
-
- if ( $script_type ) {
- if ( $script_type !== "UTF-8" && $script_type !== "ASCII" ) {
- // Quick and dirty fold down to ASCII!
- $pack = array( 'UTF-16BE' => 'n*', 'UTF-16LE' => 'v*' );
- $chars = unpack( $pack[$script_type], substr( $head, 2 ) );
- $head = '';
- foreach ( $chars as $codepoint ) {
- if ( $codepoint < 128 ) {
- $head .= chr( $codepoint );
- } else {
- $head .= '?';
- }
- }
- }
-
- $match = array();
-
- if ( preg_match( '%/?([^\s]+/)(\w+)%', $head, $match ) ) {
- $mime = "application/x-{$match[2]}";
- wfDebug( __METHOD__ . ": shell script recognized as $mime\n" );
- return $mime;
- }
- }
-
- // Check for ZIP variants (before getimagesize)
- if ( strpos( $tail, "PK\x05\x06" ) !== false ) {
- wfDebug( __METHOD__ . ": ZIP header present in $file\n" );
- return $this->detectZipType( $head, $tail, $ext );
- }
-
- MediaWiki\suppressWarnings();
- $gis = getimagesize( $file );
- MediaWiki\restoreWarnings();
-
- if ( $gis && isset( $gis['mime'] ) ) {
- $mime = $gis['mime'];
- wfDebug( __METHOD__ . ": getimagesize detected $file as $mime\n" );
- return $mime;
- }
-
- // Also test DjVu
- $deja = new DjVuImage( $file );
- if ( $deja->isValid() ) {
- wfDebug( __METHOD__ . ": detected $file as image/vnd.djvu\n" );
- return 'image/vnd.djvu';
- }
-
- # Media handling extensions can guess the MIME by content
- # It's intentionally here so that if core is wrong about a type (false positive),
- # people will hopefully nag and submit patches :)
- $mime = false;
- # Some strings by reference for performance - assuming well-behaved hooks
- Hooks::run(
- 'MimeMagicGuessFromContent',
- array( $this, &$head, &$tail, $file, &$mime )
- );
-
- return $mime;
- }
-
- /**
- * Detect application-specific file type of a given ZIP file from its
- * header data. Currently works for OpenDocument and OpenXML types...
- * If can't tell, returns 'application/zip'.
- *
- * @param string $header Some reasonably-sized chunk of file header
- * @param string|null $tail The tail of the file
- * @param string|bool $ext The file extension, or true to extract it from the filename.
- * Set it to false (default) to ignore the extension. DEPRECATED! Set to false,
- * use improveTypeFromExtension($mime, $ext) later to improve MIME type.
- *
- * @return string
- */
- function detectZipType( $header, $tail = null, $ext = false ) {
- if ( $ext ) { # TODO: remove $ext param
- wfDebug( __METHOD__ . ": WARNING: use of the \$ext parameter is deprecated. " .
- "Use improveTypeFromExtension(\$mime, \$ext) instead.\n" );
- }
-
- $mime = 'application/zip';
- $opendocTypes = array(
- 'chart-template',
- 'chart',
- 'formula-template',
- 'formula',
- 'graphics-template',
- 'graphics',
- 'image-template',
- 'image',
- 'presentation-template',
- 'presentation',
- 'spreadsheet-template',
- 'spreadsheet',
- 'text-template',
- 'text-master',
- 'text-web',
- 'text' );
-
- // http://lists.oasis-open.org/archives/office/200505/msg00006.html
- $types = '(?:' . implode( '|', $opendocTypes ) . ')';
- $opendocRegex = "/^mimetype(application\/vnd\.oasis\.opendocument\.$types)/";
-
- $openxmlRegex = "/^\[Content_Types\].xml/";
-
- if ( preg_match( $opendocRegex, substr( $header, 30 ), $matches ) ) {
- $mime = $matches[1];
- wfDebug( __METHOD__ . ": detected $mime from ZIP archive\n" );
- } elseif ( preg_match( $openxmlRegex, substr( $header, 30 ) ) ) {
- $mime = "application/x-opc+zip";
- # TODO: remove the block below, as soon as improveTypeFromExtension is used everywhere
- if ( $ext !== true && $ext !== false ) {
- /** This is the mode used by getPropsFromPath
- * These MIME's are stored in the database, where we don't really want
- * x-opc+zip, because we use it only for internal purposes
- */
- if ( $this->isMatchingExtension( $ext, $mime ) ) {
- /* A known file extension for an OPC file,
- * find the proper mime type for that file extension
- */
- $mime = $this->guessTypesForExtension( $ext );
- } else {
- $mime = "application/zip";
- }
- }
- wfDebug( __METHOD__ . ": detected an Open Packaging Conventions archive: $mime\n" );
- } elseif ( substr( $header, 0, 8 ) == "\xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1" &&
- ( $headerpos = strpos( $tail, "PK\x03\x04" ) ) !== false &&
- preg_match( $openxmlRegex, substr( $tail, $headerpos + 30 ) ) ) {
- if ( substr( $header, 512, 4 ) == "\xEC\xA5\xC1\x00" ) {
- $mime = "application/msword";
- }
- switch ( substr( $header, 512, 6 ) ) {
- case "\xEC\xA5\xC1\x00\x0E\x00":
- case "\xEC\xA5\xC1\x00\x1C\x00":
- case "\xEC\xA5\xC1\x00\x43\x00":
- $mime = "application/vnd.ms-powerpoint";
- break;
- case "\xFD\xFF\xFF\xFF\x10\x00":
- case "\xFD\xFF\xFF\xFF\x1F\x00":
- case "\xFD\xFF\xFF\xFF\x22\x00":
- case "\xFD\xFF\xFF\xFF\x23\x00":
- case "\xFD\xFF\xFF\xFF\x28\x00":
- case "\xFD\xFF\xFF\xFF\x29\x00":
- case "\xFD\xFF\xFF\xFF\x10\x02":
- case "\xFD\xFF\xFF\xFF\x1F\x02":
- case "\xFD\xFF\xFF\xFF\x22\x02":
- case "\xFD\xFF\xFF\xFF\x23\x02":
- case "\xFD\xFF\xFF\xFF\x28\x02":
- case "\xFD\xFF\xFF\xFF\x29\x02":
- $mime = "application/vnd.msexcel";
- break;
- }
-
- wfDebug( __METHOD__ . ": detected a MS Office document with OPC trailer\n" );
- } else {
- wfDebug( __METHOD__ . ": unable to identify type of ZIP archive\n" );
- }
- return $mime;
- }
-
- /**
- * Internal MIME type detection. Detection is done using an external
- * program, if $wgMimeDetectorCommand is set. Otherwise, the fileinfo
- * extension is tried if it is available. If detection fails and $ext
- * is not false, the MIME type is guessed from the file extension,
- * using guessTypesForExtension.
- *
- * If the MIME type is still unknown, getimagesize is used to detect the
- * MIME type if the file is an image. If no MIME type can be determined,
- * this function returns 'unknown/unknown'.
- *
- * @param string $file The file to check
- * @param string|bool $ext The file extension, or true (default) to extract it from the filename.
- * Set it to false to ignore the extension. DEPRECATED! Set to false, use
- * improveTypeFromExtension($mime, $ext) later to improve MIME type.
- *
- * @return string The MIME type of $file
- */
- private function detectMimeType( $file, $ext = true ) {
- /** @todo Make $ext default to false. Or better, remove it. */
- if ( $ext ) {
- wfDebug( __METHOD__ . ": WARNING: use of the \$ext parameter is deprecated. "
- . "Use improveTypeFromExtension(\$mime, \$ext) instead.\n" );
- }
-
- $mimeDetectorCommand = $this->mConfig->get( 'MimeDetectorCommand' );
- $m = null;
- if ( $mimeDetectorCommand ) {
- $args = wfEscapeShellArg( $file );
- $m = wfShellExec( "$mimeDetectorCommand $args" );
- } elseif ( function_exists( "finfo_open" ) && function_exists( "finfo_file" ) ) {
- $mime_magic_resource = finfo_open( FILEINFO_MIME );
-
- if ( $mime_magic_resource ) {
- $m = finfo_file( $mime_magic_resource, $file );
- finfo_close( $mime_magic_resource );
- } else {
- wfDebug( __METHOD__ . ": finfo_open failed on " . FILEINFO_MIME . "!\n" );
- }
- } else {
- wfDebug( __METHOD__ . ": no magic mime detector found!\n" );
- }
-
- if ( $m ) {
- # normalize
- $m = preg_replace( '![;, ].*$!', '', $m ); # strip charset, etc
- $m = trim( $m );
- $m = strtolower( $m );
-
- if ( strpos( $m, 'unknown' ) !== false ) {
- $m = null;
- } else {
- wfDebug( __METHOD__ . ": magic mime type of $file: $m\n" );
- return $m;
- }
- }
-
- // If desired, look at extension as a fallback.
- if ( $ext === true ) {
- $i = strrpos( $file, '.' );
- $ext = strtolower( $i ? substr( $file, $i + 1 ) : '' );
- }
- if ( $ext ) {
- if ( $this->isRecognizableExtension( $ext ) ) {
- wfDebug( __METHOD__ . ": refusing to guess mime type for .$ext file, "
- . "we should have recognized it\n" );
- } else {
- $m = $this->guessTypesForExtension( $ext );
- if ( $m ) {
- wfDebug( __METHOD__ . ": extension mime type of $file: $m\n" );
- return $m;
- }
- }
- }
-
- // Unknown type
- wfDebug( __METHOD__ . ": failed to guess mime type for $file!\n" );
- return 'unknown/unknown';
- }
-
- /**
- * Determine the media type code for a file, using its MIME type, name and
- * possibly its contents.
- *
- * This function relies on the findMediaType(), mapping extensions and MIME
- * types to media types.
- *
- * @todo analyse file if need be
- * @todo look at multiple extension, separately and together.
- *
- * @param string $path Full path to the image file, in case we have to look at the contents
- * (if null, only the MIME type is used to determine the media type code).
- * @param string $mime MIME type. If null it will be guessed using guessMimeType.
- *
- * @return string A value to be used with the MEDIATYPE_xxx constants.
- */
- function getMediaType( $path = null, $mime = null ) {
- if ( !$mime && !$path ) {
- return MEDIATYPE_UNKNOWN;
- }
-
- // If MIME type is unknown, guess it
- if ( !$mime ) {
- $mime = $this->guessMimeType( $path, false );
- }
-
- // Special code for ogg - detect if it's video (theora),
- // else label it as sound.
- if ( $mime == 'application/ogg' && file_exists( $path ) ) {
-
- // Read a chunk of the file
- $f = fopen( $path, "rt" );
- if ( !$f ) {
- return MEDIATYPE_UNKNOWN;
- }
- $head = fread( $f, 256 );
- fclose( $f );
-
- $head = str_replace( 'ffmpeg2theora', '', strtolower( $head ) );
-
- // This is an UGLY HACK, file should be parsed correctly
- if ( strpos( $head, 'theora' ) !== false ) {
- return MEDIATYPE_VIDEO;
- } elseif ( strpos( $head, 'vorbis' ) !== false ) {
- return MEDIATYPE_AUDIO;
- } elseif ( strpos( $head, 'flac' ) !== false ) {
- return MEDIATYPE_AUDIO;
- } elseif ( strpos( $head, 'speex' ) !== false ) {
- return MEDIATYPE_AUDIO;
- } else {
- return MEDIATYPE_MULTIMEDIA;
- }
- }
-
- // Check for entry for full MIME type
- if ( $mime ) {
- $type = $this->findMediaType( $mime );
- if ( $type !== MEDIATYPE_UNKNOWN ) {
- return $type;
- }
- }
-
- // Check for entry for file extension
- if ( $path ) {
- $i = strrpos( $path, '.' );
- $e = strtolower( $i ? substr( $path, $i + 1 ) : '' );
-
- // TODO: look at multi-extension if this fails, parse from full path
- $type = $this->findMediaType( '.' . $e );
- if ( $type !== MEDIATYPE_UNKNOWN ) {
- return $type;
- }
- }
-
- // Check major MIME type
- if ( $mime ) {
- $i = strpos( $mime, '/' );
- if ( $i !== false ) {
- $major = substr( $mime, 0, $i );
- $type = $this->findMediaType( $major );
- if ( $type !== MEDIATYPE_UNKNOWN ) {
- return $type;
- }
- }
- }
-
- if ( !$type ) {
- $type = MEDIATYPE_UNKNOWN;
- }
-
- return $type;
- }
-
- /**
- * Returns a media code matching the given MIME type or file extension.
- * File extensions are represented by a string starting with a dot (.) to
- * distinguish them from MIME types.
- *
- * This function relies on the mapping defined by $this->mMediaTypes
- * @access private
- * @param string $extMime
- * @return int|string
- */
- function findMediaType( $extMime ) {
- if ( strpos( $extMime, '.' ) === 0 ) {
- // If it's an extension, look up the MIME types
- $m = $this->getTypesForExtension( substr( $extMime, 1 ) );
- if ( !$m ) {
- return MEDIATYPE_UNKNOWN;
- }
-
- $m = explode( ' ', $m );
- } else {
- // Normalize MIME type
- if ( isset( $this->mMimeTypeAliases[$extMime] ) ) {
- $extMime = $this->mMimeTypeAliases[$extMime];
- }
-
- $m = array( $extMime );
- }
-
- foreach ( $m as $mime ) {
- foreach ( $this->mMediaTypes as $type => $codes ) {
- if ( in_array( $mime, $codes, true ) ) {
- return $type;
- }
- }
- }
-
- return MEDIATYPE_UNKNOWN;
- }
-
- /**
- * Get the MIME types that various versions of Internet Explorer would
- * detect from a chunk of the content.
- *
- * @param string $fileName The file name (unused at present)
- * @param string $chunk The first 256 bytes of the file
- * @param string $proposed The MIME type proposed by the server