dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Don't look for pipes in the root node.
[lhc/web/wiklou.git] / includes / StreamFile.php
1 <?php
2 /**
3 * Functions related to the output of file content
4 *
5 * @file
6 */
7
8 /** */
9 function wfStreamFile( $fname, $headers = array() ) {
10 $stat = @stat( $fname );
11 if ( !$stat ) {
12 header( 'HTTP/1.0 404 Not Found' );
13 header( 'Cache-Control: no-cache' );
14 header( 'Content-Type: text/html; charset=utf-8' );
15 $encFile = htmlspecialchars( $fname );
16 $encScript = htmlspecialchars( $_SERVER['SCRIPT_NAME'] );
17 echo "<html><body>
18 <h1>File not found</h1>
19 <p>Although this PHP script ($encScript) exists, the file requested for output
20 ($encFile) does not.</p>
21 </body></html>
22 ";
23 return;
24 }
25
26 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s', $stat['mtime'] ) . ' GMT' );
27
28 // Cancel output buffering and gzipping if set
29 wfResetOutputBuffers();
30
31 $type = wfGetType( $fname );
32 if ( $type and $type!="unknown/unknown") {
33 header("Content-type: $type");
34 } else {
35 header('Content-type: application/x-wiki');
36 }
37
38 // Don't stream it out as text/html if there was a PHP error
39 if ( headers_sent() ) {
40 echo "Headers already sent, terminating.\n";
41 return;
42 }
43
44 global $wgLanguageCode;
45 header( "Content-Disposition: inline;filename*=utf-8'$wgLanguageCode'" . urlencode( basename( $fname ) ) );
46
47 foreach ( $headers as $header ) {
48 header( $header );
49 }
50
51 if ( !empty( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
52 $modsince = preg_replace( '/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
53 $sinceTime = strtotime( $modsince );
54 if ( $stat['mtime'] <= $sinceTime ) {
55 ini_set('zlib.output_compression', 0);
56 header( "HTTP/1.0 304 Not Modified" );
57 return;
58 }
59 }
60
61 header( 'Content-Length: ' . $stat['size'] );
62
63 readfile( $fname );
64 }
65
66 /** */
67 function wfGetType( $filename, $safe = true ) {
68 global $wgTrivialMimeDetection;
69
70 $ext = strrchr($filename, '.');
71 $ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
72
73 # trivial detection by file extension,
74 # used for thumbnails (thumb.php)
75 if ($wgTrivialMimeDetection) {
76 switch ($ext) {
77 case 'gif': return 'image/gif';
78 case 'png': return 'image/png';
79 case 'jpg': return 'image/jpeg';
80 case 'jpeg': return 'image/jpeg';
81 }
82
83 return 'unknown/unknown';
84 }
85
86 $magic = MimeMagic::singleton();
87 // Use the extension only, rather than magic numbers, to avoid opening
88 // up vulnerabilities due to uploads of files with allowed extensions
89 // but disallowed types.
90 $type = $magic->guessTypesForExtension( $ext );
91
92 /**
93 * Double-check some security settings that were done on upload but might
94 * have changed since.
95 */
96 if ( $safe ) {
97 global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
98 $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
99 list( , $extList ) = UploadBase::splitExtensions( $filename );
100 if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
101 return 'unknown/unknown';
102 }
103 if ( $wgCheckFileExtensions && $wgStrictFileExtensions
104 && !UploadBase::checkFileExtensionList( $extList, $wgFileExtensions ) )
105 {
106 return 'unknown/unknown';
107 }
108 if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
109 return 'unknown/unknown';
110 }
111 }
112 return $type;
113 }
Wiklou, le Wiki du Wiklou