includes/StreamFile.php

   1 <?php
   2 /**
   3  * Functions related to the output of file content.
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  */
  22
  23 /**
  24  * Functions related to the output of file content
  25  */
  26 class StreamFile {
  27         // Do not send any HTTP headers unless requested by caller (e.g. body only)
  28         /** @deprecated since 1.34 */
  29         const STREAM_HEADLESS = HTTPFileStreamer::STREAM_HEADLESS;
  30         // Do not try to tear down any PHP output buffers
  31         /** @deprecated since 1.34 */
  32         const STREAM_ALLOW_OB = HTTPFileStreamer::STREAM_ALLOW_OB;
  33
  34         /**
  35          * Stream a file to the browser, adding all the headings and fun stuff.
  36          * Headers sent include: Content-type, Content-Length, Last-Modified,
  37          * and Content-Disposition.
  38          *
  39          * @param string $fname Full name and path of the file to stream
  40          * @param array $headers Any additional headers to send if the file exists
  41          * @param bool $sendErrors Send error messages if errors occur (like 404)
  42          * @param array $optHeaders HTTP request header map (e.g. "range") (use lowercase keys)
  43          * @param int $flags Bitfield of STREAM_* constants
  44          * @throws MWException
  45          * @return bool Success
  46          */
  47         public static function stream(
  48                 $fname, $headers = [], $sendErrors = true, $optHeaders = [], $flags = 0
  49         ) {
  50                 if ( FileBackend::isStoragePath( $fname ) ) { // sanity
  51                         throw new InvalidArgumentException( __FUNCTION__ . " given storage path '$fname'." );
  52                 }
  53
  54                 $streamer = new HTTPFileStreamer(
  55                         $fname,
  56                         [
  57                                 'obResetFunc' => 'wfResetOutputBuffers',
  58                                 'streamMimeFunc' => [ __CLASS__, 'contentTypeFromPath' ]
  59                         ]
  60                 );
  61
  62                 return $streamer->stream( $headers, $sendErrors, $optHeaders, $flags );
  63         }
  64
  65         /**
  66          * Send out a standard 404 message for a file
  67          *
  68          * @param string $fname Full name and path of the file to stream
  69          * @param int $flags Bitfield of STREAM_* constants
  70          * @since 1.24
  71          * @deprecated since 1.34, use HTTPFileStreamer::send404Message() instead
  72          */
  73         public static function send404Message( $fname, $flags = 0 ) {
  74                 wfDeprecated( __METHOD__, '1.34' );
  75                 HTTPFileStreamer::send404Message( $fname, $flags );
  76         }
  77
  78         /**
  79          * Convert a Range header value to an absolute (start, end) range tuple
  80          *
  81          * @param string $range Range header value
  82          * @param int $size File size
  83          * @return array|string Returns error string on failure (start, end, length)
  84          * @since 1.24
  85          * @deprecated since 1.34, use HTTPFileStreamer::parseRange() instead
  86          */
  87         public static function parseRange( $range, $size ) {
  88                 wfDeprecated( __METHOD__, '1.34' );
  89                 return HTTPFileStreamer::parseRange( $range, $size );
  90         }
  91
  92         /**
  93          * Determine the file type of a file based on the path
  94          *
  95          * @param string $filename Storage path or file system path
  96          * @param bool $safe Whether to do retroactive upload blacklist checks
  97          * @return null|string
  98          */
  99         public static function contentTypeFromPath( $filename, $safe = true ) {
 100                 global $wgTrivialMimeDetection;
 101
 102                 $ext = strrchr( $filename, '.' );
 103                 $ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
 104
 105                 # trivial detection by file extension,
 106                 # used for thumbnails (thumb.php)
 107                 if ( $wgTrivialMimeDetection ) {
 108                         switch ( $ext ) {
 109                                 case 'gif':
 110                                         return 'image/gif';
 111                                 case 'png':
 112                                         return 'image/png';
 113                                 case 'jpg':
 114                                 case 'jpeg':
 115                                         return 'image/jpeg';
 116                         }
 117
 118                         return 'unknown/unknown';
 119                 }
 120
 121                 $magic = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer();
 122                 // Use the extension only, rather than magic numbers, to avoid opening
 123                 // up vulnerabilities due to uploads of files with allowed extensions
 124                 // but disallowed types.
 125                 $type = $magic->guessTypesForExtension( $ext );
 126
 127                 /**
 128                  * Double-check some security settings that were done on upload but might
 129                  * have changed since.
 130                  */
 131                 if ( $safe ) {
 132                         global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
 133                                 $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
 134                         list( , $extList ) = UploadBase::splitExtensions( $filename );
 135                         if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
 136                                 return 'unknown/unknown';
 137                         }
 138                         if ( $wgCheckFileExtensions && $wgStrictFileExtensions
 139                                 && !UploadBase::checkFileExtensionList( $extList, $wgFileExtensions )
 140                         ) {
 141                                 return 'unknown/unknown';
 142                         }
 143                         if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
 144                                 return 'unknown/unknown';
 145                         }
 146                 }
 147                 return $type;
 148         }
 149 }