search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Don't bother showing prev/next links navigation when there's few results
[mediawiki.git] / includes / utils / ZipDirectoryReader.php
blob1419bbb332e8a4f5b51eae932f805a4228938edd
1 <?php
2 /**
3 * ZIP file directories reader, for the purposes of upload verification.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * A class for reading ZIP file directories, for the purposes of upload
25 * verification.
26 *
27 * Only a functional interface is provided: ZipFileReader::read(). No access is
28 * given to object instances.
29 *
30 */
31 class ZipDirectoryReader {
32 /**
33 * Read a ZIP file and call a function for each file discovered in it.
34 *
35 * Because this class is aimed at verification, an error is raised on
36 * suspicious or ambiguous input, instead of emulating some standard
37 * behavior.
38 *
39 * @param string $fileName The archive file name
40 * @param array $callback The callback function. It will be called for each file
41 * with a single associative array each time, with members:
42 *
43 * - name: The file name. Directories conventionally have a trailing
44 * slash.
45 *
46 * - mtime: The file modification time, in MediaWiki 14-char format
47 *
48 * - size: The uncompressed file size
49 *
50 * @param array $options An associative array of read options, with the option
51 * name in the key. This may currently contain:
52 *
53 * - zip64: If this is set to true, then we will emulate a
54 * library with ZIP64 support, like OpenJDK 7. If it is set to
55 * false, then we will emulate a library with no knowledge of
56 * ZIP64.
57 *
58 * NOTE: The ZIP64 code is untested and probably doesn't work. It
59 * turned out to be easier to just reject ZIP64 archive uploads,
60 * since they are likely to be very rare. Confirming safety of a
61 * ZIP64 file is fairly complex. What do you do with a file that is
62 * ambiguous and broken when read with a non-ZIP64 reader, but valid
63 * when read with a ZIP64 reader? This situation is normal for a
64 * valid ZIP64 file, and working out what non-ZIP64 readers will make
65 * of such a file is not trivial.
66 *
67 * @return Status object. The following fatal errors are defined:
68 *
69 * - zip-file-open-error: The file could not be opened.
70 *
71 * - zip-wrong-format: The file does not appear to be a ZIP file.
72 *
73 * - zip-bad: There was something wrong or ambiguous about the file
74 * data.
75 *
76 * - zip-unsupported: The ZIP file uses features which
77 * ZipDirectoryReader does not support.
78 *
79 * The default messages for those fatal errors are written in a way that
80 * makes sense for upload verification.
81 *
82 * If a fatal error is returned, more information about the error will be
83 * available in the debug log.
84 *
85 * Note that the callback function may be called any number of times before
86 * a fatal error is returned. If this occurs, the data sent to the callback
87 * function should be discarded.
88 */
89 public static function read( $fileName, $callback, $options = array() ) {
90 $zdr = new self( $fileName, $callback, $options );
91
92 return $zdr->execute();
93 }
94
95 /** The file name */
96 protected $fileName;
97
98 /** The opened file resource */
99 protected $file;
100
101 /** The cached length of the file, or null if it has not been loaded yet. */
102 protected $fileLength;
103
104 /** A segmented cache of the file contents */
105 protected $buffer;
106
107 /** The file data callback */
108 protected $callback;
109
110 /** The ZIP64 mode */
111 protected $zip64 = false;
112
113 /** Stored headers */
114 protected $eocdr, $eocdr64, $eocdr64Locator;
115
116 protected $data;
117
118 /** The "extra field" ID for ZIP64 central directory entries */
119 const ZIP64_EXTRA_HEADER = 0x0001;
120
121 /** The segment size for the file contents cache */
122 const SEGSIZE = 16384;
123
124 /** The index of the "general field" bit for UTF-8 file names */
125 const GENERAL_UTF8 = 11;
126
127 /** The index of the "general field" bit for central directory encryption */
128 const GENERAL_CD_ENCRYPTED = 13;
129
130 /**
131 * Private constructor
132 */
133 protected function __construct( $fileName, $callback, $options ) {
134 $this->fileName = $fileName;
135 $this->callback = $callback;
136
137 if ( isset( $options['zip64'] ) ) {
138 $this->zip64 = $options['zip64'];
139 }
140 }
141
142 /**
143 * Read the directory according to settings in $this.
144 *
145 * @return Status
146 */
147 function execute() {
148 $this->file = fopen( $this->fileName, 'r' );
149 $this->data = array();
150 if ( !$this->file ) {
151 return Status::newFatal( 'zip-file-open-error' );
152 }
153
154 $status = Status::newGood();
155 try {
156 $this->readEndOfCentralDirectoryRecord();
157 if ( $this->zip64 ) {
158 list( $offset, $size ) = $this->findZip64CentralDirectory();
159 $this->readCentralDirectory( $offset, $size );
160 } else {
161 if ( $this->eocdr['CD size'] == 0xffffffff
162 || $this->eocdr['CD offset'] == 0xffffffff
163 || $this->eocdr['CD entries total'] == 0xffff
164 ) {
165 $this->error( 'zip-unsupported', 'Central directory header indicates ZIP64, ' .
166 'but we are in legacy mode. Rejecting this upload is necessary to avoid ' .
167 'opening vulnerabilities on clients using OpenJDK 7 or later.' );
168 }
169
170 list( $offset, $size ) = $this->findOldCentralDirectory();
171 $this->readCentralDirectory( $offset, $size );
172 }
173 } catch ( ZipDirectoryReaderError $e ) {
174 $status->fatal( $e->getErrorCode() );
175 }
176
177 fclose( $this->file );
178
179 return $status;
180 }
181
182 /**
183 * Throw an error, and log a debug message
184 */
185 function error( $code, $debugMessage ) {
186 wfDebug( __CLASS__ . ": Fatal error: $debugMessage\n" );
187 throw new ZipDirectoryReaderError( $code );
188 }
189
190 /**
191 * Read the header which is at the end of the central directory,
192 * unimaginatively called the "end of central directory record" by the ZIP
193 * spec.
194 */
195 function readEndOfCentralDirectoryRecord() {
196 $info = array(
197 'signature' => 4,
198 'disk' => 2,
199 'CD start disk' => 2,
200 'CD entries this disk' => 2,
201 'CD entries total' => 2,
202 'CD size' => 4,
203 'CD offset' => 4,
204 'file comment length' => 2,
205 );
206 $structSize = $this->getStructSize( $info );
207 $startPos = $this->getFileLength() - 65536 - $structSize;
208 if ( $startPos < 0 ) {
209 $startPos = 0;
210 }
211
212 $block = $this->getBlock( $startPos );
213 $sigPos = strrpos( $block, "PK\x05\x06" );
214 if ( $sigPos === false ) {
215 $this->error( 'zip-wrong-format',
216 "zip file lacks EOCDR signature. It probably isn't a zip file." );
217 }
218
219 $this->eocdr = $this->unpack( substr( $block, $sigPos ), $info );
220 $this->eocdr['EOCDR size'] = $structSize + $this->eocdr['file comment length'];
221
222 if ( $structSize + $this->eocdr['file comment length'] != strlen( $block ) - $sigPos ) {
223 $this->error( 'zip-bad', 'trailing bytes after the end of the file comment' );
224 }
225 if ( $this->eocdr['disk'] !== 0
226 || $this->eocdr['CD start disk'] !== 0
227 ) {
228 $this->error( 'zip-unsupported', 'more than one disk (in EOCDR)' );
229 }
230 $this->eocdr += $this->unpack(
231 $block,
232 array( 'file comment' => array( 'string', $this->eocdr['file comment length'] ) ),
233 $sigPos + $structSize );
234 $this->eocdr['position'] = $startPos + $sigPos;
235 }
236
237 /**
238 * Read the header called the "ZIP64 end of central directory locator". An
239 * error will be raised if it does not exist.
240 */
241 function readZip64EndOfCentralDirectoryLocator() {
242 $info = array(
243 'signature' => array( 'string', 4 ),
244 'eocdr64 start disk' => 4,
245 'eocdr64 offset' => 8,
246 'number of disks' => 4,
247 );
248 $structSize = $this->getStructSize( $info );
249
250 $start = $this->getFileLength() - $this->eocdr['EOCDR size'] - $structSize;
251 $block = $this->getBlock( $start, $structSize );
252 $this->eocdr64Locator = $data = $this->unpack( $block, $info );
253
254 if ( $data['signature'] !== "PK\x06\x07" ) {
255 // Note: Java will allow this and continue to read the
256 // EOCDR64, so we have to reject the upload, we can't
257 // just use the EOCDR header instead.
258 $this->error( 'zip-bad', 'wrong signature on Zip64 end of central directory locator' );
259 }
260 }
261
262 /**
263 * Read the header called the "ZIP64 end of central directory record". It
264 * may replace the regular "end of central directory record" in ZIP64 files.
265 */
266 function readZip64EndOfCentralDirectoryRecord() {
267 if ( $this->eocdr64Locator['eocdr64 start disk'] != 0
268 || $this->eocdr64Locator['number of disks'] != 0
269 ) {
270 $this->error( 'zip-unsupported', 'more than one disk (in EOCDR64 locator)' );
271 }
272
273 $info = array(
274 'signature' => array( 'string', 4 ),
275 'EOCDR64 size' => 8,
276 'version made by' => 2,
277 'version needed' => 2,
278 'disk' => 4,
279 'CD start disk' => 4,
280 'CD entries this disk' => 8,
281 'CD entries total' => 8,
282 'CD size' => 8,
283 'CD offset' => 8
284 );
285 $structSize = $this->getStructSize( $info );
286 $block = $this->getBlock( $this->eocdr64Locator['eocdr64 offset'], $structSize );
287 $this->eocdr64 = $data = $this->unpack( $block, $info );
288 if ( $data['signature'] !== "PK\x06\x06" ) {
289 $this->error( 'zip-bad', 'wrong signature on Zip64 end of central directory record' );
290 }
291 if ( $data['disk'] !== 0
292 || $data['CD start disk'] !== 0
293 ) {
294 $this->error( 'zip-unsupported', 'more than one disk (in EOCDR64)' );
295 }
296 }
297
298 /**
299 * Find the location of the central directory, as would be seen by a
300 * non-ZIP64 reader.
301 *
302 * @return List containing offset, size and end position.
303 */
304 function findOldCentralDirectory() {
305 $size = $this->eocdr['CD size'];
306 $offset = $this->eocdr['CD offset'];
307 $endPos = $this->eocdr['position'];
308
309 // Some readers use the EOCDR position instead of the offset field
310 // to find the directory, so to be safe, we check if they both agree.
311 if ( $offset + $size != $endPos ) {
312 $this->error( 'zip-bad', 'the central directory does not immediately precede the end ' .
313 'of central directory record' );
314 }
315
316 return array( $offset, $size );
317 }
318
319 /**
320 * Find the location of the central directory, as would be seen by a
321 * ZIP64-compliant reader.
322 *
323 * @return array List containing offset, size and end position.
324 */
325 function findZip64CentralDirectory() {
326 // The spec is ambiguous about the exact rules of precedence between the
327 // ZIP64 headers and the original headers. Here we follow zip_util.c
328 // from OpenJDK 7.
329 $size = $this->eocdr['CD size'];
330 $offset = $this->eocdr['CD offset'];
331 $numEntries = $this->eocdr['CD entries total'];
332 $endPos = $this->eocdr['position'];
333 if ( $size == 0xffffffff
334 || $offset == 0xffffffff
335 || $numEntries == 0xffff
336 ) {
337 $this->readZip64EndOfCentralDirectoryLocator();
338
339 if ( isset( $this->eocdr64Locator['eocdr64 offset'] ) ) {
340 $this->readZip64EndOfCentralDirectoryRecord();
341 if ( isset( $this->eocdr64['CD offset'] ) ) {
342 $size = $this->eocdr64['CD size'];
343 $offset = $this->eocdr64['CD offset'];
344 $endPos = $this->eocdr64Locator['eocdr64 offset'];
345 }
346 }
347 }
348 // Some readers use the EOCDR position instead of the offset field
349 // to find the directory, so to be safe, we check if they both agree.
350 if ( $offset + $size != $endPos ) {
351 $this->error( 'zip-bad', 'the central directory does not immediately precede the end ' .
352 'of central directory record' );
353 }
354
355 return array( $offset, $size );
356 }
357
358 /**
359 * Read the central directory at the given location
360 */
361 function readCentralDirectory( $offset, $size ) {
362 $block = $this->getBlock( $offset, $size );
363
364 $fixedInfo = array(
365 'signature' => array( 'string', 4 ),
366 'version made by' => 2,
367 'version needed' => 2,
368 'general bits' => 2,
369 'compression method' => 2,
370 'mod time' => 2,
371 'mod date' => 2,
372 'crc-32' => 4,
373 'compressed size' => 4,
374 'uncompressed size' => 4,
375 'name length' => 2,
376 'extra field length' => 2,
377 'comment length' => 2,
378 'disk number start' => 2,
379 'internal attrs' => 2,
380 'external attrs' => 4,
381 'local header offset' => 4,
382 );
383 $fixedSize = $this->getStructSize( $fixedInfo );
384
385 $pos = 0;
386 while ( $pos < $size ) {
387 $data = $this->unpack( $block, $fixedInfo, $pos );
388 $pos += $fixedSize;
389
390 if ( $data['signature'] !== "PK\x01\x02" ) {
391 $this->error( 'zip-bad', 'Invalid signature found in directory entry' );
392 }
393
394 $variableInfo = array(
395 'name' => array( 'string', $data['name length'] ),
396 'extra field' => array( 'string', $data['extra field length'] ),
397 'comment' => array( 'string', $data['comment length'] ),
398 );
399 $data += $this->unpack( $block, $variableInfo, $pos );
400 $pos += $this->getStructSize( $variableInfo );
401
402 if ( $this->zip64 && (
403 $data['compressed size'] == 0xffffffff
404 || $data['uncompressed size'] == 0xffffffff
405 || $data['local header offset'] == 0xffffffff )
406 ) {
407 $zip64Data = $this->unpackZip64Extra( $data['extra field'] );
408 if ( $zip64Data ) {
409 $data = $zip64Data + $data;
410 }
411 }
412
413 if ( $this->testBit( $data['general bits'], self::GENERAL_CD_ENCRYPTED ) ) {
414 $this->error( 'zip-unsupported', 'central directory encryption is not supported' );
415 }
416
417 // Convert the timestamp into MediaWiki format
418 // For the format, please see the MS-DOS 2.0 Programmer's Reference,
419 // pages 3-5 and 3-6.
420 $time = $data['mod time'];
421 $date = $data['mod date'];
422
423 $year = 1980 + ( $date >> 9 );
424 $month = ( $date >> 5 ) & 15;
425 $day = $date & 31;
426 $hour = ( $time >> 11 ) & 31;
427 $minute = ( $time >> 5 ) & 63;
428 $second = ( $time & 31 ) * 2;
429 $timestamp = sprintf( "%04d%02d%02d%02d%02d%02d",
430 $year, $month, $day, $hour, $minute, $second );
431
432 // Convert the character set in the file name
433 if ( !function_exists( 'iconv' )
434 || $this->testBit( $data['general bits'], self::GENERAL_UTF8 )
435 ) {
436 $name = $data['name'];
437 } else {
438 $name = iconv( 'CP437', 'UTF-8', $data['name'] );
439 }
440
441 // Compile a data array for the user, with a sensible format
442 $userData = array(
443 'name' => $name,
444 'mtime' => $timestamp,
445 'size' => $data['uncompressed size'],
446 );
447 call_user_func( $this->callback, $userData );
448 }
449 }
450
451 /**
452 * Interpret ZIP64 "extra field" data and return an associative array.
453 * @return array|bool
454 */
455 function unpackZip64Extra( $extraField ) {
456 $extraHeaderInfo = array(
457 'id' => 2,
458 'size' => 2,
459 );
460 $extraHeaderSize = $this->getStructSize( $extraHeaderInfo );
461
462 $zip64ExtraInfo = array(
463 'uncompressed size' => 8,
464 'compressed size' => 8,
465 'local header offset' => 8,
466 'disk number start' => 4,
467 );
468
469 $extraPos = 0;
470 while ( $extraPos < strlen( $extraField ) ) {
471 $extra = $this->unpack( $extraField, $extraHeaderInfo, $extraPos );
472 $extraPos += $extraHeaderSize;
473 $extra += $this->unpack( $extraField,
474 array( 'data' => array( 'string', $extra['size'] ) ),
475 $extraPos );
476 $extraPos += $extra['size'];
477
478 if ( $extra['id'] == self::ZIP64_EXTRA_HEADER ) {
479 return $this->unpack( $extra['data'], $zip64ExtraInfo );
480 }
481 }
482
483 return false;
484 }
485
486 /**
487 * Get the length of the file.
488 */
489 function getFileLength() {
490 if ( $this->fileLength === null ) {
491 $stat = fstat( $this->file );
492 $this->fileLength = $stat['size'];
493 }
494
495 return $this->fileLength;
496 }
497
498 /**
499 * Get the file contents from a given offset. If there are not enough bytes
500 * in the file to satisfy the request, an exception will be thrown.
501 *
502 * @param int $start The byte offset of the start of the block.
503 * @param int $length The number of bytes to return. If omitted, the remainder
504 * of the file will be returned.
505 *
506 * @return string
507 */
508 function getBlock( $start, $length = null ) {
509 $fileLength = $this->getFileLength();
510 if ( $start >= $fileLength ) {
511 $this->error( 'zip-bad', "getBlock() requested position $start, " .
512 "file length is $fileLength" );
513 }
514 if ( $length === null ) {
515 $length = $fileLength - $start;
516 }
517 $end = $start + $length;
518 if ( $end > $fileLength ) {
519 $this->error( 'zip-bad', "getBlock() requested end position $end, " .
520 "file length is $fileLength" );
521 }
522 $startSeg = floor( $start / self::SEGSIZE );
523 $endSeg = ceil( $end / self::SEGSIZE );
524
525 $block = '';
526 for ( $segIndex = $startSeg; $segIndex <= $endSeg; $segIndex++ ) {
527 $block .= $this->getSegment( $segIndex );
528 }
529
530 $block = substr( $block,
531 $start - $startSeg * self::SEGSIZE,
532 $length );
533
534 if ( strlen( $block ) < $length ) {
535 $this->error( 'zip-bad', 'getBlock() returned an unexpectedly small amount of data' );
536 }
537
538 return $block;
539 }
540
541 /**
542 * Get a section of the file starting at position $segIndex * self::SEGSIZE,
543 * of length self::SEGSIZE. The result is cached. This is a helper function
544 * for getBlock().
545 *
546 * If there are not enough bytes in the file to satisfy the request, the
547 * return value will be truncated. If a request is made for a segment beyond
548 * the end of the file, an empty string will be returned.
549 * @return string
550 */
551 function getSegment( $segIndex ) {
552 if ( !isset( $this->buffer[$segIndex] ) ) {
553 $bytePos = $segIndex * self::SEGSIZE;
554 if ( $bytePos >= $this->getFileLength() ) {
555 $this->buffer[$segIndex] = '';
556
557 return '';
558 }
559 if ( fseek( $this->file, $bytePos ) ) {
560 $this->error( 'zip-bad', "seek to $bytePos failed" );
561 }
562 $seg = fread( $this->file, self::SEGSIZE );
563 if ( $seg === false ) {
564 $this->error( 'zip-bad', "read from $bytePos failed" );
565 }
566 $this->buffer[$segIndex] = $seg;
567 }
568
569 return $this->buffer[$segIndex];
570 }
571
572 /**
573 * Get the size of a structure in bytes. See unpack() for the format of $struct.
574 * @return int
575 */
576 function getStructSize( $struct ) {
577 $size = 0;
578 foreach ( $struct as $type ) {
579 if ( is_array( $type ) ) {
580 list( , $fieldSize ) = $type;
581 $size += $fieldSize;
582 } else {
583 $size += $type;
584 }
585 }
586
587 return $size;
588 }
589
590 /**
591 * Unpack a binary structure. This is like the built-in unpack() function
592 * except nicer.
593 *
594 * @param string $string The binary data input
595 *
596 * @param array $struct An associative array giving structure members and their
597 * types. In the key is the field name. The value may be either an
598 * integer, in which case the field is a little-endian unsigned integer
599 * encoded in the given number of bytes, or an array, in which case the
600 * first element of the array is the type name, and the subsequent
601 * elements are type-dependent parameters. Only one such type is defined:
602 * - "string": The second array element gives the length of string.
603 * Not null terminated.
604 *
605 * @param int $offset The offset into the string at which to start unpacking.
606 *
607 * @throws MWException
608 * @return array Unpacked associative array. Note that large integers in the input
609 * may be represented as floating point numbers in the return value, so
610 * the use of weak comparison is advised.
611 */
612 function unpack( $string, $struct, $offset = 0 ) {
613 $size = $this->getStructSize( $struct );
614 if ( $offset + $size > strlen( $string ) ) {
615 $this->error( 'zip-bad', 'unpack() would run past the end of the supplied string' );
616 }
617
618 $data = array();
619 $pos = $offset;
620 foreach ( $struct as $key => $type ) {
621 if ( is_array( $type ) ) {
622 list( $typeName, $fieldSize ) = $type;
623 switch ( $typeName ) {
624 case 'string':
625 $data[$key] = substr( $string, $pos, $fieldSize );
626 $pos += $fieldSize;
627 break;
628 default:
629 throw new MWException( __METHOD__ . ": invalid type \"$typeName\"" );
630 }
631 } else {
632 // Unsigned little-endian integer
633 $length = intval( $type );
634
635 // Calculate the value. Use an algorithm which automatically
636 // upgrades the value to floating point if necessary.
637 $value = 0;
638 for ( $i = $length - 1; $i >= 0; $i-- ) {
639 $value *= 256;
640 $value += ord( $string[$pos + $i] );
641 }
642
643 // Throw an exception if there was loss of precision
644 if ( $value > pow( 2, 52 ) ) {
645 $this->error( 'zip-unsupported', 'number too large to be stored in a double. ' .
646 'This could happen if we tried to unpack a 64-bit structure ' .
647 'at an invalid location.' );
648 }
649 $data[$key] = $value;
650 $pos += $length;
651 }
652 }
653
654 return $data;
655 }
656
657 /**
658 * Returns a bit from a given position in an integer value, converted to
659 * boolean.
660 *
661 * @param $value integer
662 * @param int $bitIndex The index of the bit, where 0 is the LSB.
663 * @return bool
664 */
665 function testBit( $value, $bitIndex ) {
666 return (bool)( ( $value >> $bitIndex ) & 1 );
667 }
668
669 /**
670 * Debugging helper function which dumps a string in hexdump -C format.
671 */
672 function hexDump( $s ) {
673 $n = strlen( $s );
674 for ( $i = 0; $i < $n; $i += 16 ) {
675 printf( "%08X ", $i );
676 for ( $j = 0; $j < 16; $j++ ) {
677 print " ";
678 if ( $j == 8 ) {
679 print " ";
680 }
681 if ( $i + $j >= $n ) {
682 print " ";
683 } else {
684 printf( "%02X", ord( $s[$i + $j] ) );
685 }
686 }
687
688 print " |";
689 for ( $j = 0; $j < 16; $j++ ) {
690 if ( $i + $j >= $n ) {
691 print " ";
692 } elseif ( ctype_print( $s[$i + $j] ) ) {
693 print $s[$i + $j];
694 } else {
695 print '.';
696 }
697 }
698 print "|\n";
699 }
700 }
701 }
702
703 /**
704 * Internal exception class. Will be caught by private code.
705 */
706 class ZipDirectoryReaderError extends Exception {
707 protected $errorCode;
708
709 function __construct( $code ) {
710 $this->errorCode = $code;
711 parent::__construct( "ZipDirectoryReader error: $code" );
712 }
713
714 /**
715 * @return mixed
716 */
717 function getErrorCode() {
718 return $this->errorCode;
719 }
720 }
MediaWiki Core