Fix for r47482: put the RELEASE-NOTES entry in the "bug fixes" section and not the...
[mediawiki.git] / includes / StreamFile.php
blob4abd73649b6e71ccb2ed30f8921edec8c678d3c7
1 <?php
2 /** */
4 /** */
5 function wfStreamFile( $fname, $headers = array() ) {
6 $stat = @stat( $fname );
7 if ( !$stat ) {
8 header( 'HTTP/1.0 404 Not Found' );
9 header( 'Cache-Control: no-cache' );
10 header( 'Content-Type: text/html; charset=utf-8' );
11 $encFile = htmlspecialchars( $fname );
12 $encScript = htmlspecialchars( $_SERVER['SCRIPT_NAME'] );
13 echo "<html><body>
14 <h1>File not found</h1>
15 <p>Although this PHP script ($encScript) exists, the file requested for output
16 ($encFile) does not.</p>
17 </body></html>
19 return;
22 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s', $stat['mtime'] ) . ' GMT' );
24 // Cancel output buffering and gzipping if set
25 wfResetOutputBuffers();
27 $type = wfGetType( $fname );
28 if ( $type and $type!="unknown/unknown") {
29 header("Content-type: $type");
30 } else {
31 header('Content-type: application/x-wiki');
34 // Don't stream it out as text/html if there was a PHP error
35 if ( headers_sent() ) {
36 echo "Headers already sent, terminating.\n";
37 return;
40 global $wgContLanguageCode;
41 header( "Content-Disposition: inline;filename*=utf-8'$wgContLanguageCode'" . urlencode( basename( $fname ) ) );
43 foreach ( $headers as $header ) {
44 header( $header );
47 if ( !empty( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
48 $modsince = preg_replace( '/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
49 $sinceTime = strtotime( $modsince );
50 if ( $stat['mtime'] <= $sinceTime ) {
51 header( "HTTP/1.0 304 Not Modified" );
52 return;
56 header( 'Content-Length: ' . $stat['size'] );
58 readfile( $fname );
61 /** */
62 function wfGetType( $filename, $safe = true ) {
63 global $wgTrivialMimeDetection;
65 $ext = strrchr($filename, '.');
66 $ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
68 # trivial detection by file extension,
69 # used for thumbnails (thumb.php)
70 if ($wgTrivialMimeDetection) {
71 switch ($ext) {
72 case 'gif': return 'image/gif';
73 case 'png': return 'image/png';
74 case 'jpg': return 'image/jpeg';
75 case 'jpeg': return 'image/jpeg';
78 return 'unknown/unknown';
81 $magic = MimeMagic::singleton();
82 // Use the extension only, rather than magic numbers, to avoid opening
83 // up vulnerabilities due to uploads of files with allowed extensions
84 // but disallowed types.
85 $type = $magic->guessTypesForExtension( $ext );
87 /**
88 * Double-check some security settings that were done on upload but might
89 * have changed since.
91 if ( $safe ) {
92 global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
93 $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist, $wgRequest;
94 $form = new UploadForm( $wgRequest );
95 list( $partName, $extList ) = $form->splitExtensions( $filename );
96 if ( $form->checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
97 return 'unknown/unknown';
99 if ( $wgCheckFileExtensions && $wgStrictFileExtensions
100 && !$form->checkFileExtensionList( $extList, $wgFileExtensions ) )
102 return 'unknown/unknown';
104 if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
105 return 'unknown/unknown';
108 return $type;