3 * Functions related to the output of file content
9 * Stream a file to the browser, adding all the headings and fun stuff
10 * @param $fname string Full name and path of the file to stream
11 * @param $headers array Any additional headers to send
12 * @param $sendErrors bool Send error messages if errors occur (like 404)
13 * @return bool Success
15 public static function stream( $fname, $headers = array(), $sendErrors = true ) {
16 global $wgLanguageCode;
19 $stat = stat( $fname );
23 header( 'HTTP/1.0 404 Not Found' );
24 header( 'Cache-Control: no-cache' );
25 header( 'Content-Type: text/html; charset=utf-8' );
26 $encFile = htmlspecialchars( $fname );
27 $encScript = htmlspecialchars( $_SERVER['SCRIPT_NAME'] );
29 <h1>File not found</h1>
30 <p>Although this PHP script ($encScript) exists, the file requested for output
31 ($encFile) does not.</p>
38 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s', $stat['mtime'] ) . ' GMT' );
40 // Cancel output buffering and gzipping if set
41 wfResetOutputBuffers();
43 $type = self
::getType( $fname );
44 if ( $type && $type != 'unknown/unknown' ) {
45 header( "Content-type: $type" );
47 header( 'Content-type: application/x-wiki' );
50 // Don't stream it out as text/html if there was a PHP error
51 if ( headers_sent() ) {
52 echo "Headers already sent, terminating.\n";
56 header( "Content-Disposition: inline;filename*=utf-8'$wgLanguageCode'" .
57 urlencode( basename( $fname ) ) );
59 // Send additional headers
60 foreach ( $headers as $header ) {
64 // Don't send if client has up to date cache
65 if ( !empty( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
66 $modsince = preg_replace( '/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
67 $sinceTime = strtotime( $modsince );
68 if ( $stat['mtime'] <= $sinceTime ) {
69 ini_set( 'zlib.output_compression', 0 );
70 header( "HTTP/1.0 304 Not Modified" );
75 header( 'Content-Length: ' . $stat['size'] );
77 return readfile( $fname );
81 * Determine the filetype we're dealing with
82 * @param $filename string
86 private static function getType( $filename, $safe = true ) {
87 global $wgTrivialMimeDetection;
89 $ext = strrchr( $filename, '.' );
90 $ext = $ext === false ?
'' : strtolower( substr( $ext, 1 ) );
92 # trivial detection by file extension,
93 # used for thumbnails (thumb.php)
94 if ( $wgTrivialMimeDetection ) {
96 case 'gif': return 'image/gif';
97 case 'png': return 'image/png';
98 case 'jpg': return 'image/jpeg';
99 case 'jpeg': return 'image/jpeg';
102 return 'unknown/unknown';
105 $magic = MimeMagic
::singleton();
106 // Use the extension only, rather than magic numbers, to avoid opening
107 // up vulnerabilities due to uploads of files with allowed extensions
108 // but disallowed types.
109 $type = $magic->guessTypesForExtension( $ext );
112 * Double-check some security settings that were done on upload but might
113 * have changed since.
116 global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
117 $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
118 list( , $extList ) = UploadBase
::splitExtensions( $filename );
119 if ( UploadBase
::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
120 return 'unknown/unknown';
122 if ( $wgCheckFileExtensions && $wgStrictFileExtensions
123 && !UploadBase
::checkFileExtensionList( $extList, $wgFileExtensions ) )
125 return 'unknown/unknown';
127 if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
128 return 'unknown/unknown';