search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Rename messages from r90670
[mediawiki.git] / includes / StreamFile.php
blobf2f0566e866cd872c918793670f34646b591c07c
1 <?php
2 /**
3 * Functions related to the output of file content
4 *
5 * @file
6 */
7
8 /**
9 * @param $fname string
10 * @param $headers array
11 */
12 function wfStreamFile( $fname, $headers = array() ) {
13 $stat = @stat( $fname );
14 if ( !$stat ) {
15 header( 'HTTP/1.0 404 Not Found' );
16 header( 'Cache-Control: no-cache' );
17 header( 'Content-Type: text/html; charset=utf-8' );
18 $encFile = htmlspecialchars( $fname );
19 $encScript = htmlspecialchars( $_SERVER['SCRIPT_NAME'] );
20 echo "<html><body>
21 <h1>File not found</h1>
22 <p>Although this PHP script ($encScript) exists, the file requested for output
23 ($encFile) does not.</p>
24 </body></html>
25 ";
26 return;
27 }
28
29 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s', $stat['mtime'] ) . ' GMT' );
30
31 // Cancel output buffering and gzipping if set
32 wfResetOutputBuffers();
33
34 $type = wfGetType( $fname );
35 if ( $type and $type!="unknown/unknown") {
36 header("Content-type: $type");
37 } else {
38 header('Content-type: application/x-wiki');
39 }
40
41 // Don't stream it out as text/html if there was a PHP error
42 if ( headers_sent() ) {
43 echo "Headers already sent, terminating.\n";
44 return;
45 }
46
47 global $wgLanguageCode;
48 header( "Content-Disposition: inline;filename*=utf-8'$wgLanguageCode'" . urlencode( basename( $fname ) ) );
49
50 foreach ( $headers as $header ) {
51 header( $header );
52 }
53
54 if ( !empty( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
55 $modsince = preg_replace( '/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
56 $sinceTime = strtotime( $modsince );
57 if ( $stat['mtime'] <= $sinceTime ) {
58 ini_set('zlib.output_compression', 0);
59 header( "HTTP/1.0 304 Not Modified" );
60 return;
61 }
62 }
63
64 header( 'Content-Length: ' . $stat['size'] );
65
66 readfile( $fname );
67 }
68
69 /**
70 * @param $filename string
71 * @param $safe bool
72 * @return null|string
73 */
74 function wfGetType( $filename, $safe = true ) {
75 global $wgTrivialMimeDetection;
76
77 $ext = strrchr($filename, '.');
78 $ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
79
80 # trivial detection by file extension,
81 # used for thumbnails (thumb.php)
82 if ($wgTrivialMimeDetection) {
83 switch ($ext) {
84 case 'gif': return 'image/gif';
85 case 'png': return 'image/png';
86 case 'jpg': return 'image/jpeg';
87 case 'jpeg': return 'image/jpeg';
88 }
89
90 return 'unknown/unknown';
91 }
92
93 $magic = MimeMagic::singleton();
94 // Use the extension only, rather than magic numbers, to avoid opening
95 // up vulnerabilities due to uploads of files with allowed extensions
96 // but disallowed types.
97 $type = $magic->guessTypesForExtension( $ext );
98
99 /**
100 * Double-check some security settings that were done on upload but might
101 * have changed since.
102 */
103 if ( $safe ) {
104 global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
105 $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
106 list( , $extList ) = UploadBase::splitExtensions( $filename );
107 if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
108 return 'unknown/unknown';
109 }
110 if ( $wgCheckFileExtensions && $wgStrictFileExtensions
111 && !UploadBase::checkFileExtensionList( $extList, $wgFileExtensions ) )
112 {
113 return 'unknown/unknown';
114 }
115 if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
116 return 'unknown/unknown';
117 }
118 }
119 return $type;
120 }
MediaWiki Core