MediaWiki  master
StreamFile.php
Go to the documentation of this file.
1 <?php
26 class StreamFile {
27  // Do not send any HTTP headers unless requested by caller (e.g. body only)
28  const STREAM_HEADLESS = 1;
29  // Do not try to tear down any PHP output buffers
30  const STREAM_ALLOW_OB = 2;
31 
45  public static function stream(
46  $fname, $headers = [], $sendErrors = true, $optHeaders = [], $flags = 0
47  ) {
48  $section = new ProfileSection( __METHOD__ );
49 
50  if ( FileBackend::isStoragePath( $fname ) ) { // sanity
51  throw new MWException( __FUNCTION__ . " given storage path '$fname'." );
52  }
53 
54  // Don't stream it out as text/html if there was a PHP error
55  if ( ( ( $flags & self::STREAM_HEADLESS ) == 0 || $headers ) && headers_sent() ) {
56  echo "Headers already sent, terminating.\n";
57  return false;
58  }
59 
60  $headerFunc = ( $flags & self::STREAM_HEADLESS )
61  ? function ( $header ) {
62  // no-op
63  }
64  : function ( $header ) {
65  is_int( $header ) ? HttpStatus::header( $header ) : header( $header );
66  };
67 
68  MediaWiki\suppressWarnings();
69  $info = stat( $fname );
70  MediaWiki\restoreWarnings();
71 
72  if ( !is_array( $info ) ) {
73  if ( $sendErrors ) {
74  self::send404Message( $fname, $flags );
75  }
76  return false;
77  }
78 
79  // Send Last-Modified HTTP header for client-side caching
80  $headerFunc( 'Last-Modified: ' . wfTimestamp( TS_RFC2822, $info['mtime'] ) );
81 
82  if ( ( $flags & self::STREAM_ALLOW_OB ) == 0 ) {
83  // Cancel output buffering and gzipping if set
84  wfResetOutputBuffers();
85  }
86 
87  $type = self::contentTypeFromPath( $fname );
88  if ( $type && $type != 'unknown/unknown' ) {
89  $headerFunc( "Content-type: $type" );
90  } else {
91  // Send a content type which is not known to Internet Explorer, to
92  // avoid triggering IE's content type detection. Sending a standard
93  // unknown content type here essentially gives IE license to apply
94  // whatever content type it likes.
95  $headerFunc( 'Content-type: application/x-wiki' );
96  }
97 
98  // Don't send if client has up to date cache
99  if ( isset( $optHeaders['if-modified-since'] ) ) {
100  $modsince = preg_replace( '/;.*$/', '', $optHeaders['if-modified-since'] );
101  if ( wfTimestamp( TS_UNIX, $info['mtime'] ) <= strtotime( $modsince ) ) {
102  ini_set( 'zlib.output_compression', 0 );
103  $headerFunc( 304 );
104  return true; // ok
105  }
106  }
107 
108  // Send additional headers
109  foreach ( $headers as $header ) {
110  header( $header ); // always use header(); specifically requested
111  }
112 
113  if ( isset( $optHeaders['range'] ) ) {
114  $range = self::parseRange( $optHeaders['range'], $info['size'] );
115  if ( is_array( $range ) ) {
116  $headerFunc( 206 );
117  $headerFunc( 'Content-Length: ' . $range[2] );
118  $headerFunc( "Content-Range: bytes {$range[0]}-{$range[1]}/{$info['size']}" );
119  } elseif ( $range === 'invalid' ) {
120  if ( $sendErrors ) {
121  $headerFunc( 416 );
122  $headerFunc( 'Cache-Control: no-cache' );
123  $headerFunc( 'Content-Type: text/html; charset=utf-8' );
124  $headerFunc( 'Content-Range: bytes */' . $info['size'] );
125  }
126  return false;
127  } else { // unsupported Range request (e.g. multiple ranges)
128  $range = null;
129  $headerFunc( 'Content-Length: ' . $info['size'] );
130  }
131  } else {
132  $range = null;
133  $headerFunc( 'Content-Length: ' . $info['size'] );
134  }
135 
136  if ( is_array( $range ) ) {
137  $handle = fopen( $fname, 'rb' );
138  if ( $handle ) {
139  $ok = true;
140  fseek( $handle, $range[0] );
141  $remaining = $range[2];
142  while ( $remaining > 0 && $ok ) {
143  $bytes = min( $remaining, 8 * 1024 );
144  $data = fread( $handle, $bytes );
145  $remaining -= $bytes;
146  $ok = ( $data !== false );
147  print $data;
148  }
149  } else {
150  return false;
151  }
152  } else {
153  return readfile( $fname ) !== false; // faster
154  }
155 
156  return true;
157  }
158 
166  public static function send404Message( $fname, $flags = 0 ) {
167  if ( ( $flags & self::STREAM_HEADLESS ) == 0 ) {
168  HttpStatus::header( 404 );
169  header( 'Cache-Control: no-cache' );
170  header( 'Content-Type: text/html; charset=utf-8' );
171  }
172  $encFile = htmlspecialchars( $fname );
173  $encScript = htmlspecialchars( $_SERVER['SCRIPT_NAME'] );
174  echo "<!DOCTYPE html><html><body>
175  <h1>File not found</h1>
176  <p>Although this PHP script ($encScript) exists, the file requested for output
177  ($encFile) does not.</p>
178  </body></html>
179  ";
180  }
181 
190  public static function parseRange( $range, $size ) {
191  $m = [];
192  if ( preg_match( '#^bytes=(\d*)-(\d*)$#', $range, $m ) ) {
193  list( , $start, $end ) = $m;
194  if ( $start === '' && $end === '' ) {
195  $absRange = [ 0, $size - 1 ];
196  } elseif ( $start === '' ) {
197  $absRange = [ $size - $end, $size - 1 ];
198  } elseif ( $end === '' ) {
199  $absRange = [ $start, $size - 1 ];
200  } else {
201  $absRange = [ $start, $end ];
202  }
203  if ( $absRange[0] >= 0 && $absRange[1] >= $absRange[0] ) {
204  if ( $absRange[0] < $size ) {
205  $absRange[1] = min( $absRange[1], $size - 1 ); // stop at EOF
206  $absRange[2] = $absRange[1] - $absRange[0] + 1;
207  return $absRange;
208  } elseif ( $absRange[0] == 0 && $size == 0 ) {
209  return 'unrecognized'; // the whole file should just be sent
210  }
211  }
212  return 'invalid';
213  }
214  return 'unrecognized';
215  }
216 
224  public static function contentTypeFromPath( $filename, $safe = true ) {
225  global $wgTrivialMimeDetection;
226 
227  $ext = strrchr( $filename, '.' );
228  $ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
229 
230  # trivial detection by file extension,
231  # used for thumbnails (thumb.php)
232  if ( $wgTrivialMimeDetection ) {
233  switch ( $ext ) {
234  case 'gif':
235  return 'image/gif';
236  case 'png':
237  return 'image/png';
238  case 'jpg':
239  return 'image/jpeg';
240  case 'jpeg':
241  return 'image/jpeg';
242  }
243 
244  return 'unknown/unknown';
245  }
246 
247  $magic = MimeMagic::singleton();
248  // Use the extension only, rather than magic numbers, to avoid opening
249  // up vulnerabilities due to uploads of files with allowed extensions
250  // but disallowed types.
251  $type = $magic->guessTypesForExtension( $ext );
252 
257  if ( $safe ) {
258  global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
259  $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
260  list( , $extList ) = UploadBase::splitExtensions( $filename );
261  if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
262  return 'unknown/unknown';
263  }
264  if ( $wgCheckFileExtensions && $wgStrictFileExtensions
265  && !UploadBase::checkFileExtensionList( $extList, $wgFileExtensions )
266  ) {
267  return 'unknown/unknown';
268  }
269  if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
270  return 'unknown/unknown';
271  }
272  }
273  return $type;
274  }
275 }
$wgStrictFileExtensions
$wgStrictFileExtensions
If this is turned off, users may override the warning for files not covered by $wgFileExtensions.
Definition: DefaultSettings.php:911
TS_RFC2822
const TS_RFC2822
RFC 2822 format, for E-mail and HTTP headers.
Definition: GlobalFunctions.php:2010
UploadBase\checkFileExtensionList
static checkFileExtensionList($ext, $list)
Perform case-insensitive match against a list of file extensions.
Definition: UploadBase.php:1034
StreamFile
Functions related to the output of file content.
Definition: StreamFile.php:26
list
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
Definition: deferred.txt:11
StreamFile\STREAM_ALLOW_OB
const STREAM_ALLOW_OB
Definition: StreamFile.php:30
false
processing should stop and the error should be shown to the user * false
Definition: hooks.txt:189
MimeMagic\singleton
static singleton()
Get an instance of this class.
Definition: MimeMagic.php:366
HttpStatus\header
static header($code)
Output an HTTP status code header.
Definition: HttpStatus.php:96
$flags
it s the revision text itself In either if gzip is the revision text is gzipped $flags
Definition: hooks.txt:2588
StreamFile\send404Message
static send404Message($fname, $flags=0)
Send out a standard 404 message for a file.
Definition: StreamFile.php:166
global
when a variable name is used in a it is silently declared as a new local masking the global
Definition: design.txt:93
$wgCheckFileExtensions
$wgCheckFileExtensions
This is a flag to determine whether or not to check file extensions on upload.
Definition: DefaultSettings.php:903
wfTimestamp
wfTimestamp($outputtype=TS_UNIX, $ts=0)
Get a timestamp string in one of various formats.
Definition: GlobalFunctions.php:2051
wfResetOutputBuffers
wfResetOutputBuffers($resetGzipEncoding=true)
Clear away any user-level output buffers, discarding contents.
Definition: GlobalFunctions.php:1806
FileBackend\isStoragePath
static isStoragePath($path)
Check if a given path is a "mwstore://" path.
Definition: FileBackend.php:1380
MWException
MediaWiki exception.
Definition: MWException.php:26
StreamFile\STREAM_HEADLESS
const STREAM_HEADLESS
Definition: StreamFile.php:28
UploadBase\splitExtensions
static splitExtensions($filename)
Split a file into a base name and all dot-delimited 'extensions' on the end.
Definition: UploadBase.php:1007
StreamFile\parseRange
static parseRange($range, $size)
Convert a Range header value to an absolute (start, end) range tuple.
Definition: StreamFile.php:190
ProfileSection
Class for handling function-scope profiling.
Definition: ProfileSection.php:30
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
$section
usually copyright or history_copyright This message must be in HTML not wikitext if the section is included from a template $section
Definition: hooks.txt:2755
StreamFile\stream
static stream($fname, $headers=[], $sendErrors=true, $optHeaders=[], $flags=0)
Stream a file to the browser, adding all the headings and fun stuff.
Definition: StreamFile.php:45
$wgFileExtensions
$wgFileExtensions
This is the list of preferred extensions for uploading files.
Definition: DefaultSettings.php:857
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
print
print
Definition: opensearch_desc.php:46
StreamFile\contentTypeFromPath
static contentTypeFromPath($filename, $safe=true)
Determine the file type of a file based on the path.
Definition: StreamFile.php:224
$fname
if(!defined( 'MEDIAWIKI')) $fname
This file is not a valid entry point, perform no further processing unless MEDIAWIKI is defined...
Definition: Setup.php:36
$wgTrivialMimeDetection
$wgTrivialMimeDetection
Switch for trivial MIME detection.
Definition: DefaultSettings.php:1324
TS_UNIX
const TS_UNIX
Unix time - the number of seconds since 1970-01-01 00:00:00 UTC.
Definition: GlobalFunctions.php:1995
$wgMimeTypeBlacklist
$wgMimeTypeBlacklist
Files with these MIME types will never be allowed as uploads if $wgVerifyMimeType is enabled...
Definition: DefaultSettings.php:878
$wgVerifyMimeType
$wgVerifyMimeType
Determines if the MIME type of uploaded files should be checked.
Definition: DefaultSettings.php:1291
$wgFileBlacklist
$wgFileBlacklist
Files with these extensions will never be allowed as uploads.
Definition: DefaultSettings.php:864
$type
do that in ParserLimitReportFormat instead use this to modify the parameters of the image and a DIV can begin in one section and end in another Make sure your code can handle that case gracefully See the EditSectionClearerLink extension for an example zero but section is usually empty its values are the globals values before the output is cached one of or reset my talk my contributions etc etc otherwise the built in rate limiting checks are if enabled allows for interception of redirect as a string mapping parameter names to values & $type
Definition: hooks.txt:2376