Move wfStreamFile() into a class, update all callers in core (only 3 extensions use it afaict), leave wfStreamFile() as a b/c alias for now.
Yay less global functions, autoloading and less manual require()s.
This commit is contained in:
Chad Horohoe
parent
f159bfe0cf
commit
1a1e917c86
7 changed files with 117 additions and 113 deletions
|
|
@ -32,7 +32,6 @@ if ( isset( $_SERVER['MW_COMPILED'] ) ) {
|
|||
require ( dirname( __FILE__ ) . '/includes/WebStart.php' );
|
||||
}
|
||||
wfProfileIn( 'img_auth.php' );
|
||||
require_once( dirname( __FILE__ ) . '/includes/StreamFile.php' );
|
||||
|
||||
$wgActionPaths[] = $_SERVER['SCRIPT_NAME'];
|
||||
// See if this is a public Wiki (no protections)
|
||||
|
|
@ -95,7 +94,7 @@ if( !$title->userCanRead() )
|
|||
|
||||
// Stream the requested file
|
||||
wfDebugLog( 'img_auth', "Streaming `".$filename."`." );
|
||||
wfStreamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
|
||||
StreamFile::stream( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
|
||||
wfLogProfilingData();
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -213,6 +213,7 @@ $wgAutoloadLocalClasses = array(
|
|||
'SquidPurgeClient' => 'includes/SquidPurgeClient.php',
|
||||
'SquidPurgeClientPool' => 'includes/SquidPurgeClient.php',
|
||||
'Status' => 'includes/Status.php',
|
||||
'StreamFile' => 'includes/StreamFile.php',
|
||||
'StringUtils' => 'includes/StringUtils.php',
|
||||
'StubContLang' => 'includes/StubObject.php',
|
||||
'StubObject' => 'includes/StubObject.php',
|
||||
|
|
|
|||
|
|
@ -3196,6 +3196,14 @@ function wfLocalFile( $title ) {
|
|||
return RepoGroup::singleton()->getLocalRepo()->newFile( $title );
|
||||
}
|
||||
|
||||
/**
|
||||
* Stream a file to the browser. Back-compat alias for StreamFile::stream()
|
||||
* @deprecated since 1.19
|
||||
*/
|
||||
function wfStreamFile( $fname, $headers = array() ) {
|
||||
StreamFile::stream( $fname, $headers );
|
||||
}
|
||||
|
||||
/**
|
||||
* Should low-performance queries be disabled?
|
||||
*
|
||||
|
|
|
|||
|
|
@ -4,119 +4,122 @@
|
|||
*
|
||||
* @file
|
||||
*/
|
||||
|
||||
/**
|
||||
* @param $fname string
|
||||
* @param $headers array
|
||||
*/
|
||||
function wfStreamFile( $fname, $headers = array() ) {
|
||||
wfSuppressWarnings();
|
||||
$stat = stat( $fname );
|
||||
wfRestoreWarnings();
|
||||
if ( !$stat ) {
|
||||
header( 'HTTP/1.0 404 Not Found' );
|
||||
header( 'Cache-Control: no-cache' );
|
||||
header( 'Content-Type: text/html; charset=utf-8' );
|
||||
$encFile = htmlspecialchars( $fname );
|
||||
$encScript = htmlspecialchars( $_SERVER['SCRIPT_NAME'] );
|
||||
echo "<html><body>
|
||||
<h1>File not found</h1>
|
||||
<p>Although this PHP script ($encScript) exists, the file requested for output
|
||||
($encFile) does not.</p>
|
||||
</body></html>
|
||||
";
|
||||
return;
|
||||
}
|
||||
|
||||
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s', $stat['mtime'] ) . ' GMT' );
|
||||
|
||||
// Cancel output buffering and gzipping if set
|
||||
wfResetOutputBuffers();
|
||||
|
||||
$type = wfGetType( $fname );
|
||||
if ( $type and $type!="unknown/unknown") {
|
||||
header("Content-type: $type");
|
||||
} else {
|
||||
header('Content-type: application/x-wiki');
|
||||
}
|
||||
|
||||
// Don't stream it out as text/html if there was a PHP error
|
||||
if ( headers_sent() ) {
|
||||
echo "Headers already sent, terminating.\n";
|
||||
return;
|
||||
}
|
||||
|
||||
global $wgLanguageCode;
|
||||
header( "Content-Disposition: inline;filename*=utf-8'$wgLanguageCode'" . urlencode( basename( $fname ) ) );
|
||||
|
||||
foreach ( $headers as $header ) {
|
||||
header( $header );
|
||||
}
|
||||
|
||||
if ( !empty( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
|
||||
$modsince = preg_replace( '/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
|
||||
$sinceTime = strtotime( $modsince );
|
||||
if ( $stat['mtime'] <= $sinceTime ) {
|
||||
ini_set('zlib.output_compression', 0);
|
||||
header( "HTTP/1.0 304 Not Modified" );
|
||||
class StreamFile {
|
||||
/**
|
||||
* Stream a file to the browser, adding all the headings and fun stuff
|
||||
* @param $fname string Full name and path of the file to stream
|
||||
* @param $headers array Any additional headers to send
|
||||
*/
|
||||
public static function stream( $fname, $headers = array(), $request = null ) {
|
||||
wfSuppressWarnings();
|
||||
$stat = stat( $fname );
|
||||
wfRestoreWarnings();
|
||||
if ( !$stat ) {
|
||||
header( 'HTTP/1.0 404 Not Found' );
|
||||
header( 'Cache-Control: no-cache' );
|
||||
header( 'Content-Type: text/html; charset=utf-8' );
|
||||
$encFile = htmlspecialchars( $fname );
|
||||
$encScript = htmlspecialchars( $_SERVER['SCRIPT_NAME'] );
|
||||
echo "<html><body>
|
||||
<h1>File not found</h1>
|
||||
<p>Although this PHP script ($encScript) exists, the file requested for output
|
||||
($encFile) does not.</p>
|
||||
</body></html>
|
||||
";
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
header( 'Content-Length: ' . $stat['size'] );
|
||||
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s', $stat['mtime'] ) . ' GMT' );
|
||||
|
||||
readfile( $fname );
|
||||
}
|
||||
// Cancel output buffering and gzipping if set
|
||||
wfResetOutputBuffers();
|
||||
|
||||
/**
|
||||
* @param $filename string
|
||||
* @param $safe bool
|
||||
* @return null|string
|
||||
*/
|
||||
function wfGetType( $filename, $safe = true ) {
|
||||
global $wgTrivialMimeDetection;
|
||||
|
||||
$ext = strrchr($filename, '.');
|
||||
$ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
|
||||
|
||||
# trivial detection by file extension,
|
||||
# used for thumbnails (thumb.php)
|
||||
if ($wgTrivialMimeDetection) {
|
||||
switch ($ext) {
|
||||
case 'gif': return 'image/gif';
|
||||
case 'png': return 'image/png';
|
||||
case 'jpg': return 'image/jpeg';
|
||||
case 'jpeg': return 'image/jpeg';
|
||||
$type = self::getType( $fname );
|
||||
if ( $type && $type != 'unknown/unknown' ) {
|
||||
header( "Content-type: $type" );
|
||||
} else {
|
||||
header( 'Content-type: application/x-wiki' );
|
||||
}
|
||||
|
||||
return 'unknown/unknown';
|
||||
// Don't stream it out as text/html if there was a PHP error
|
||||
if ( headers_sent() ) {
|
||||
echo "Headers already sent, terminating.\n";
|
||||
return;
|
||||
}
|
||||
|
||||
global $wgLanguageCode;
|
||||
header( "Content-Disposition: inline;filename*=utf-8'$wgLanguageCode'" . urlencode( basename( $fname ) ) );
|
||||
|
||||
foreach ( $headers as $header ) {
|
||||
header( $header );
|
||||
}
|
||||
|
||||
if ( !empty( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
|
||||
$modsince = preg_replace( '/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
|
||||
$sinceTime = strtotime( $modsince );
|
||||
if ( $stat['mtime'] <= $sinceTime ) {
|
||||
ini_set( 'zlib.output_compression', 0 );
|
||||
header( "HTTP/1.0 304 Not Modified" );
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
header( 'Content-Length: ' . $stat['size'] );
|
||||
|
||||
readfile( $fname );
|
||||
}
|
||||
|
||||
$magic = MimeMagic::singleton();
|
||||
// Use the extension only, rather than magic numbers, to avoid opening
|
||||
// up vulnerabilities due to uploads of files with allowed extensions
|
||||
// but disallowed types.
|
||||
$type = $magic->guessTypesForExtension( $ext );
|
||||
|
||||
/**
|
||||
* Double-check some security settings that were done on upload but might
|
||||
* have changed since.
|
||||
* Determine the filetype we're dealing with
|
||||
* @param $filename string
|
||||
* @param $safe bool
|
||||
* @return null|string
|
||||
*/
|
||||
if ( $safe ) {
|
||||
global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
|
||||
$wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
|
||||
list( , $extList ) = UploadBase::splitExtensions( $filename );
|
||||
if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
|
||||
private static function getType( $filename, $safe = true ) {
|
||||
global $wgTrivialMimeDetection;
|
||||
|
||||
$ext = strrchr( $filename, '.' );
|
||||
$ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
|
||||
|
||||
# trivial detection by file extension,
|
||||
# used for thumbnails (thumb.php)
|
||||
if ( $wgTrivialMimeDetection ) {
|
||||
switch ( $ext ) {
|
||||
case 'gif': return 'image/gif';
|
||||
case 'png': return 'image/png';
|
||||
case 'jpg': return 'image/jpeg';
|
||||
case 'jpeg': return 'image/jpeg';
|
||||
}
|
||||
|
||||
return 'unknown/unknown';
|
||||
}
|
||||
if ( $wgCheckFileExtensions && $wgStrictFileExtensions
|
||||
&& !UploadBase::checkFileExtensionList( $extList, $wgFileExtensions ) )
|
||||
{
|
||||
return 'unknown/unknown';
|
||||
}
|
||||
if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
|
||||
return 'unknown/unknown';
|
||||
|
||||
$magic = MimeMagic::singleton();
|
||||
// Use the extension only, rather than magic numbers, to avoid opening
|
||||
// up vulnerabilities due to uploads of files with allowed extensions
|
||||
// but disallowed types.
|
||||
$type = $magic->guessTypesForExtension( $ext );
|
||||
|
||||
/**
|
||||
* Double-check some security settings that were done on upload but might
|
||||
* have changed since.
|
||||
*/
|
||||
if ( $safe ) {
|
||||
global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
|
||||
$wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
|
||||
list( , $extList ) = UploadBase::splitExtensions( $filename );
|
||||
if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
|
||||
return 'unknown/unknown';
|
||||
}
|
||||
if ( $wgCheckFileExtensions && $wgStrictFileExtensions
|
||||
&& !UploadBase::checkFileExtensionList( $extList, $wgFileExtensions ) )
|
||||
{
|
||||
return 'unknown/unknown';
|
||||
}
|
||||
if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
|
||||
return 'unknown/unknown';
|
||||
}
|
||||
}
|
||||
return $type;
|
||||
}
|
||||
return $type;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -316,12 +316,9 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
|
|||
$this->getRequest()->response()->header( 'Cache-Control: no-cache, no-store, max-age=0, must-revalidate' );
|
||||
$this->getRequest()->response()->header( 'Pragma: no-cache' );
|
||||
|
||||
# Stream the file to the client
|
||||
global $IP;
|
||||
require_once( "$IP/includes/StreamFile.php" );
|
||||
$key = $oimage->getStorageKey();
|
||||
$path = $repo->getZonePath( 'deleted' ) . '/' . $repo->getDeletedHashPath( $key ) . $key;
|
||||
wfStreamFile( $path );
|
||||
StreamFile::stream( $path );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1013,11 +1013,9 @@ class SpecialUndelete extends SpecialPage {
|
|||
$response->header( 'Cache-Control: no-cache, no-store, max-age=0, must-revalidate' );
|
||||
$response->header( 'Pragma: no-cache' );
|
||||
|
||||
global $IP;
|
||||
require_once( "$IP/includes/StreamFile.php" );
|
||||
$repo = RepoGroup::singleton()->getLocalRepo();
|
||||
$path = $repo->getZonePath( 'deleted' ) . '/' . $repo->getDeletedHashPath( $key ) . $key;
|
||||
wfStreamFile( $path );
|
||||
StreamFile::stream( $path );
|
||||
}
|
||||
|
||||
private function showHistory() {
|
||||
|
|
|
|||
|
|
@ -15,8 +15,6 @@ if ( isset( $_SERVER['MW_COMPILED'] ) ) {
|
|||
|
||||
$wgTrivialMimeDetection = true; //don't use fancy mime detection, just check the file extension for jpg/gif/png.
|
||||
|
||||
require_once( "$IP/includes/StreamFile.php" );
|
||||
|
||||
wfThumbMain();
|
||||
wfLogProfilingData();
|
||||
|
||||
|
|
@ -126,7 +124,7 @@ function wfThumbMain() {
|
|||
$thumbPath = $img->getThumbPath( $thumbName );
|
||||
|
||||
if ( is_file( $thumbPath ) ) {
|
||||
wfStreamFile( $thumbPath, $headers );
|
||||
StreamFile::stream( $thumbPath, $headers );
|
||||
wfProfileOut( __METHOD__ );
|
||||
return;
|
||||
}
|
||||
|
|
@ -155,7 +153,7 @@ function wfThumbMain() {
|
|||
$errorMsg = wfMsgHtml( 'thumbnail_error', 'Image was not scaled, ' .
|
||||
'is the requested width bigger than the source?' );
|
||||
} else {
|
||||
wfStreamFile( $thumb->getPath(), $headers );
|
||||
StreamFile::stream( $thumb->getPath(), $headers );
|
||||
}
|
||||
if ( $errorMsg !== false ) {
|
||||
wfThumbError( 500, $errorMsg );
|
||||
|
|
|
|||
Loading…
Reference in a new issue