aboutsummaryrefslogtreecommitdiffstats
path: root/includes/StreamFile.php
Commit message (Collapse)AuthorAgeFilesLines
...
* * Standardised file description headersAlexandre Emsenhuber2010-08-141-1/+5
| | | | | | | | * Added some descriptions * Added @file where needed Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/71078
* Removal of unused globalsSam Reed2010-07-241-1/+1
| | | | | | | Removal of one setting of a variable to '', then not using further Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/69839
* here it is ... the upload-api, script-server, js2 (javascript phase2) branch ↵Michael Dale2009-07-141-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | merge 1st attempt. Here is a short overview of changes and associated default configuration variables (most everything is off by default) also see ~soon to be updated~: http://www.mediawiki.org/wiki/Media_Projects_Overview = Upload Improvements = ==Upload API == * Based on the early work of Bryan Tong and others it adds the upload option to the api. * We rewrite Special:Upload page to include use the new refactoring * Added in token checks in both the SpecialUpload.php page so avoids DOS / xss copy-by-url JavaScript based cross site POST file submissions == Copy by URL== $wgAllowCopyUploads = false; * http class rewrite includes a new http background download see: includes/HttpFunctions.php * spins off a php process that calls: maintenance/http_session_download.php * pushes updates to the session and gives the user a progress bar on http copy uploads from other server progress (using js2 upload interface) (if not using the js2 upload interface it does the request in-place but the download is limited to the php ini timeout time) == Firefogg == * Firefogg enables resumable upload by chunks * progress indicators and conditional invokation (js2 system) * and of-course client side transcoding. = Script Server = $wgEnableScriptLoader = false; * off by default if $wgEnableScriptLoader is turned on script files are grouped, gziped, cached etc. for more info see: http://www.mediawiki.org/wiki/Extension:ScriptLoader * Includes some early skin js include fixes (skin/script system still lots of love) * Includes a "javascript class autoloader" this is packaged into mwEmbed so that the mwEmbed library can work in stand alone mode (while retaining localization and script serving) (one such application is the make page for firefogg.org : http://www.firefogg.org/make/index.html ) * The file that contains the autojavascript loading classes is: js2/php/jsAutoloadLocalClasses.php * One can use this auto class loading dependency system with extensions and add-ons but I need to better document that. = js2 system / mwEmbed= $wgEnableJS2system = false * includes initial rewrite towards more jquery based javascript code * especially for the Special:Upload page. * Also the edit page include support for the "add-media-wizard" * includes dependency loader for javascript that optionally takes advantage of the script-loader * remote embedding of javascript interfaces (like embedding video, or commons media searching) * $wgDebugJavaScript = false; .. .this variable lets you always get "always fresh javascript". When used with the script-loader it does not minify the script-loader output. = mwEmbed = * Will commit a separate patch to oggHandler that conditionally outputs <video tag> to use the new javascript video player. ** mv_embed player includes: play-head, volume control, remote embedding, oggz-chop support across plugins. * add-media-wizard adds easy inserts of media to pages (with import) == jQuery== * we include a base install of jQuery, jQuery ui and some plugins. * all the javascript classes are in the scriptloader so its easy to load any set of jquery ui components that you may need using the script-server. You get a callback so you can then execute js with dependencies loaded. == other stuff == there is a bit more code in js2 that pertains to sequence editing, timed text display and basic image editing. We include a base import of pixastic-lib & pixastic-editor... will work with the pixastic developer to try and ensure upstream compatibility on our usage of the library for in-browser photo and sequence manipulation. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/53282
* * (bug 17537) Disable bad zlib.output_compression output on HTTP 304 responsesBrion Vibber2009-03-181-0/+1
| | | | | | | Patch by ezyang - http://bug-attachment.wikimedia.org/attachment.cgi?id=5829 Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/48540
* Improved the security of wfStreamFile():Tim Starling2008-11-181-10/+42
| | | | | | | | | | * Use the file extension to determine Content-Type, don't look for magic numbers. This makes the attack surface similar to ordinary web server downloads, and avoids problems when MIME type is not checked on upload. * Use the same restrictions for Content-Type when streaming as for uploading. This closes any vulnerabilities caused by a change to a more secure configuration, post-upload. * Don't stream out the file after headers are unexpectedly sent (e.g. due to display_errors). The Content-Type will typically be fixed to text/html in this case and so we need to be careful what we send. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/43660
* * remove end of line whitespaceSiebrand Mazeland2008-04-141-4/+2
| | | | | | | | * remove empty lines at end of file * remove "?>" where still present Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/33276
* Kill a bunch of '=&' references for LinkCache, ParserCache, and MimeMagic ↵Brion Vibber2008-04-091-1/+1
| | | | | | | | | | singletons. This is an old PHP 4-ism; only needed today if you want to be able to replace the singleton with another object by using the reference as an lval. :) Killing them because they annoy me. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/33040
* Send Cache-Control: private and Vary headers in img_auth.php. Tim Starling2007-11-031-1/+5
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/27149
* Remove ?>'s from files. They're pointless, and just asking for people to ↵Aryeh Gregor2007-06-291-1/+1
| | | | | | | mess with the files and add trailing whitespace. (Yes, I looked over every one and reverted those that were bogus. Slash-enter a million times in less worked well enough, although it was a bit mind-numbing.) Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/23531
* Merged filerepo-work branch:Tim Starling2007-05-301-0/+3
| | | | | | | | | | | | | | | | | * Added support for configuration of an arbitrary number of commons-style file repositories. * Split Image.php into filerepo/File.php and filerepo/LocalFile.php * Renamed Image::getImagePath() to File::getPath() * Added initial support for timestamp-based file fetching (OldLocalFile), to be expanded upon by aaron. * Changed the interface for Image/File object creation: use wfFindFile() or wfLocalFile() depending on semantics * ImageGallery::add() now accepts a title object as the first parameter * Moved file handling operations on upload from SpecialUpload to File * Removed path-related functions from ImageFunctions.php. Removed static path accessors from File. * Added a Content-Disposition header to thumb.php output * Improved thumb.php error handling * Updated the unit test suite to kind of partially work with modern computers. RunTests.php doesn't work just yet. Fixed an actual regression that the test suite detected -- moved some defines to Defines.php where they will be loaded consistently. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/22580
* * Add 'charset' to Content-Type headers on various HTTP error responsesBrion Vibber2007-02-211-1/+1
| | | | | | | | | | | | | | | | to forestall additional UTF-7-autodetect XSS issues. Probably not an issue on Apache 2.0+, but most servers send only 'text/html' by default when the script didn't specify more details. This fixes an issue with the Ajax interface error message on MSIE when $wgUseAjax is enabled (not default configuration); this UTF-7 variant on a previously fixed attack vector was discovered by Moshe BA from BugSec: http://www.bugsec.com/articles.php?Security=24 * Trackback responses now specify XML content type Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/20007
* * (bug 8148) Handle non-removable output buffers gracefully when cleaningBrion Vibber2006-12-111-6/+1
| | | | | | | | | buffers for HTTP 304 responses, StreamFile, and Special:Export. Duplicated code merged into wfResetOutputBuffers() and wfClearOutputBuffers() Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/18253
* Set content type on error messages, and include a trailing newlineTim Starling2006-11-121-1/+3
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/17558
* don't cache error pagesTim Starling2006-11-011-0/+1
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/17341
* * Removed lots of explicit require_once statements. The autoloader should ↵Tim Starling2006-10-031-1/+1
| | | | | | | | | | | theoretically be faster, because it always uses an absolute path, eliminating the need for a search, and it is never called unnecessarily. Absolute paths are also more robust in the face of odd configurations or usage patterns. Moved a few constants around to support this, they always have to be available before the method call. * Deleted DatabaseMysql.php, no longer necessary, database classes are autoloaded. * Moved wfGetMimeMagic() to MimeMagic::singleton() * Fixed a couple of __CLASS__.'::'.__FUNCTION__ things. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/16759
* Committed a bunch of live hacks from Wikimedia serversBrion Vibber2006-10-021-2/+4
| | | | | | | | A few left, but these don't look too evil Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/16738
* * Workaround possible bug in Firefox nightlies by properly removing theBrion Vibber2006-06-181-1/+1
| | | | | | | | | Content-Encoding header instead of sending explicit 'identity' value in StreamFile Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/14813
* * Return correct content-type header with 304 responses for StreamFile; it ↵Brion Vibber2006-06-131-7/+7
| | | | | | | confuses Safari if you let it return "text/html". Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/14758
* Cancel output buffering in StreamFile; when used inside gzip buffering this ↵Brion Vibber2006-06-131-0/+8
| | | | | | | could cause funny timeout behavior as the Content-Length was wrong. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/14757
* * s~\t+$~~Ævar Arnfjörð Bjarmason2006-01-071-5/+5
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/12476
* * s~ +$~~Ævar Arnfjörð Bjarmason2006-01-071-1/+1
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/12472
* Clean up unused globals!Antoine Musso2005-12-041-1/+0
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/11956
* Suppressed file not found warning, removed unnecessary cache suppression headerTim Starling2005-08-131-2/+1
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/10471
* fix some issues with phpdocAntoine Musso2005-07-051-5/+8
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/9938
* * (bug 898) Mime type autodetection.Ævar Arnfjörð Bjarmason2005-05-211-123/+21
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/9116
* Fixed various bugs with new image code, changed thumbnail paths as per ↵Tim Starling2005-04-161-1/+2
| | | | | | | JeLuF's suggestion Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/8382
* Fixed some obvious bugs with the new code and implemented If-Modified-Since ↵Tim Starling2005-04-161-3/+10
| | | | | | | handling Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/8379
* Optional thumbnail generation by client request, using thumb.php. This ↵Tim Starling2005-04-161-0/+157
removes any need for access to image files on page view. Experimental, some aspects still haven't been tested. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/8378
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 11:57:07 +0000