'wfResetOutputBuffers', 'streamMimeFunc' => [ __CLASS__, 'contentTypeFromPath' ] ] ); return $streamer->stream( $headers, $sendErrors, $optHeaders, $flags ); } /** * Determine the file type of a file based on the path * * @param string $filename Storage path or file system path * @param bool $safe Whether to do retroactive upload prevention checks * @return null|string */ public static function contentTypeFromPath( $filename, $safe = true ) { $trivialMimeDetection = MediaWikiServices::getInstance()->getMainConfig() ->get( MainConfigNames::TrivialMimeDetection ); $ext = strrchr( $filename, '.' ); $ext = $ext ? strtolower( substr( $ext, 1 ) ) : ''; # trivial detection by file extension, # used for thumbnails (thumb.php) if ( $trivialMimeDetection ) { switch ( $ext ) { case 'gif': return 'image/gif'; case 'png': return 'image/png'; case 'jpg': case 'jpeg': return 'image/jpeg'; } return 'unknown/unknown'; } $magic = MediaWikiServices::getInstance()->getMimeAnalyzer(); // Use the extension only, rather than magic numbers, to avoid opening // up vulnerabilities due to uploads of files with allowed extensions // but disallowed types. $type = $magic->getMimeTypeFromExtensionOrNull( $ext ); /** * Double-check some security settings that were done on upload but might * have changed since. */ if ( $safe ) { $mainConfig = MediaWikiServices::getInstance()->getMainConfig(); $prohibitedFileExtensions = $mainConfig->get( MainConfigNames::ProhibitedFileExtensions ); $checkFileExtensions = $mainConfig->get( MainConfigNames::CheckFileExtensions ); $strictFileExtensions = $mainConfig->get( MainConfigNames::StrictFileExtensions ); $fileExtensions = $mainConfig->get( MainConfigNames::FileExtensions ); $verifyMimeType = $mainConfig->get( MainConfigNames::VerifyMimeType ); $mimeTypeExclusions = $mainConfig->get( MainConfigNames::MimeTypeExclusions ); [ , $extList ] = UploadBase::splitExtensions( $filename ); if ( UploadBase::checkFileExtensionList( $extList, $prohibitedFileExtensions ) ) { return 'unknown/unknown'; } if ( $checkFileExtensions && $strictFileExtensions && !UploadBase::checkFileExtensionList( $extList, $fileExtensions ) ) { return 'unknown/unknown'; } if ( $verifyMimeType && $type !== null && in_array( strtolower( $type ), $mimeTypeExclusions ) ) { return 'unknown/unknown'; } } return $type; } }