PageRenderTime 67ms CodeModel.GetById 30ms RepoModel.GetById 0ms app.codeStats 0ms

/lib/private/files/type/detection.php

https://gitlab.com/Red54/core
PHP | 173 lines | 77 code | 15 blank | 81 comment | 13 complexity | adb43fd5436b10da0b572ca8eaa2457b MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * @author Andreas Fischer <bantu@owncloud.com>
    4. 

  4.  * @author Jens-Christian Fischer <jens-christian.fischer@switch.ch>
    5. 

  5.  * @author Morris Jobke <hey@morrisjobke.de>
    6. 

  6.  * @author Robin Appelman <icewind@owncloud.com>
    7. 

  7.  * @author Thomas Tanghus <thomas@tanghus.net>
    8. 

  8.  *
    9. 

  9.  * @copyright Copyright (c) 2015, ownCloud, Inc.
    10. 

  10.  * @license AGPL-3.0
    11. 

  11.  *
    12. 

  12.  * This code is free software: you can redistribute it and/or modify
    13. 

  13.  * it under the terms of the GNU Affero General Public License, version 3,
    14. 

  14.  * as published by the Free Software Foundation.
    15. 

  15.  *
    16. 

  16.  * This program is distributed in the hope that it will be useful,
    17. 

  17.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    18. 

  18.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    19. 

  19.  * GNU Affero General Public License for more details.
    20. 

  20.  *
    21. 

  21.  * You should have received a copy of the GNU Affero General Public License, version 3,
    22. 

  22.  * along with this program.  If not, see <http://www.gnu.org/licenses/>
    23. 

  23.  *
    24. 

  24.  */
    25. 

  25. 

  26. namespace OC\Files\Type;
    27. 

  27. 

  28. /**
    29. 

  29.  * Class Detection
    30. 

  30.  *
    31. 

  31.  * Mimetype detection
    32. 

  32.  *
    33. 

  33.  * @package OC\Files\Type
    34. 

  34.  */
    35. 

  35. class Detection {
    36. 

  36. 	protected $mimetypes = array();
    37. 

  37. 	protected $secureMimeTypes = array();
    38. 

  38. 

  39. 	/**
    40. 

  40. 	 * Add an extension -> mimetype mapping
    41. 

  41. 	 *
    42. 

  42. 	 * $mimetype is the assumed correct mime type
    43. 

  43. 	 * The optional $secureMimeType is an alternative to send to send
    44. 

  44. 	 * to avoid potential XSS.
    45. 

  45. 	 *
    46. 

  46. 	 * @param string $extension
    47. 

  47. 	 * @param string $mimetype
    48. 

  48. 	 * @param string|null $secureMimeType
    49. 

  49. 	 */
    50. 

  50. 	public function registerType($extension, $mimetype, $secureMimeType = null) {
    51. 

  51. 		$this->mimetypes[$extension] = array($mimetype, $secureMimeType);
    52. 

  52. 		$this->secureMimeTypes[$mimetype] = $secureMimeType ?: $mimetype;
    53. 

  53. 	}
    54. 

  54. 

  55. 	/**
    56. 

  56. 	 * Add an array of extension -> mimetype mappings
    57. 

  57. 	 *
    58. 

  58. 	 * The mimetype value is in itself an array where the first index is
    59. 

  59. 	 * the assumed correct mimetype and the second is either a secure alternative
    60. 

  60. 	 * or null if the correct is considered secure.
    61. 

  61. 	 *
    62. 

  62. 	 * @param array $types
    63. 

  63. 	 */
    64. 

  64. 	public function registerTypeArray($types) {
    65. 

  65. 		$this->mimetypes = array_merge($this->mimetypes, $types);
    66. 

  66. 

  67. 		// Update the alternative mimetypes to avoid having to look them up each time.
    68. 

  68. 		foreach ($this->mimetypes as $mimeType) {
    69. 

  69. 			$this->secureMimeTypes[$mimeType[0]] = $mimeType[1] ?: $mimeType[0];
    70. 

  70. 		}
    71. 

  71. 	}
    72. 

  72. 

  73. 	/**
    74. 

  74. 	 * detect mimetype only based on filename, content of file is not used
    75. 

  75. 	 *
    76. 

  76. 	 * @param string $path
    77. 

  77. 	 * @return string
    78. 

  78. 	 */
    79. 

  79. 	public function detectPath($path) {
    80. 

  80. 		if (strpos($path, '.')) {
    81. 

  81. 			//try to guess the type by the file extension
    82. 

  82. 			$extension = strtolower(strrchr(basename($path), "."));
    83. 

  83. 			$extension = substr($extension, 1); //remove leading .
    84. 

  84. 			return (isset($this->mimetypes[$extension]) && isset($this->mimetypes[$extension][0]))
    85. 

  85. 				? $this->mimetypes[$extension][0]
    86. 

  86. 				: 'application/octet-stream';
    87. 

  87. 		} else {
    88. 

  88. 			return 'application/octet-stream';
    89. 

  89. 		}
    90. 

  90. 	}
    91. 

  91. 

  92. 	/**
    93. 

  93. 	 * detect mimetype based on both filename and content
    94. 

  94. 	 *
    95. 

  95. 	 * @param string $path
    96. 

  96. 	 * @return string
    97. 

  97. 	 */
    98. 

  98. 	public function detect($path) {
    99. 

  99. 		if (@is_dir($path)) {
    100. 

  100. 			// directories are easy
    101. 

  101. 			return "httpd/unix-directory";
    102. 

  102. 		}
    103. 

  103. 

  104. 		$mimeType = $this->detectPath($path);
    105. 

  105. 

  106. 		if ($mimeType === 'application/octet-stream' and function_exists('finfo_open')
    107. 

  107. 			and function_exists('finfo_file') and $finfo = finfo_open(FILEINFO_MIME)
    108. 

  108. 		) {
    109. 

  109. 			$info = @strtolower(finfo_file($finfo, $path));
    110. 

  110. 			finfo_close($finfo);
    111. 

  111. 			if ($info) {
    112. 

  112. 				$mimeType = substr($info, 0, strpos($info, ';'));
    113. 

  113. 				return empty($mimeType) ? 'application/octet-stream' : $mimeType;
    114. 

  114. 			}
    115. 

  115. 

  116. 		}
    117. 

  117. 		$isWrapped = (strpos($path, '://') !== false) and (substr($path, 0, 7) === 'file://');
    118. 

  118. 		if (!$isWrapped and $mimeType === 'application/octet-stream' && function_exists("mime_content_type")) {
    119. 

  119. 			// use mime magic extension if available
    120. 

  120. 			$mimeType = mime_content_type($path);
    121. 

  121. 		}
    122. 

  122. 		if (!$isWrapped and $mimeType === 'application/octet-stream' && \OC_Helper::canExecute("file")) {
    123. 

  123. 			// it looks like we have a 'file' command,
    124. 

  124. 			// lets see if it does have mime support
    125. 

  125. 			$path = escapeshellarg($path);
    126. 

  126. 			$fp = popen("file -b --mime-type $path 2>/dev/null", "r");
    127. 

  127. 			$reply = fgets($fp);
    128. 

  128. 			pclose($fp);
    129. 

  129. 

  130. 			//trim the newline
    131. 

  131. 			$mimeType = trim($reply);
    132. 

  132. 

  133. 			if (empty($mimeType)) {
    134. 

  134. 				$mimeType = 'application/octet-stream';
    135. 

  135. 			}
    136. 

  136. 

  137. 		}
    138. 

  138. 		return $mimeType;
    139. 

  139. 	}
    140. 

  140. 

  141. 	/**
    142. 

  142. 	 * detect mimetype based on the content of a string
    143. 

  143. 	 *
    144. 

  144. 	 * @param string $data
    145. 

  145. 	 * @return string
    146. 

  146. 	 */
    147. 

  147. 	public function detectString($data) {
    148. 

  148. 		if (function_exists('finfo_open') and function_exists('finfo_file')) {
    149. 

  149. 			$finfo = finfo_open(FILEINFO_MIME);
    150. 

  150. 			return finfo_buffer($finfo, $data);
    151. 

  151. 		} else {
    152. 

  152. 			$tmpFile = \OC_Helper::tmpFile();
    153. 

  153. 			$fh = fopen($tmpFile, 'wb');
    154. 

  154. 			fwrite($fh, $data, 8024);
    155. 

  155. 			fclose($fh);
    156. 

  156. 			$mime = $this->detect($tmpFile);
    157. 

  157. 			unset($tmpFile);
    158. 

  158. 			return $mime;
    159. 

  159. 		}
    160. 

  160. 	}
    161. 

  161. 

  162. 	/**
    163. 

  163. 	 * Get a secure mimetype that won't expose potential XSS.
    164. 

  164. 	 *
    165. 

  165. 	 * @param string $mimeType
    166. 

  166. 	 * @return string
    167. 

  167. 	 */
    168. 

  168. 	public function getSecureMimeType($mimeType) {
    169. 

  169. 		return isset($this->secureMimeTypes[$mimeType])
    170. 

  170. 			? $this->secureMimeTypes[$mimeType]
    171. 

  171. 			: 'application/octet-stream';
    172. 

  172. 	}
    173. 

  173. }
    174. 

  174.