From 396b28f3d881f5debd888ba9bb9b47c2d478a76f Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Mon, 15 Dec 2008 18:02:47 +0100
Subject: update to Mediawiki 1.13.3; some cleanups

---
 includes/StreamFile.php | 52 +++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 42 insertions(+), 10 deletions(-)

(limited to 'includes/StreamFile.php')

diff --git a/includes/StreamFile.php b/includes/StreamFile.php
index b4bf531c..4abd7364 100644
--- a/includes/StreamFile.php
+++ b/includes/StreamFile.php
@@ -31,6 +31,12 @@ function wfStreamFile( $fname, $headers = array() ) {
 		header('Content-type: application/x-wiki');
 	}
 
+	// Don't stream it out as text/html if there was a PHP error
+	if ( headers_sent() ) {
+		echo "Headers already sent, terminating.\n";
+		return;
+	}
+
 	global $wgContLanguageCode;
 	header( "Content-Disposition: inline;filename*=utf-8'$wgContLanguageCode'" . urlencode( basename( $fname ) ) );
 
@@ -53,25 +59,51 @@ function wfStreamFile( $fname, $headers = array() ) {
 }
 
 /** */
-function wfGetType( $filename ) {
+function wfGetType( $filename, $safe = true ) {
 	global $wgTrivialMimeDetection;
 
+	$ext = strrchr($filename, '.');
+	$ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) );
+
 	# trivial detection by file extension,
 	# used for thumbnails (thumb.php)
 	if ($wgTrivialMimeDetection) {
-		$ext= strtolower(strrchr($filename, '.'));
-
 		switch ($ext) {
-			case '.gif': return 'image/gif';
-			case '.png': return 'image/png';
-			case '.jpg': return 'image/jpeg';
-			case '.jpeg': return 'image/jpeg';
+			case 'gif': return 'image/gif';
+			case 'png': return 'image/png';
+			case 'jpg': return 'image/jpeg';
+			case 'jpeg': return 'image/jpeg';
 		}
 
 		return 'unknown/unknown';
 	}
-	else {
-		$magic = MimeMagic::singleton();
-		return $magic->guessMimeType($filename); //full fancy mime detection
+	
+	$magic = MimeMagic::singleton();
+	// Use the extension only, rather than magic numbers, to avoid opening 
+	// up vulnerabilities due to uploads of files with allowed extensions
+	// but disallowed types.
+	$type = $magic->guessTypesForExtension( $ext );
+
+	/**
+	 * Double-check some security settings that were done on upload but might 
+	 * have changed since.
+	 */
+	if ( $safe ) {
+		global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions, 
+			$wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist, $wgRequest;
+		$form = new UploadForm( $wgRequest );
+		list( $partName, $extList ) = $form->splitExtensions( $filename );
+		if ( $form->checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
+			return 'unknown/unknown';
+		}
+		if ( $wgCheckFileExtensions && $wgStrictFileExtensions 
+			&& !$form->checkFileExtensionList( $extList, $wgFileExtensions ) )
+		{
+			return 'unknown/unknown';
+		}
+		if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
+			return 'unknown/unknown';
+		}
 	}
+	return $type;
 }
-- 
cgit v1.2.2