/program/lib/filelib.php - utilities for manipulating files
check availability of requested file for the current user
This checks the $filename for permissions and existence. Returns FALSE if the current user is not allowed to see the file or if the file does not exist. We remember failures in the logger.
extract the mediatype and -subtype from a full mimetype
this extracts the mediatype and -subtype from a full mimetype, i.e. 'text/plain' from 'text/plain; charset=US-ASCII' (see also get_mimetype() and RFC2616). If $mimetype doesn't look like a mimetype, we return FALSE.
determine the mimetype of a file
Try to discover the mimetype of a file. First we see if getimagesize() yields results; if so we're done (0). Very efficient if there are many image files and not so many other files.
If not an image we try finfo-method (1), mime_content_type()-method (2) and finally the shell-to-file(1)-method (3) to determine the mime type.
Note that in step 3 we shell out and try to execute the file(1) command. The results are checked against a pattern to assert that we are really dealing with a mime type. The pattern is described in RFC2616 (see sections 3.7 and 2.2) (see also get_mediatype().:
media-type = type "/" subtype *( ";" parameter ) type = token subtype = token token = 1*<any CHAR except CTLs or separators> separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <"> | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT CHAR = <any US-ASCII character (octets 0 - 127)> CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)> SP = <US-ASCII SP, space (32)> HT = <US-ASCII HT, horizontal-tab (9)> <"> = <US-ASCII double-quote mark (34)>
This description means we should look for two tokens containing letters a-z or A-Z, digits 0-9 and these special characters: ! # $ % & ' * + - . ^ _ ` | or ~. That's it.
Note that some methods may return a mime type with additional parameters. e.g. 'text/plain; charset=US-ASCII'. This fits the pattern, because it starts with a token, a slash and another token.
The optional parameter $name is used to perform special handling of the text/css type: some methods (notably old versions of file(1)) return 'text/plain' instead of 'text/css'. Workaround: if we see a mimetype starting with 'text/' AND the extension is .css we assume text/css.
Note that we trust the user at least partially($name eventually originales in the $_FILES[] array). The path to the actual file to check is in $path. If $name is not specified, we extract the extension from $path (as in the case of send_file_from_datadir().
lookup extension in table, using mimetype as key
return the first extension associated with mimetype $typ
lookup mimetype in table, using extension as key
return the first mimetype associated with filename extension $ext
verify the combination of filename extension and mimetype
this looks up the mimetypes associated with filename extension $ext in the global table $MIME_EXT_TYP. If any of those mimetypes matches the requested mimetype we confirm that ext and typ match.
Note 1: There is another table: $MIME_TYP_EXT that works the other way around. We could have used either table; I choose the former.
Note 2: The two tables are generated with a development tool (see /devel/tools) . This tool reads the existing table in this file filelib.php and optionally a newer version of the Apache mime.types file creating updated tables.
Documentation generated on Tue, 28 Jun 2016 19:09:21 +0200 by phpDocumentor 1.4.0