BlueSpice MediaWiki REL1_27
 All Classes Namespaces Files Functions Variables Groups Pages
IEContentAnalyzer Class Reference

Public Member Functions

 __construct ()
 
 getRealMimesFromData ($fileName, $chunk, $proposed)
 
 translateMimeType ($type)
 
 getMimesFromData ($fileName, $chunk, $proposed)
 

Protected Member Functions

 getMimeTypeForVersion ($version, $fileName, $chunk, $proposed)
 
 sampleData ($version, $chunk)
 
 getDataFormat ($version, $type)
 

Protected Attributes

 $baseTypeTable
 
 $addedTypes
 
 $registry
 
 $versions = [ 'ie05', 'ie06', 'ie07', 'ie07.strict', 'ie07.nohtml' ]
 
 $typeTable = []
 

Detailed Description

This class simulates Microsoft Internet Explorer's terribly broken and insecure MIME type detection algorithm. It can be used to check web uploads with an apparently safe type, to see if IE will reinterpret them to produce something dangerous.

It is full of bugs and strange design choices should not under any circumstances be used to determine a MIME type to present to a user or client. (Apple Safari developers, this means you too.)

This class is based on a disassembly of IE 5.0, 6.0 and 7.0. Although I have attempted to ensure that this code works in exactly the same way as Internet Explorer, it does not share any source code, or creative choices such as variable names, thus I (Tim Starling) claim copyright on it.

It may be redistributed without restriction. To aid reuse, this class does not depend on any MediaWiki module.

Constructor & Destructor Documentation

IEContentAnalyzer::__construct ( )

constructor

Member Function Documentation

IEContentAnalyzer::getDataFormat (   $version,
  $type 
)
protected
Parameters
$version
$type
Returns
int|string
IEContentAnalyzer::getMimesFromData (   $fileName,
  $chunk,
  $proposed 
)

Get the untranslated MIME types for all known versions

Parameters
string$fileNamethe file name (unused at present)
string$chunkthe first 256 bytes of the file
string$proposedthe MIME type proposed by the server
Returns
Array: map of IE version to detected MIME type
IEContentAnalyzer::getMimeTypeForVersion (   $version,
  $fileName,
  $chunk,
  $proposed 
)
protected

Get the MIME type for a given named version

Parameters
$version
$fileName
$chunk
$proposed
Returns
bool|string
IEContentAnalyzer::getRealMimesFromData (   $fileName,
  $chunk,
  $proposed 
)

Get the MIME types from getMimesFromData(), but convert the result from IE's idiosyncratic private types into something other apps will understand.

Parameters
string$fileNamethe file name (unused at present)
string$chunkthe first 256 bytes of the file
string$proposedthe MIME type proposed by the server
Returns
Array: map of IE version to detected MIME type
IEContentAnalyzer::sampleData (   $version,
  $chunk 
)
protected

Do heuristic checks on the bulk of the data sample. Search for HTML tags.

Parameters
$version
$chunk
Returns
array
IEContentAnalyzer::translateMimeType (   $type)

Translate a MIME type from IE's idiosyncratic private types into more commonly understood type strings

Parameters
$type
Returns
string

Member Data Documentation

IEContentAnalyzer::$addedTypes
protected
Initial value:
= [
'ie07' => [
'text' => [ 'text/xml', 'application/xml' ]
],
]

Changes to the type table in later versions of IE

IEContentAnalyzer::$baseTypeTable
protected
Initial value:
= [
'ambiguous' => [
'text/plain',
'application/octet-stream',
'application/x-netcdf',
]

Relevant data taken from the type table in IE 5

IEContentAnalyzer::$registry
protected
Initial value:
= [
'.323' => 'text/h323'

An approximation of the "Content Type" values in HKEY_CLASSES_ROOT in a typical Windows installation.

Used for extension to MIME type mapping if detection fails.

IEContentAnalyzer::$typeTable = []
protected

Type table with versions expanded

IEContentAnalyzer::$versions = [ 'ie05', 'ie06', 'ie07', 'ie07.strict', 'ie07.nohtml' ]
protected

IE versions which have been analysed to bring you this class, and for which some substantive difference exists. These will appear as keys in the return value of getRealMimesFromData(). The names are chosen to sort correctly.


The documentation for this class was generated from the following file: