BookStack Code Mirror - bookstack/blob - app/Util/WebSafeMimeSniffer.php

1 <?php

3 namespace BookStack\Util;

5 use finfo;

7 /**

8 * Helper class to sniff out the mime-type of content resulting in

9 * a mime-type that's relatively safe to serve to a browser.

10 */

11 class WebSafeMimeSniffer

12 {

13 /**

14 * @var string[]

15 */

16 protected $safeMimes = [

17 'application/json',

18 'application/octet-stream',

19 'application/pdf',

20 'audio/aac',

21 'audio/midi',

22 'audio/mpeg',

23 'audio/ogg',

24 'audio/opus',

25 'audio/wav',

26 'audio/webm',

27 'audio/x-m4a',

28 'image/apng',

29 'image/bmp',

30 'image/jpeg',

31 'image/png',

32 'image/gif',

33 'image/webp',

34 'image/avif',

35 'image/heic',

36 'text/css',

37 'text/csv',

38 'text/javascript',

39 'text/json',

40 'text/plain',

41 'video/x-msvideo',

42 'video/mp4',

43 'video/mpeg',

44 'video/ogg',

45 'video/webm',

46 'video/vp9',

47 'video/h264',

48 'video/av1',

49 ];

51 /**

52 * Sniff the mime-type from the given file content while running the result

53 * through an allow-list to ensure a web-safe result.

54 * Takes the content as a reference since the value may be quite large.

55 */

56 public function sniff(string &$content): string

57 {

58 $fInfo = new finfo(FILEINFO_MIME_TYPE);

59 $mime = $fInfo->buffer($content) ?: 'application/octet-stream';

61 if (in_array($mime, $this->safeMimes)) {

62 return $mime;

63 }

65 [$category] = explode('/', $mime, 2);

66 if ($category === 'text') {

67 return 'text/plain';

68 }

70 return 'application/octet-stream';

71 }

72 }