Manual:MIME タイプ検出

From mediawiki.org
Jump to navigation Jump to search
This page is a translated version of the page Manual:MIME type detection and the translation is 71% complete.
Other languages:
English • ‎日本語

MediaWikiはアップロードファイルのMIME typeを検知することを試み、ファイルの拡張子がmimeタイプにマッチしないファイルを拒否します("The file is corrupt or has an incorrect extension")。 妥当なファイルのためにこのエラーを取得する場合、MIMEタイプを検知するために外部コマンドを使用することを試してみて下さい(下記を参照)。

Before the configured method for MIME detection is called, some hard-coded checks are applied. Use debug logging to find out if those checks cause false-positives. (For example, 1.15.3 may misdetect .doc-files from MS Word 2007 as ZIP files.)

For configuring which types of files MediaWiki will accept for uploads, use $wgFileExtensions .

MIME 検出

インストールされている場合、MediaWiki は FileInfo モジュールまたはより古い MimeMagic モジュールを使用します。 mime_magic could not be initialized, magic file is not available のようなエラーを得る場合、このモジュールは正しく設定されていません — どのように修正をするのか PHP 説明文書を参照するか、外部の mime ディテクター コマンドを使用して下さい(下記を参照)。

代わりに、mime タイプを検出するために $wgMimeDetectorCommand オプションを設定することで外部コマンドを利用できます。 もっとも共通の設定は:

$wgMimeDetectorCommand = "file -bi";
$wgMimeDetectorCommand = "file -bI"; (on MacOSX)

これはファイルのタイプを決定する GNU file ユーティリティを使用します。このユーティリティは Linux 上ですぐに動作します。 他の Unix によって提供される file ユーティリティは -i オプションがサポートされないが故に動作しないことがあります。 GNU file は Mac OS-X でも利用可能です。Windows では Cygwin を通して利用可能です。

mime モジュールがインストールされいないで、外部の mime ディテクターのコマンドが設定されていない場合、MediaWiki はmime タイプを検出するために PHP の GD モジュールに依存します。 これはよく知られている画像タイプにしか動作せず ([1] を参照)、他のファイルは追加のチェックがされることなく受け取られます!

$wgVerifyMimeType = false; を設定することで MIME タイプ チェックを完全に無効にすることもできます — しかしながらこれはとても不確かであることに注意してください: 任意のファイルが"有害な"ファイル拡張子でアップロードされ、クライアントのコンピューターまたはウェブ サーバーで実行/解釈される可能性があります。 保留: $wgCheckFileExtensions に関連したこれをどうするか?

MIME タイプ検証

MediaWiki uses two files to check and interpret the mime type — both are plain files, with one entry per line, and items in one line separated by whitespace; they are located in the includes directory of your MediaWiki installation. If you want to upload uncommon types of files, you may need to add the appropriate information here:

mime.types (Broken link, see public const MIME_EXTENSIONS in MimeMap.php) is used to map MIME types to file extensions, and vice versa. It contains one line per mime type; the first item on the line is the (canonical — see below) MIME type, the items following that are file extensions that are allowed for this mime type (this is the same format used for the standard mime.info files on Linux/Unix systems). For example, for JPEG files, the following line applies:

 image/jpeg jpeg jpg jpe

Note that the MIME type of some file formats may be detected too broadly — any XML-based format may show up as text/xml, any ZIP-based format as application/zip, etc. Consequently, the file extensions for such formats must be associated with the broader MIME type, e.g.:

 text/xml xml xsl xslt rss rdf
 application/zip zip jar xpi  sxc stc  sxd std   sxi sti   sxm stm   sxw stw odt ott oth odm odg otg odp otp ods ots odc odf odb odi oxt
 application/msword doc xls ppt

mime.info (Broken link, see public const MIME_TYPE_ALIASES in MimeMap.php) is used to resolve aliases for MIME types, and to assign a media type to them. It contains one line per mime type; the first item on the line is the canonical MIME type name (which will be used internally), the last item is of the form [XXX] and defines the media type for the mime type. All items in between are secondary names of the MIME type. Some examples:

 image/png image/x-png	[BITMAP]
 image/svg image/svg+xml application/svg+xml application/svg	[DRAWING]
 audio/mp3 audio/mpeg3 audio/mpeg	[AUDIO]

Note that for OGG files, the media type is determined programmatically: AUDIO for vorbis, VIDEO for theora, MULTIMEDIA otherwise.

The media type is specific to MediaWiki, and determines what kind of media is contained in the file, as opposed to what format the file is in. This information is stored in the image table, along with the mime type. It is currently not used for much, but could be used in the future to determine how to present a file to the user. The following types are defined:

 UNKNOWN     // unknown format
 BITMAP      // some bitmap image or image source (like psd, etc). Can't scale up.
 DRAWING     // some vector drawing (SVG, WMF, PS, ...) or image source (oo-draw, etc). Can scale up.
 AUDIO       // simple audio file (ogg, mp3, wav, midi, whatever)
 VIDEO       // simple video file (ogg, mpg, etc; no not include formats here that may contain executable sections or scripts!)
 MULTIMEDIA  // Scriptable Multimedia (flash, advanced video container formats, etc)
 OFFICE      // Office Documents, Spreadsheets (office formats possibly containing apples, scripts, etc)
 TEXT        // Plain text (possibly containing program code or scripts)
 EXECUTABLE  // binary executable
 ARCHIVE     // archive file (zip, tar, etc)

Forbidden files

In addition to the $wgFileExtensions option, the following settings may cause files to be rejected (even if $wgStrictFileExtensions = false; is set):

In addition, MediaWiki rejects all files that look like scripts that could be accidentally executed on either the web server or the user's browser. Notably, anything that looks like one of the following formats will be rejected, regardless of detected mime type or file extension: HTML, JavaScript, PHP, shell scripts. Note that the detection of HTML and JavaScript is rather broad, and may report false positives — this is so because the Microsoft Internet Explorer is known to interpret files that look like HTML, regardless of file extension or MIME type reported by the web server, which would lead to the site being vulnerable to cross-site scripting attacks. If you really want to allow even such dangerous files, you can hack the detectScript function in the UploadBase.php file to always return false.

ウィルス スキャン

Pending. for now, see $wgAntivirus and $wgAntivirusSetup

MIME types when downloading

Note that the MIME type used when the actual file is served to the user's browser is not determined by MediaWikis MIME-detection: files are not served through MediaWiki, but directly by the web server. Thus, the web server must be configured to use the correct MIME type for each file extension — for example, if you are having trouble viewing SVG files in your browser, make sure the server is configured to deliver them as image/svg+xml. (For Apache, read about mod_mime).

See also

Older discussion on meta: