BinaryFileResponse.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\HttpFoundation;
  11. use Symfony\Component\HttpFoundation\File\Exception\FileException;
  12. use Symfony\Component\HttpFoundation\File\File;
  13. /**
  14. * BinaryFileResponse represents an HTTP response delivering a file.
  15. *
  16. * @author Niklas Fiekas <niklas.fiekas@tu-clausthal.de>
  17. * @author stealth35 <stealth35-php@live.fr>
  18. * @author Igor Wiedler <igor@wiedler.ch>
  19. * @author Jordan Alliot <jordan.alliot@gmail.com>
  20. * @author Sergey Linnik <linniksa@gmail.com>
  21. */
  22. class BinaryFileResponse extends Response
  23. {
  24. protected static $trustXSendfileTypeHeader = false;
  25. /**
  26. * @var File
  27. */
  28. protected $file;
  29. protected $offset = 0;
  30. protected $maxlen = -1;
  31. protected $deleteFileAfterSend = false;
  32. /**
  33. * @param \SplFileInfo|string $file The file to stream
  34. * @param int $status The response status code
  35. * @param array $headers An array of response headers
  36. * @param bool $public Files are public by default
  37. * @param string|null $contentDisposition The type of Content-Disposition to set automatically with the filename
  38. * @param bool $autoEtag Whether the ETag header should be automatically set
  39. * @param bool $autoLastModified Whether the Last-Modified header should be automatically set
  40. */
  41. public function __construct($file, int $status = 200, array $headers = [], bool $public = true, string $contentDisposition = null, bool $autoEtag = false, bool $autoLastModified = true)
  42. {
  43. parent::__construct(null, $status, $headers);
  44. $this->setFile($file, $contentDisposition, $autoEtag, $autoLastModified);
  45. if ($public) {
  46. $this->setPublic();
  47. }
  48. }
  49. /**
  50. * @param \SplFileInfo|string $file The file to stream
  51. * @param int $status The response status code
  52. * @param array $headers An array of response headers
  53. * @param bool $public Files are public by default
  54. * @param string|null $contentDisposition The type of Content-Disposition to set automatically with the filename
  55. * @param bool $autoEtag Whether the ETag header should be automatically set
  56. * @param bool $autoLastModified Whether the Last-Modified header should be automatically set
  57. *
  58. * @return static
  59. *
  60. * @deprecated since Symfony 5.2, use __construct() instead.
  61. */
  62. public static function create($file = null, int $status = 200, array $headers = [], bool $public = true, string $contentDisposition = null, bool $autoEtag = false, bool $autoLastModified = true)
  63. {
  64. trigger_deprecation('symfony/http-foundation', '5.2', 'The "%s()" method is deprecated, use "new %s()" instead.', __METHOD__, static::class);
  65. return new static($file, $status, $headers, $public, $contentDisposition, $autoEtag, $autoLastModified);
  66. }
  67. /**
  68. * Sets the file to stream.
  69. *
  70. * @param \SplFileInfo|string $file The file to stream
  71. *
  72. * @return $this
  73. *
  74. * @throws FileException
  75. */
  76. public function setFile($file, string $contentDisposition = null, bool $autoEtag = false, bool $autoLastModified = true)
  77. {
  78. if (!$file instanceof File) {
  79. if ($file instanceof \SplFileInfo) {
  80. $file = new File($file->getPathname());
  81. } else {
  82. $file = new File((string) $file);
  83. }
  84. }
  85. if (!$file->isReadable()) {
  86. throw new FileException('File must be readable.');
  87. }
  88. $this->file = $file;
  89. if ($autoEtag) {
  90. $this->setAutoEtag();
  91. }
  92. if ($autoLastModified) {
  93. $this->setAutoLastModified();
  94. }
  95. if ($contentDisposition) {
  96. $this->setContentDisposition($contentDisposition);
  97. }
  98. return $this;
  99. }
  100. /**
  101. * Gets the file.
  102. *
  103. * @return File
  104. */
  105. public function getFile()
  106. {
  107. return $this->file;
  108. }
  109. /**
  110. * Automatically sets the Last-Modified header according the file modification date.
  111. *
  112. * @return $this
  113. */
  114. public function setAutoLastModified()
  115. {
  116. $this->setLastModified(\DateTime::createFromFormat('U', $this->file->getMTime()));
  117. return $this;
  118. }
  119. /**
  120. * Automatically sets the ETag header according to the checksum of the file.
  121. *
  122. * @return $this
  123. */
  124. public function setAutoEtag()
  125. {
  126. $this->setEtag(base64_encode(hash_file('sha256', $this->file->getPathname(), true)));
  127. return $this;
  128. }
  129. /**
  130. * Sets the Content-Disposition header with the given filename.
  131. *
  132. * @param string $disposition ResponseHeaderBag::DISPOSITION_INLINE or ResponseHeaderBag::DISPOSITION_ATTACHMENT
  133. * @param string $filename Optionally use this UTF-8 encoded filename instead of the real name of the file
  134. * @param string $filenameFallback A fallback filename, containing only ASCII characters. Defaults to an automatically encoded filename
  135. *
  136. * @return $this
  137. */
  138. public function setContentDisposition(string $disposition, string $filename = '', string $filenameFallback = '')
  139. {
  140. if ('' === $filename) {
  141. $filename = $this->file->getFilename();
  142. }
  143. if ('' === $filenameFallback && (!preg_match('/^[\x20-\x7e]*$/', $filename) || str_contains($filename, '%'))) {
  144. $encoding = mb_detect_encoding($filename, null, true) ?: '8bit';
  145. for ($i = 0, $filenameLength = mb_strlen($filename, $encoding); $i < $filenameLength; ++$i) {
  146. $char = mb_substr($filename, $i, 1, $encoding);
  147. if ('%' === $char || \ord($char) < 32 || \ord($char) > 126) {
  148. $filenameFallback .= '_';
  149. } else {
  150. $filenameFallback .= $char;
  151. }
  152. }
  153. }
  154. $dispositionHeader = $this->headers->makeDisposition($disposition, $filename, $filenameFallback);
  155. $this->headers->set('Content-Disposition', $dispositionHeader);
  156. return $this;
  157. }
  158. /**
  159. * {@inheritdoc}
  160. */
  161. public function prepare(Request $request)
  162. {
  163. if (!$this->headers->has('Content-Type')) {
  164. $this->headers->set('Content-Type', $this->file->getMimeType() ?: 'application/octet-stream');
  165. }
  166. if ('HTTP/1.0' !== $request->server->get('SERVER_PROTOCOL')) {
  167. $this->setProtocolVersion('1.1');
  168. }
  169. $this->ensureIEOverSSLCompatibility($request);
  170. $this->offset = 0;
  171. $this->maxlen = -1;
  172. if (false === $fileSize = $this->file->getSize()) {
  173. return $this;
  174. }
  175. $this->headers->set('Content-Length', $fileSize);
  176. if (!$this->headers->has('Accept-Ranges')) {
  177. // Only accept ranges on safe HTTP methods
  178. $this->headers->set('Accept-Ranges', $request->isMethodSafe() ? 'bytes' : 'none');
  179. }
  180. if (self::$trustXSendfileTypeHeader && $request->headers->has('X-Sendfile-Type')) {
  181. // Use X-Sendfile, do not send any content.
  182. $type = $request->headers->get('X-Sendfile-Type');
  183. $path = $this->file->getRealPath();
  184. // Fall back to scheme://path for stream wrapped locations.
  185. if (false === $path) {
  186. $path = $this->file->getPathname();
  187. }
  188. if ('x-accel-redirect' === strtolower($type)) {
  189. // Do X-Accel-Mapping substitutions.
  190. // @link https://www.nginx.com/resources/wiki/start/topics/examples/x-accel/#x-accel-redirect
  191. $parts = HeaderUtils::split($request->headers->get('X-Accel-Mapping', ''), ',=');
  192. foreach ($parts as $part) {
  193. [$pathPrefix, $location] = $part;
  194. if (substr($path, 0, \strlen($pathPrefix)) === $pathPrefix) {
  195. $path = $location.substr($path, \strlen($pathPrefix));
  196. // Only set X-Accel-Redirect header if a valid URI can be produced
  197. // as nginx does not serve arbitrary file paths.
  198. $this->headers->set($type, $path);
  199. $this->maxlen = 0;
  200. break;
  201. }
  202. }
  203. } else {
  204. $this->headers->set($type, $path);
  205. $this->maxlen = 0;
  206. }
  207. } elseif ($request->headers->has('Range') && $request->isMethod('GET')) {
  208. // Process the range headers.
  209. if (!$request->headers->has('If-Range') || $this->hasValidIfRangeHeader($request->headers->get('If-Range'))) {
  210. $range = $request->headers->get('Range');
  211. if (str_starts_with($range, 'bytes=')) {
  212. [$start, $end] = explode('-', substr($range, 6), 2) + [0];
  213. $end = ('' === $end) ? $fileSize - 1 : (int) $end;
  214. if ('' === $start) {
  215. $start = $fileSize - $end;
  216. $end = $fileSize - 1;
  217. } else {
  218. $start = (int) $start;
  219. }
  220. if ($start <= $end) {
  221. $end = min($end, $fileSize - 1);
  222. if ($start < 0 || $start > $end) {
  223. $this->setStatusCode(416);
  224. $this->headers->set('Content-Range', sprintf('bytes */%s', $fileSize));
  225. } elseif ($end - $start < $fileSize - 1) {
  226. $this->maxlen = $end < $fileSize ? $end - $start + 1 : -1;
  227. $this->offset = $start;
  228. $this->setStatusCode(206);
  229. $this->headers->set('Content-Range', sprintf('bytes %s-%s/%s', $start, $end, $fileSize));
  230. $this->headers->set('Content-Length', $end - $start + 1);
  231. }
  232. }
  233. }
  234. }
  235. }
  236. return $this;
  237. }
  238. private function hasValidIfRangeHeader(?string $header): bool
  239. {
  240. if ($this->getEtag() === $header) {
  241. return true;
  242. }
  243. if (null === $lastModified = $this->getLastModified()) {
  244. return false;
  245. }
  246. return $lastModified->format('D, d M Y H:i:s').' GMT' === $header;
  247. }
  248. /**
  249. * {@inheritdoc}
  250. */
  251. public function sendContent()
  252. {
  253. if (!$this->isSuccessful()) {
  254. return parent::sendContent();
  255. }
  256. if (0 === $this->maxlen) {
  257. return $this;
  258. }
  259. $out = fopen('php://output', 'w');
  260. $file = fopen($this->file->getPathname(), 'r');
  261. stream_copy_to_stream($file, $out, $this->maxlen, $this->offset);
  262. fclose($out);
  263. fclose($file);
  264. if ($this->deleteFileAfterSend && is_file($this->file->getPathname())) {
  265. unlink($this->file->getPathname());
  266. }
  267. return $this;
  268. }
  269. /**
  270. * {@inheritdoc}
  271. *
  272. * @throws \LogicException when the content is not null
  273. */
  274. public function setContent(?string $content)
  275. {
  276. if (null !== $content) {
  277. throw new \LogicException('The content cannot be set on a BinaryFileResponse instance.');
  278. }
  279. return $this;
  280. }
  281. /**
  282. * {@inheritdoc}
  283. */
  284. public function getContent()
  285. {
  286. return false;
  287. }
  288. /**
  289. * Trust X-Sendfile-Type header.
  290. */
  291. public static function trustXSendfileTypeHeader()
  292. {
  293. self::$trustXSendfileTypeHeader = true;
  294. }
  295. /**
  296. * If this is set to true, the file will be unlinked after the request is sent
  297. * Note: If the X-Sendfile header is used, the deleteFileAfterSend setting will not be used.
  298. *
  299. * @return $this
  300. */
  301. public function deleteFileAfterSend(bool $shouldDelete = true)
  302. {
  303. $this->deleteFileAfterSend = $shouldDelete;
  304. return $this;
  305. }
  306. }