/**
* Verifies that it's ok to include the uploaded file
*
* @param string $tmpfile the full path opf the temporary file to verify
* @param string $extension The filename extension that the file is to be served with
* @return Status object
*/
function verify($tmpfile, $extension)
{
# magically determine mime type
$magic = MimeMagic::singleton();
$mime = $magic->guessMimeType($tmpfile, false);
# check mime type, if desired
global $wgVerifyMimeType;
if ($wgVerifyMimeType) {
# check mime type against file extension
if (!UploadBase::verifyExtension($mime, $extension)) {
return Status::newFatal('uploadcorrupt');
}
# check mime type blacklist
global $wgMimeTypeBlacklist;
if (isset($wgMimeTypeBlacklist) && !is_null($wgMimeTypeBlacklist) && UploadBase::checkFileExtension($mime, $wgMimeTypeBlacklist)) {
return Status::newFatal('badfiletype', htmlspecialchars($mime));
}
}
# check for htmlish code and javascript
if (UploadBase::detectScript($tmpfile, $mime, $extension)) {
return Status::newFatal('uploadscripted');
}
/**
* Scan the uploaded file for viruses
*/
$virus = UploadBase::detectVirus($tmpfile);
if ($virus) {
return Status::newFatal('uploadvirus', htmlspecialchars($virus));
}
wfDebug(__METHOD__ . ": all clear; passing.\n");
return Status::newGood();
}