img_auth.php

   1 <?php
   2
   3 /**
   4  * Image authorisation script
   5  *
   6  * To use this:
   7  *
   8  * Set $wgUploadDirectory to a non-public directory (not web accessible)
   9  * Set $wgUploadPath to point to this file
  10  *
  11  * Your server needs to support PATH_INFO; CGI-based configurations
  12  * usually don't.
  13  */
  14
  15 define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
  16 require_once( dirname( __FILE__ ) . '/includes/WebStart.php' );
  17 wfProfileIn( 'img_auth.php' );
  18 require_once( dirname( __FILE__ ) . '/includes/StreamFile.php' );
  19
  20 $perms = User::getGroupPermissions( array( '*' ) );
  21 if ( in_array( 'read', $perms, true ) ) {
  22         wfDebugLog( 'img_auth', 'Public wiki' );
  23         wfPublicError();
  24 }
  25
  26 // Extract path and image information
  27 if( !isset( $_SERVER['PATH_INFO'] ) ) {
  28         wfDebugLog( 'img_auth', 'Missing PATH_INFO' );
  29         wfForbidden();
  30 }
  31
  32 $path = $_SERVER['PATH_INFO'];
  33 $filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
  34 $realUpload = realpath( $wgUploadDirectory );
  35 wfDebugLog( 'img_auth', "\$path is {$path}" );
  36 wfDebugLog( 'img_auth', "\$filename is {$filename}" );
  37
  38 // Basic directory traversal check
  39 if( substr( $filename, 0, strlen( $realUpload ) ) != $realUpload ) {
  40         wfDebugLog( 'img_auth', 'Requested path not in upload directory' );
  41         wfForbidden();
  42 }
  43
  44 // Extract the file name and chop off the size specifier
  45 // (e.g. 120px-Foo.png => Foo.png)
  46 $name = wfBaseName( $path );
  47 if( preg_match( '!\d+px-(.*)!i', $name, $m ) )
  48         $name = $m[1];
  49 wfDebugLog( 'img_auth', "\$name is {$name}" );
  50
  51 $title = Title::makeTitleSafe( NS_FILE, $name );
  52 if( !$title instanceof Title ) {
  53         wfDebugLog( 'img_auth', "Unable to construct a valid Title from `{$name}`" );
  54         wfForbidden();
  55 }
  56 $title = $title->getPrefixedText();
  57
  58 // Check the whitelist if needed
  59 if( !$wgUser->getId() && ( !is_array( $wgWhitelistRead ) || !in_array( $title, $wgWhitelistRead ) ) ) {
  60         wfDebugLog( 'img_auth', "Not logged in and `{$title}` not in whitelist." );
  61         wfForbidden();
  62 }
  63
  64 if( !file_exists( $filename ) ) {
  65         wfDebugLog( 'img_auth', "`{$filename}` does not exist" );
  66         wfForbidden();
  67 }
  68 if( is_dir( $filename ) ) {
  69         wfDebugLog( 'img_auth', "`{$filename}` is a directory" );
  70         wfForbidden();
  71 }
  72
  73 // Stream the requested file
  74 wfDebugLog( 'img_auth', "Streaming `{$filename}`" );
  75 wfStreamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
  76 wfLogProfilingData();
  77
  78 /**
  79  * Issue a standard HTTP 403 Forbidden header and a basic
  80  * error message, then end the script
  81  */
  82 function wfForbidden() {
  83         header( 'HTTP/1.0 403 Forbidden' );
  84         header( 'Vary: Cookie' );
  85         header( 'Content-Type: text/html; charset=utf-8' );
  86         echo <<<ENDS
  87 <html>
  88 <body>
  89 <h1>Access Denied</h1>
  90 <p>You need to log in to access files on this server.</p>
  91 </body>
  92 </html>
  93 ENDS;
  94         wfLogProfilingData();
  95         exit();
  96 }
  97
  98 /**
  99  * Show a 403 error for use when the wiki is public
 100  */
 101 function wfPublicError() {
 102         header( 'HTTP/1.0 403 Forbidden' );
 103         header( 'Content-Type: text/html; charset=utf-8' );
 104         echo <<<ENDS
 105 <html>
 106 <body>
 107 <h1>Access Denied</h1>
 108 <p>The function of img_auth.php is to output files from a private wiki. This wiki
 109 is configured as a public wiki. For optimal security, img_auth.php is disabled in
 110 this case.
 111 </p>
 112 </body>
 113 </html>
 114 ENDS;
 115         wfLogProfilingData();
 116         exit;
 117 }
 118