img_auth.php

   1 <?php
   2
   3 /**
   4  * Image authorisation script
   5  *
   6  * To use this:
   7  *
   8  * - Set $wgUploadDirectory to a non-public directory (not web accessible)
   9  * - Set $wgUploadPath to point to this file
  10  *
  11  * Your server needs to support PATH_INFO; CGI-based configurations
  12  * usually don't.
  13  *
  14  * @file
  15  */
  16
  17 define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
  18 require_once( dirname( __FILE__ ) . '/includes/WebStart.php' );
  19 wfProfileIn( 'img_auth.php' );
  20 require_once( dirname( __FILE__ ) . '/includes/StreamFile.php' );
  21
  22 $perms = User::getGroupPermissions( array( '*' ) );
  23 if ( in_array( 'read', $perms, true ) ) {
  24         wfDebugLog( 'img_auth', 'Public wiki' );
  25         wfPublicError();
  26 }
  27
  28 // Extract path and image information
  29 if( !isset( $_SERVER['PATH_INFO'] ) ) {
  30         wfDebugLog( 'img_auth', 'Missing PATH_INFO' );
  31         wfForbidden();
  32 }
  33
  34 $path = $_SERVER['PATH_INFO'];
  35 $filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
  36 $realUpload = realpath( $wgUploadDirectory );
  37 wfDebugLog( 'img_auth', "\$path is {$path}" );
  38 wfDebugLog( 'img_auth', "\$filename is {$filename}" );
  39
  40 // Basic directory traversal check
  41 if( substr( $filename, 0, strlen( $realUpload ) ) != $realUpload ) {
  42         wfDebugLog( 'img_auth', 'Requested path not in upload directory' );
  43         wfForbidden();
  44 }
  45
  46 // Extract the file name and chop off the size specifier
  47 // (e.g. 120px-Foo.png => Foo.png)
  48 $name = wfBaseName( $path );
  49 if( preg_match( '!\d+px-(.*)!i', $name, $m ) )
  50         $name = $m[1];
  51 wfDebugLog( 'img_auth', "\$name is {$name}" );
  52
  53 $title = Title::makeTitleSafe( NS_FILE, $name );
  54 if( !$title instanceof Title ) {
  55         wfDebugLog( 'img_auth', "Unable to construct a valid Title from `{$name}`" );
  56         wfForbidden();
  57 }
  58 $title = $title->getPrefixedText();
  59
  60 // Check the whitelist if needed
  61 if( !$wgUser->getId() && ( !is_array( $wgWhitelistRead ) || !in_array( $title, $wgWhitelistRead ) ) ) {
  62         wfDebugLog( 'img_auth', "Not logged in and `{$title}` not in whitelist." );
  63         wfForbidden();
  64 }
  65
  66 if( !file_exists( $filename ) ) {
  67         wfDebugLog( 'img_auth', "`{$filename}` does not exist" );
  68         wfForbidden();
  69 }
  70 if( is_dir( $filename ) ) {
  71         wfDebugLog( 'img_auth', "`{$filename}` is a directory" );
  72         wfForbidden();
  73 }
  74
  75 // Stream the requested file
  76 wfDebugLog( 'img_auth', "Streaming `{$filename}`" );
  77 wfStreamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
  78 wfLogProfilingData();
  79
  80 /**
  81  * Issue a standard HTTP 403 Forbidden header and a basic
  82  * error message, then end the script
  83  */
  84 function wfForbidden() {
  85         header( 'HTTP/1.0 403 Forbidden' );
  86         header( 'Vary: Cookie' );
  87         header( 'Content-Type: text/html; charset=utf-8' );
  88         echo <<<ENDS
  89 <html>
  90 <body>
  91 <h1>Access Denied</h1>
  92 <p>You need to log in to access files on this server.</p>
  93 </body>
  94 </html>
  95 ENDS;
  96         wfLogProfilingData();
  97         exit();
  98 }
  99
 100 /**
 101  * Show a 403 error for use when the wiki is public
 102  */
 103 function wfPublicError() {
 104         header( 'HTTP/1.0 403 Forbidden' );
 105         header( 'Content-Type: text/html; charset=utf-8' );
 106         echo <<<ENDS
 107 <html>
 108 <body>
 109 <h1>Access Denied</h1>
 110 <p>The function of img_auth.php is to output files from a private wiki. This wiki
 111 is configured as a public wiki. For optimal security, img_auth.php is disabled in
 112 this case.
 113 </p>
 114 </body>
 115 </html>
 116 ENDS;
 117         wfLogProfilingData();
 118         exit;
 119 }
 120