// Check permissions if there are read restrictions
$varyHeader = [];
if ( !in_array( 'read', User::getGroupPermissions( [ '*' ] ), true ) ) {
- if ( !$img->getTitle() || !$img->getTitle()->userCan( 'read' ) ) {
+ $user = RequestContext::getMain()->getUser();
+ $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+ $imgTitle = $img->getTitle();
+
+ if ( !$imgTitle || !$permissionManager->userCan( 'read', $user, $imgTitle ) ) {
wfThumbError( 403, 'Access denied. You do not have permission to access ' .
'the source file.' );
return;
// Send request to proxied service
$status = $req->execute();
+ MediaWiki\HeaderCallback::warnIfHeadersSent();
+
// Simply serve the response from the proxied service as-is
header( 'HTTP/1.1 ' . $req->getStatus() );
function wfThumbError( $status, $msgHtml, $msgText = null, $context = [] ) {
global $wgShowHostnames;
+ MediaWiki\HeaderCallback::warnIfHeadersSent();
+
header( 'Cache-Control: no-cache' );
header( 'Content-Type: text/html; charset=utf-8' );
if ( $status == 400 || $status == 404 || $status == 429 ) {