X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=img_auth.php;h=2d2db9a5ed1035a448a2161cf07ac7ff112488f4;hb=a35f710791c7c86877be06af5e85636b3305d2e2;hp=667a40a5a89f6dc37e2bc7c5cdb598db086436f1;hpb=fcda8ed55cc25b7f5cd045c6945a1f8b85344205;p=lhc%2Fweb%2Fwiklou.git

diff --git a/img_auth.php b/img_auth.php
index 667a40a5a8..2d2db9a5ed 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -40,7 +40,7 @@
  */
 
 define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
-require ( __DIR__ . '/includes/WebStart.php' );
+require __DIR__ . '/includes/WebStart.php';
 wfProfileIn( 'img_auth.php' );
 
 # Set action base paths so that WebRequest::getPathInfo()
@@ -52,7 +52,7 @@ wfImageAuthMain();
 wfLogProfilingData();
 
 function wfImageAuthMain() {
-	global $wgImgAuthPublicTest, $wgRequest;
+	global $wgImgAuthPublicTest, $wgImgAuthUrlPathMap, $wgRequest;
 
 	// See if this is a public Wiki (no protections).
 	if ( $wgImgAuthPublicTest
@@ -77,14 +77,32 @@ function wfImageAuthMain() {
 
 	// Check for bug 28235: QUERY_STRING overriding the correct extension
 	$whitelist = array();
-	$dotPos = strrpos( $path, '.' );
-	if ( $dotPos !== false ) {
-		$whitelist[] = substr( $path, $dotPos + 1 );
+	$extension = FileBackend::extensionFromPath( $path );
+	if ( $extension != '' ) {
+		$whitelist[] = $extension;
 	}
 	if ( !$wgRequest->checkUrlExtension( $whitelist ) ) {
 		return;
 	}
 
+	// Various extensions may have their own backends that need access.
+	// Check if there is a special backend and storage base path for this file.
+	foreach ( $wgImgAuthUrlPathMap as $prefix => $storageDir ) {
+		$prefix = rtrim( $prefix, '/' ) . '/'; // implicit trailing slash
+		if ( strpos( $path, $prefix ) === 0 ) {
+			$be = FileBackendGroup::singleton()->backendFromPath( $storageDir );
+			$filename = $storageDir . substr( $path, strlen( $prefix ) ); // strip prefix
+			if ( $be->fileExists( array( 'src' => $filename ) ) ) {
+				wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." );
+				$be->streamFile( array( 'src' => $filename ),
+					array( 'Cache-Control: private', 'Vary: Cookie' ) );
+			} else {
+				wfForbidden( 'img-auth-accessdenied', 'img-auth-nofile', $filename );
+			}
+			return;
+		}
+	}
+
 	// Get the local file repository
 	$repo = RepoGroup::singleton()->getRepo( 'local' );
 
@@ -113,6 +131,8 @@ function wfImageAuthMain() {
 	}
 
 	// Run hook for extension authorization plugins
+	/** @var $result array */
+	$result = null;
 	if ( !wfRunHooks( 'ImgAuthBeforeStream', array( &$title, &$path, &$name, &$result ) ) ) {
 		wfForbidden( $result[0], $result[1], array_slice( $result, 2 ) );
 		return;
@@ -143,6 +163,7 @@ function wfForbidden( $msg1, $msg2 ) {
 	$args = func_get_args();
 	array_shift( $args );
 	array_shift( $args );
+	$args = ( isset( $args[0] ) && is_array( $args[0] ) ) ? $args[0] : $args;
 
 	$msgHdr = wfMessage( $msg1 )->escaped();
 	$detailMsgKey = $wgImgAuthDetails ? $msg2 : 'badaccess-group0';