X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=img_auth.php;h=a0976af3b0d89458f694f4e5d5870951ee029d14;hb=16787035f41df40fde9eaf1b5bc664166985392b;hp=72a7dab85536e74eed2cf48230d1d3ae80400711;hpb=c131c00ea5776c986847852314b9305b7738d329;p=lhc%2Fweb%2Fwiklou.git

diff --git a/img_auth.php b/img_auth.php
index 72a7dab855..a0976af3b0 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -2,7 +2,7 @@
 /**
  * Image authorisation script
  *
- * To use this, see http://www.mediawiki.org/wiki/Manual:Image_Authorization
+ * To use this, see https://www.mediawiki.org/wiki/Manual:Image_Authorization
  *
  * - Set $wgUploadDirectory to a non-public directory (not web accessible)
  * - Set $wgUploadPath to point to this file
@@ -92,11 +92,11 @@ function wfImageAuthMain() {
 		if ( strpos( $path, $prefix ) === 0 ) {
 			$be = FileBackendGroup::singleton()->backendFromPath( $storageDir );
 			$filename = $storageDir . substr( $path, strlen( $prefix ) ); // strip prefix
-                       // Check basic user authorization
-                       if ( !RequestContext::getMain()->getUser()->isAllowed( 'read' ) ) {
-                               wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $path );
-                               return;
-                       }
+			// Check basic user authorization
+			if ( !RequestContext::getMain()->getUser()->isAllowed( 'read' ) ) {
+				wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $path );
+				return;
+			}
 			if ( $be->fileExists( array( 'src' => $filename ) ) ) {
 				wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." );
 				$be->streamFile( array( 'src' => $filename ),
@@ -150,6 +150,10 @@ function wfImageAuthMain() {
 		return;
 	}
 
+	if ( $wgRequest->getCheck( 'download' ) ) {
+		header( 'Content-Disposition: attachment' );
+	}
+
 	// Stream the requested file
 	wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." );
 	$repo->streamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );