X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=thumb.php;h=4e5c2134d3111e9bb092bc5e6c4783490651f112;hb=8b3ea1515f5bf62e2711a4e6fc303253e5102a11;hp=3b714135bc34cae2bd7ce11058d61feaa3328ca7;hpb=220bda9175a18458449e9d754fb48830c1f76f25;p=lhc%2Fweb%2Fwiklou.git diff --git a/thumb.php b/thumb.php index 3b714135bc..4e5c2134d3 100644 --- a/thumb.php +++ b/thumb.php @@ -35,7 +35,7 @@ if ( defined( 'THUMB_HANDLER' ) ) { wfThumbHandle404(); } else { // Called directly, use $_GET params - wfStreamThumb( $_GET ); + wfStreamThumb( $wgRequest->getQueryValues() ); } $mediawiki = new MediaWiki(); @@ -94,7 +94,7 @@ function wfStreamThumb( array $params ) { $headers = []; // HTTP headers to send - $fileName = isset( $params['f'] ) ? $params['f'] : ''; + $fileName = $params['f'] ?? ''; // Backwards compatibility parameters if ( isset( $params['w'] ) ) { @@ -155,7 +155,11 @@ function wfStreamThumb( array $params ) { // Check permissions if there are read restrictions $varyHeader = []; if ( !in_array( 'read', User::getGroupPermissions( [ '*' ] ), true ) ) { - if ( !$img->getTitle() || !$img->getTitle()->userCan( 'read' ) ) { + $user = RequestContext::getMain()->getUser(); + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); + $imgTitle = $img->getTitle(); + + if ( !$imgTitle || !$permissionManager->userCan( 'read', $user, $imgTitle ) ) { wfThumbError( 403, 'Access denied. You do not have permission to access ' . 'the source file.' ); return; @@ -244,7 +248,7 @@ function wfStreamThumb( array $params ) { } } - $rel404 = isset( $params['rel404'] ) ? $params['rel404'] : null; + $rel404 = $params['rel404'] ?? null; unset( $params['r'] ); // ignore 'r' because we unconditionally pass File::RENDER unset( $params['f'] ); // We're done with 'f' parameter. unset( $params['rel404'] ); // moved to $rel404 @@ -272,7 +276,7 @@ function wfStreamThumb( array $params ) { // For 404 handled thumbnails, we only use the base name of the URI // for the thumb params and the parent directory for the source file name. - // Check that the zone relative path matches up so squid caches won't pick + // Check that the zone relative path matches up so CDN caches won't pick // up thumbs that would not be purged on source file deletion (T36231). if ( $rel404 !== null ) { // thumbnail was handled via 404 if ( rawurldecode( $rel404 ) === $img->getThumbRel( $thumbName ) ) { @@ -409,6 +413,8 @@ function wfProxyThumbnailRequest( $img, $thumbName ) { // Send request to proxied service $status = $req->execute(); + MediaWiki\HeaderCallback::warnIfHeadersSent(); + // Simply serve the response from the proxied service as-is header( 'HTTP/1.1 ' . $req->getStatus() ); @@ -500,7 +506,7 @@ function wfGenerateThumbnail( File $file, array $params, $thumbName, $thumbPath } /** @noinspection PhpUnusedLocalVariableInspection */ - $done = true; // no PHP fatal occured + $done = true; // no PHP fatal occurred if ( !$thumb || $thumb->isError() ) { // Randomize TTL to reduce stampedes @@ -626,7 +632,7 @@ function wfThumbErrorText( $status, $msgText ) { * * @param int $status * @param string $msgHtml HTML - * @param string $msgText Short error description, for internal logging. Defaults to $msgHtml. + * @param string|null $msgText Short error description, for internal logging. Defaults to $msgHtml. * Only used for HTTP 500 errors. * @param array $context Error context, for internal logging. Only used for HTTP 500 errors. * @return void @@ -634,6 +640,8 @@ function wfThumbErrorText( $status, $msgText ) { function wfThumbError( $status, $msgHtml, $msgText = null, $context = [] ) { global $wgShowHostnames; + MediaWiki\HeaderCallback::warnIfHeadersSent(); + header( 'Cache-Control: no-cache' ); header( 'Content-Type: text/html; charset=utf-8' ); if ( $status == 400 || $status == 404 || $status == 429 ) { @@ -648,7 +656,7 @@ function wfThumbError( $status, $msgHtml, $msgText = null, $context = [] ) { if ( $wgShowHostnames ) { header( 'X-MW-Thumbnail-Renderer: ' . wfHostname() ); $url = htmlspecialchars( - isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '', + $_SERVER['REQUEST_URI'] ?? '', ENT_NOQUOTES ); $hostname = htmlspecialchars( wfHostname(), ENT_NOQUOTES );