From: James Montalvo Date: Fri, 15 Mar 2019 04:03:29 +0000 (-0500) Subject: Add ImgAuthModifyHeaders hook to img_auth.php to modify headers X-Git-Tag: 1.34.0-rc.0~991^2 X-Git-Url: http://git.heureux-cyclage.org/?a=commitdiff_plain;h=8e28a4b8b86704d7350e7c34ee1714dc9db02805;p=lhc%2Fweb%2Fwiklou.git Add ImgAuthModifyHeaders hook to img_auth.php to modify headers Change-Id: I3c6fd7b0c39d7fd52c484494233241093d152f88 --- diff --git a/RELEASE-NOTES-1.34 b/RELEASE-NOTES-1.34 index ea46a7d3a8..6da79625bc 100644 --- a/RELEASE-NOTES-1.34 +++ b/RELEASE-NOTES-1.34 @@ -67,6 +67,8 @@ For notes on 1.33.x and older releases, see HISTORY. from other users originating from Special:EmailUser. === New developer features in 1.34 === +* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification + of headers in private wikis. * Language::formatTimePeriod now supports the new 'avoidhours' option to output strings like "5 days ago" instead of "5 days 13 hours ago". diff --git a/docs/hooks.txt b/docs/hooks.txt index 80453f48c6..8f3c67e31b 100644 --- a/docs/hooks.txt +++ b/docs/hooks.txt @@ -1810,7 +1810,7 @@ $page: ImagePage object $page: ImagePage object &$toc: Array of
  • strings -'ImgAuthBeforeStream': executed before file is streamed to user, but only when +'ImgAuthBeforeStream': Executed before file is streamed to user, but only when using img_auth.php. &$title: the Title object of the file as it would appear for the upload page &$path: the original file and path name when img_auth was invoked by the web @@ -1823,6 +1823,14 @@ using img_auth.php. $result[2 through n]=Parameters passed to body text message. Please note the header message cannot receive/use parameters. +'ImgAuthModifyHeaders': Executed just before a file is streamed to a user via +img_auth.php, allowing headers to be modified beforehand. +$title: LinkTarget object +&$headers: HTTP headers ( name => value, names are case insensitive ). + Two headers get special handling: If-Modified-Since (value must be + a valid HTTP date) and Range (must be of the form "bytes=(\d*-\d*)") + will be honored when streaming the file. + 'ImportHandleLogItemXMLTag': When parsing a XML tag in a log item. Return false to stop further processing of the tag $reader: XMLReader object diff --git a/img_auth.php b/img_auth.php index 1434125af9..914014d85f 100644 --- a/img_auth.php +++ b/img_auth.php @@ -138,12 +138,13 @@ function wfImageAuthMain() { $headers = []; // extra HTTP headers to send + $title = Title::makeTitleSafe( NS_FILE, $name ); + if ( !$publicWiki ) { // For private wikis, run extra auth checks and set cache control headers - $headers[] = 'Cache-Control: private'; - $headers[] = 'Vary: Cookie'; + $headers['Cache-Control'] = 'private'; + $headers['Vary'] = 'Cookie'; - $title = Title::makeTitleSafe( NS_FILE, $name ); if ( !$title instanceof Title ) { // files have valid titles wfForbidden( 'img-auth-accessdenied', 'img-auth-badtitle', $name ); return; @@ -167,19 +168,22 @@ function wfImageAuthMain() { } } - $options = []; // HTTP header options if ( isset( $_SERVER['HTTP_RANGE'] ) ) { - $options['range'] = $_SERVER['HTTP_RANGE']; + $headers['Range'] = $_SERVER['HTTP_RANGE']; } if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) { - $options['if-modified-since'] = $_SERVER['HTTP_IF_MODIFIED_SINCE']; + $headers['If-Modified-Since'] = $_SERVER['HTTP_IF_MODIFIED_SINCE']; } if ( $request->getCheck( 'download' ) ) { - $headers[] = 'Content-Disposition: attachment'; + $headers['Content-Disposition'] = 'attachment'; } + // Allow modification of headers before streaming a file + Hooks::run( 'ImgAuthModifyHeaders', [ $title->getTitleValue(), &$headers ] ); + // Stream the requested file + list( $headers, $options ) = HTTPFileStreamer::preprocessHeaders( $headers ); wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." ); $repo->streamFileWithStatus( $filename, $headers, $options ); }