X-Git-Url: http://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=img_auth.php;h=2caf57ad5830679a36aa7d55056763ff9d57a72a;hp=fa1609f96398c83a68034e1e04d8fb21a238fde3;hb=d5aeff51afd8a451c9185f0f754f86408185c876;hpb=47437e0653542aae57ea456b24486efb48ee8aac diff --git a/img_auth.php b/img_auth.php index fa1609f963..2caf57ad58 100644 --- a/img_auth.php +++ b/img_auth.php @@ -68,7 +68,7 @@ function wfImageAuthMain() { $path = "/" . $path; } - // Check for bug 28235: QUERY_STRING overriding the correct extension + // Check for T30235: QUERY_STRING overriding the correct extension $whitelist = []; $extension = FileBackend::extensionFromPath( $path, 'rawcase' ); if ( $extension != '' ) { @@ -92,8 +92,10 @@ function wfImageAuthMain() { } if ( $be->fileExists( [ 'src' => $filename ] ) ) { wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." ); - $be->streamFile( [ 'src' => $filename ], - [ 'Cache-Control: private', 'Vary: Cookie' ] ); + $be->streamFile( [ + 'src' => $filename, + 'headers' => [ 'Cache-Control: private', 'Vary: Cookie' ] + ] ); } else { wfForbidden( 'img-auth-accessdenied', 'img-auth-nofile', $path ); } @@ -135,12 +137,13 @@ function wfImageAuthMain() { $headers = []; // extra HTTP headers to send + $title = Title::makeTitleSafe( NS_FILE, $name ); + if ( !$publicWiki ) { // For private wikis, run extra auth checks and set cache control headers - $headers[] = 'Cache-Control: private'; - $headers[] = 'Vary: Cookie'; + $headers['Cache-Control'] = 'private'; + $headers['Vary'] = 'Cookie'; - $title = Title::makeTitleSafe( NS_FILE, $name ); if ( !$title instanceof Title ) { // files have valid titles wfForbidden( 'img-auth-accessdenied', 'img-auth-badtitle', $name ); return; @@ -162,19 +165,22 @@ function wfImageAuthMain() { } } - $options = []; // HTTP header options if ( isset( $_SERVER['HTTP_RANGE'] ) ) { - $options['range'] = $_SERVER['HTTP_RANGE']; + $headers['Range'] = $_SERVER['HTTP_RANGE']; } if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) { - $options['if-modified-since'] = $_SERVER['HTTP_IF_MODIFIED_SINCE']; + $headers['If-Modified-Since'] = $_SERVER['HTTP_IF_MODIFIED_SINCE']; } if ( $request->getCheck( 'download' ) ) { - $headers[] = 'Content-Disposition: attachment'; + $headers['Content-Disposition'] = 'attachment'; } + // Allow modification of headers before streaming a file + Hooks::run( 'ImgAuthModifyHeaders', [ $title->getTitleValue(), &$headers ] ); + // Stream the requested file + list( $headers, $options ) = HTTPFileStreamer::preprocessHeaders( $headers ); wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." ); $repo->streamFile( $filename, $headers, $options ); }