dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from: d3e023d)
SECURITY: Fix accidental public CC headers in img_auth.php
authorTim Starling <tstarling@wikimedia.org>
Tue, 31 Mar 2020 06:02:49 +0000 (17:02 +1100)
committerReedy <reedy@wikimedia.org>
Wed, 24 Jun 2020 16:21:01 +0000 (17:21 +0100)
Incorrect parameters to FileBackend::streamFile() caused
Cache-Control:private and Vary:Cookie response headers to be omitted
when requesting a file in a path configured by $wgImgAuthUrlPathMap.
Typically this is used to deliver images generated by extensions.

CVE-2020-15005

Bug: T248947
Change-Id: I404d9462e4b35d3d832bfab21954ff87e46e3eb2


No differences found
Wiklou, le Wiki du Wiklou