From aeb36c13a50083436445e212b4af98175f2661d6 Mon Sep 17 00:00:00 2001 From: James Montalvo Date: Thu, 14 Mar 2019 23:03:29 -0500 Subject: [PATCH] Add ImgAuthModifyHeaders hook to img_auth.php to modify headers Change-Id: I3c6fd7b0c39d7fd52c484494233241093d152f88 --- RELEASE-NOTES-1.31 | 3 +++ docs/hooks.txt | 10 +++++++++- img_auth.php | 18 +++++++++++------- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/RELEASE-NOTES-1.31 b/RELEASE-NOTES-1.31 index b3b1cc0412..01f5962fe9 100644 --- a/RELEASE-NOTES-1.31 +++ b/RELEASE-NOTES-1.31 @@ -4,6 +4,9 @@ THIS IS NOT A RELEASE YET === Changes since MediaWiki 1.31.3 === +* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification + of headers in private wikis. + == MediaWiki 1.31.3 == This is a maintenance release of the MediaWiki 1.31 branch. diff --git a/docs/hooks.txt b/docs/hooks.txt index d932148e4d..e79272c9c8 100644 --- a/docs/hooks.txt +++ b/docs/hooks.txt @@ -1822,7 +1822,7 @@ $page: ImagePage object $page: ImagePage object &$toc: Array of
  • strings -'ImgAuthBeforeStream': executed before file is streamed to user, but only when +'ImgAuthBeforeStream': Executed before file is streamed to user, but only when using img_auth.php. &$title: the Title object of the file as it would appear for the upload page &$path: the original file and path name when img_auth was invoked by the web @@ -1835,6 +1835,14 @@ using img_auth.php. $result[2 through n]=Parameters passed to body text message. Please note the header message cannot receive/use parameters. +'ImgAuthModifyHeaders': Executed just before a file is streamed to a user via +img_auth.php, allowing headers to be modified beforehand. +$title: LinkTarget object +&$headers: HTTP headers ( name => value, names are case insensitive ). + Two headers get special handling: If-Modified-Since (value must be + a valid HTTP date) and Range (must be of the form "bytes=(\d*-\d*)") + will be honored when streaming the file. + 'ImportHandleLogItemXMLTag': When parsing a XML tag in a log item. Return false to stop further processing of the tag $reader: XMLReader object diff --git a/img_auth.php b/img_auth.php index 205280908b..70570d8649 100644 --- a/img_auth.php +++ b/img_auth.php @@ -135,12 +135,13 @@ function wfImageAuthMain() { $headers = []; // extra HTTP headers to send + $title = Title::makeTitleSafe( NS_FILE, $name ); + if ( !$publicWiki ) { // For private wikis, run extra auth checks and set cache control headers - $headers[] = 'Cache-Control: private'; - $headers[] = 'Vary: Cookie'; + $headers['Cache-Control'] = 'private'; + $headers['Vary'] = 'Cookie'; - $title = Title::makeTitleSafe( NS_FILE, $name ); if ( !$title instanceof Title ) { // files have valid titles wfForbidden( 'img-auth-accessdenied', 'img-auth-badtitle', $name ); return; @@ -162,19 +163,22 @@ function wfImageAuthMain() { } } - $options = []; // HTTP header options if ( isset( $_SERVER['HTTP_RANGE'] ) ) { - $options['range'] = $_SERVER['HTTP_RANGE']; + $headers['Range'] = $_SERVER['HTTP_RANGE']; } if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) { - $options['if-modified-since'] = $_SERVER['HTTP_IF_MODIFIED_SINCE']; + $headers['If-Modified-Since'] = $_SERVER['HTTP_IF_MODIFIED_SINCE']; } if ( $request->getCheck( 'download' ) ) { - $headers[] = 'Content-Disposition: attachment'; + $headers['Content-Disposition'] = 'attachment'; } + // Allow modification of headers before streaming a file + Hooks::run( 'ImgAuthModifyHeaders', [ $title->getTitleValue(), &$headers ] ); + // Stream the requested file + list( $headers, $options ) = HTTPFileStreamer::preprocessHeaders( $headers ); wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." ); $repo->streamFile( $filename, $headers, $options ); } -- 2.20.1