+ // Actually fetch the image. Method depends on whether it is archived or not.
+ if( $isOld ) {
+ // Format is <timestamp>!<name>
+ $bits = explode( '!', $fileName, 2 );
+ if( !isset($bits[1]) ) {
+ wfThumbError( 404, wfMsg( 'badtitletext' ) );
+ return;
+ }
+ $title = Title::makeTitleSafe( NS_FILE, $bits[1] );
+ if( is_null($title) ) {
+ wfThumbError( 404, wfMsg( 'badtitletext' ) );
+ return;
+ }
+ $img = RepoGroup::singleton()->getLocalRepo()->newFromArchiveName( $title, $fileName );
+ } else {
+ $img = wfLocalFile( $fileName );
+ }
+
+ // Check permissions if there are read restrictions
+ if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) {
+ if ( !$img->getTitle()->userCanRead() ) {
+ wfThumbError( 403, 'Access denied. You do not have permission to access ' .
+ 'the source file.' );
+ return;
+ }
+ $headers[] = 'Cache-Control: private';
+ $headers[] = 'Vary: Cookie';
+ }
+