$path = "/" . $path;
}
- // Check for bug 28235: QUERY_STRING overriding the correct extension
+ // Check for T30235: QUERY_STRING overriding the correct extension
$whitelist = [];
$extension = FileBackend::extensionFromPath( $path, 'rawcase' );
if ( $extension != '' ) {
$headers = []; // extra HTTP headers to send
+ $title = Title::makeTitleSafe( NS_FILE, $name );
+
if ( !$publicWiki ) {
// For private wikis, run extra auth checks and set cache control headers
- $headers[] = 'Cache-Control: private';
- $headers[] = 'Vary: Cookie';
+ $headers['Cache-Control'] = 'private';
+ $headers['Vary'] = 'Cookie';
- $title = Title::makeTitleSafe( NS_FILE, $name );
if ( !$title instanceof Title ) { // files have valid titles
wfForbidden( 'img-auth-accessdenied', 'img-auth-badtitle', $name );
return;
}
}
- $options = []; // HTTP header options
if ( isset( $_SERVER['HTTP_RANGE'] ) ) {
- $options['range'] = $_SERVER['HTTP_RANGE'];
+ $headers['Range'] = $_SERVER['HTTP_RANGE'];
}
if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
- $options['if-modified-since'] = $_SERVER['HTTP_IF_MODIFIED_SINCE'];
+ $headers['If-Modified-Since'] = $_SERVER['HTTP_IF_MODIFIED_SINCE'];
}
if ( $request->getCheck( 'download' ) ) {
- $headers[] = 'Content-Disposition: attachment';
+ $headers['Content-Disposition'] = 'attachment';
}
+ // Allow modification of headers before streaming a file
+ Hooks::run( 'ImgAuthModifyHeaders', [ $title->getTitleValue(), &$headers ] );
+
// Stream the requested file
+ list( $headers, $options ) = HTTPFileStreamer::preprocessHeaders( $headers );
wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." );
$repo->streamFile( $filename, $headers, $options );
}