X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=img_auth.php;h=2d2db9a5ed1035a448a2161cf07ac7ff112488f4;hb=d0fc29d788d9b3d1dec1c620ed08b6a701c380d0;hp=b3a34955def2730b0fd70857bfcb9f04d7ec09cd;hpb=ba25ed9ee004985826eeb4635ebf740da95ef297;p=lhc%2Fweb%2Fwiklou.git diff --git a/img_auth.php b/img_auth.php index b3a34955de..2d2db9a5ed 100644 --- a/img_auth.php +++ b/img_auth.php @@ -40,15 +40,11 @@ */ define( 'MW_NO_OUTPUT_COMPRESSION', 1 ); -if ( isset( $_SERVER['MW_COMPILED'] ) ) { - require ( 'core/includes/WebStart.php' ); -} else { - require ( __DIR__ . '/includes/WebStart.php' ); -} +require __DIR__ . '/includes/WebStart.php'; wfProfileIn( 'img_auth.php' ); # Set action base paths so that WebRequest::getPathInfo() -# recognizes the "X" as the 'title' in ../image_auth/X urls. +# recognizes the "X" as the 'title' in ../img_auth.php/X urls. $wgArticlePath = false; # Don't let a "/*" article path clober our action path $wgActionPaths = array( "$wgUploadPath/" ); @@ -56,12 +52,12 @@ wfImageAuthMain(); wfLogProfilingData(); function wfImageAuthMain() { - global $wgImgAuthPublicTest, $wgRequest; + global $wgImgAuthPublicTest, $wgImgAuthUrlPathMap, $wgRequest; // See if this is a public Wiki (no protections). if ( $wgImgAuthPublicTest - && in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) - { + && in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) + ) { // This is a public wiki, so disable this script (for private wikis only) wfForbidden( 'img-auth-accessdenied', 'img-auth-public' ); return; @@ -81,14 +77,32 @@ function wfImageAuthMain() { // Check for bug 28235: QUERY_STRING overriding the correct extension $whitelist = array(); - $dotPos = strrpos( $path, '.' ); - if ( $dotPos !== false ) { - $whitelist[] = substr( $path, $dotPos + 1 ); + $extension = FileBackend::extensionFromPath( $path ); + if ( $extension != '' ) { + $whitelist[] = $extension; } if ( !$wgRequest->checkUrlExtension( $whitelist ) ) { return; } + // Various extensions may have their own backends that need access. + // Check if there is a special backend and storage base path for this file. + foreach ( $wgImgAuthUrlPathMap as $prefix => $storageDir ) { + $prefix = rtrim( $prefix, '/' ) . '/'; // implicit trailing slash + if ( strpos( $path, $prefix ) === 0 ) { + $be = FileBackendGroup::singleton()->backendFromPath( $storageDir ); + $filename = $storageDir . substr( $path, strlen( $prefix ) ); // strip prefix + if ( $be->fileExists( array( 'src' => $filename ) ) ) { + wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." ); + $be->streamFile( array( 'src' => $filename ), + array( 'Cache-Control: private', 'Vary: Cookie' ) ); + } else { + wfForbidden( 'img-auth-accessdenied', 'img-auth-nofile', $filename ); + } + return; + } + } + // Get the local file repository $repo = RepoGroup::singleton()->getRepo( 'local' ); @@ -106,7 +120,7 @@ function wfImageAuthMain() { // Check to see if the file exists if ( !$repo->fileExists( $filename ) ) { - wfForbidden( 'img-auth-accessdenied','img-auth-nofile', $filename ); + wfForbidden( 'img-auth-accessdenied', 'img-auth-nofile', $filename ); return; } @@ -117,6 +131,8 @@ function wfImageAuthMain() { } // Run hook for extension authorization plugins + /** @var $result array */ + $result = null; if ( !wfRunHooks( 'ImgAuthBeforeStream', array( &$title, &$path, &$name, &$result ) ) ) { wfForbidden( $result[0], $result[1], array_slice( $result, 2 ) ); return; @@ -130,7 +146,7 @@ function wfImageAuthMain() { } // Stream the requested file - wfDebugLog( 'img_auth', "Streaming `".$filename."`." ); + wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." ); $repo->streamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) ); } @@ -147,14 +163,15 @@ function wfForbidden( $msg1, $msg2 ) { $args = func_get_args(); array_shift( $args ); array_shift( $args ); + $args = ( isset( $args[0] ) && is_array( $args[0] ) ) ? $args[0] : $args; $msgHdr = wfMessage( $msg1 )->escaped(); $detailMsgKey = $wgImgAuthDetails ? $msg2 : 'badaccess-group0'; $detailMsg = wfMessage( $detailMsgKey, $args )->escaped(); wfDebugLog( 'img_auth', - "wfForbidden Hdr:" . wfMessage( $msg1 )->inLanguage( 'en' )->text() . " Msg: ". - wfMessage( $msg2, $args )->inLanguage( 'en' )->text() + "wfForbidden Hdr: " . wfMessage( $msg1 )->inLanguage( 'en' )->text() . " Msg: " . + wfMessage( $msg2, $args )->inLanguage( 'en' )->text() ); header( 'HTTP/1.0 403 Forbidden' );