X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=img_auth.php;h=7f922c52239190a4591b64e9e7252a442774544f;hb=d93ece35276f711f26d680df207155e62b7946ac;hp=8b121812f6b628f20b44a893ce4d00cc9962a7cb;hpb=22c5655da3e1d35c0cc651f7a5703b39f6f88121;p=lhc%2Fweb%2Fwiklou.git

diff --git a/img_auth.php b/img_auth.php
index 8b121812f6..7f922c5223 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -72,36 +72,26 @@ function wfImageAuthMain() {
 		return;
 	}
 
-	// Get the full file path
-	$filename = realpath( $wgUploadDirectory . $path );
-	$realUpload = realpath( $wgUploadDirectory );
+	// Get the local file repository
+	$repo = RepoGroup::singleton()->getRepo( 'local' );
 
-	// Basic directory traversal check
-	if ( substr( $filename, 0, strlen( $realUpload ) ) != $realUpload ) {
-		wfForbidden( 'img-auth-accessdenied', 'img-auth-notindir' );
-		return;
+	// Get the full file storage path and extract the source file name.
+	// (e.g. 120px-Foo.png => Foo.png or page2-120px-Foo.png => Foo.png).
+	// This only applies to thumbnails, and all thumbnails should
+	// be under a folder that has the source file name.
+	if ( strpos( $path, '/thumb/' ) === 0 ) {
+		$name = wfBaseName( dirname( $path ) ); // file is a thumbnail
+		$filename = $repo->getZonePath( 'thumb' ) . substr( $path, 6 ); // strip "/thumb"
+	} else {
+		$name = wfBaseName( $path ); // file is a source file
+		$filename = $repo->getZonePath( 'public' ) . $path;
 	}
 
 	// Check to see if the file exists
-	if ( !file_exists( $filename ) ) {
+	if ( !$repo->fileExists( $filename, FileRepo::FILES_ONLY ) ) {
 		wfForbidden( 'img-auth-accessdenied','img-auth-nofile', $filename );
 		return;
 	}
-	
-	// Check to see if tried to access a directory
-	if ( is_dir( $filename ) ) {
-		wfForbidden( 'img-auth-accessdenied','img-auth-isdir', $filename );
-		return;
-	}
-
-	// Extract the file name and chop off the size specifier.
-	// (e.g. 120px-Foo.png => Foo.png or page2-120px-Foo.png => Foo.png).
-	// This only applies to thumbnails, and all thumbnails should
-	// be under a folder that has the source file name.
-	$name = wfBaseName( $path );
-	if ( strpos( $path, '/thumb/' ) === 0 ) {
-		$name = wfBaseName( dirname( $path ) ); // this file is a thumbnail
-	}
 
 	$title = Title::makeTitleSafe( NS_FILE, $name );
 	if ( !$title instanceof Title ) { // files have valid titles
@@ -116,15 +106,15 @@ function wfImageAuthMain() {
 	}
 	
 	// Check user authorization for this title
-	// UserCanRead Checks Whitelist too
-	if ( !$title->userCanRead() ) {
+	// Checks Whitelist too
+	if ( !$title->userCan( 'read' ) ) {
 		wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $name );
 		return;
 	}
 
 	// Stream the requested file
 	wfDebugLog( 'img_auth', "Streaming `".$filename."`." );
-	StreamFile::stream( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
+	$repo->streamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
 }
 
 /**