X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=img_auth.php;h=c2541f69b2dc8b2a078febd93f6e7d414b3bd1bf;hb=8081138adbf37e12e4af9114a631612ed44d11db;hp=4764b780ef5b9d2c2117f418258e5b6432dc52f2;hpb=81fad6027c7882939996e97bc4afbda952a50fe3;p=lhc%2Fweb%2Fwiklou.git diff --git a/img_auth.php b/img_auth.php index 4764b780ef..c2541f69b2 100644 --- a/img_auth.php +++ b/img_auth.php @@ -30,18 +30,25 @@ require_once( dirname( __FILE__ ) . '/includes/WebStart.php' ); wfProfileIn( 'img_auth.php' ); require_once( dirname( __FILE__ ) . '/includes/StreamFile.php' ); -$perms = User::getGroupPermissions( array( '*' ) ); - // See if this is a public Wiki (no protections) -if ( $wgImgAuthPublicTest && in_array( 'read', $perms, true ) ) +if ( $wgImgAuthPublicTest + && in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) +{ wfForbidden('img-auth-accessdenied','img-auth-public'); +} // Extract path and image information -if( !isset( $_SERVER['PATH_INFO'] ) ) - wfForbidden('img-auth-accessdenied','img-auth-nopathinfo'); +if( !isset( $_SERVER['PATH_INFO'] ) ) { + $path = $wgRequest->getText( 'path' ); + if( !$path ) { + wfForbidden( 'img-auth-accessdenied', 'img-auth-nopathinfo' ); + } + $path = "/$path"; +} else { + $path = $_SERVER['PATH_INFO']; +} -$path = $_SERVER['PATH_INFO']; -$filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] ); +$filename = realpath( $wgUploadDirectory . $path ); $realUpload = realpath( $wgUploadDirectory ); // Basic directory traversal check @@ -56,31 +63,30 @@ if( preg_match( '!\d+px-(.*)!i', $name, $m ) ) // Check to see if the file exists if( !file_exists( $filename ) ) - wfForbidden('img-auth-accessdenied','img-auth-nofile',htmlspecialchars($filename)); + wfForbidden('img-auth-accessdenied','img-auth-nofile',$filename); // Check to see if tried to access a directory if( is_dir( $filename ) ) - wfForbidden('img-auth-accessdenied','img-auth-isdir',htmlspecialchars($filename)); + wfForbidden('img-auth-accessdenied','img-auth-isdir',$filename); $title = Title::makeTitleSafe( NS_FILE, $name ); // See if could create the title object if( !$title instanceof Title ) - wfForbidden('img-auth-accessdenied','img-auth-badtitle',htmlspecialchars($name)); + wfForbidden('img-auth-accessdenied','img-auth-badtitle',$name); // Run hook if (!wfRunHooks( 'ImgAuthBeforeStream', array( &$title, &$path, &$name, &$result ) ) ) - call_user_func_array('wfForbidden',merge_array(array($result[0],$result[1]),array_slice($result,2))); + wfForbidden($result[0],$result[1],array_slice($result,2)); // Check user authorization for this title // UserCanRead Checks Whitelist too -if( !$title->userCanRead() ) - wfForbidden('img-auth-accessdenied','img-auth-noread',htmlspecialchars($name)); - +if( !$title->userCanRead() ) + wfForbidden('img-auth-accessdenied','img-auth-noread',$name); // Stream the requested file -wfDebugLog( 'img_auth', "Streaming `".htmlspecialchars($filename)."`." ); +wfDebugLog( 'img_auth', "Streaming `".$filename."`." ); wfStreamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) ); wfLogProfilingData(); @@ -94,10 +100,10 @@ function wfForbidden($msg1,$msg2) { $args = func_get_args(); array_shift( $args ); array_shift( $args ); - $MsgHdr = wfMsgHTML($msg1); - $detailMsg = call_user_func_array('wfMsgHTML',array_merge(array($wgImgAuthDetails ? $msg2 : 'badaccess-group0'),$args)); + $MsgHdr = htmlspecialchars(wfMsg($msg1)); + $detailMsg = (htmlspecialchars(wfMsg(($wgImgAuthDetails ? $msg2 : 'badaccess-group0'),$args))); wfDebugLog('img_auth', "wfForbidden Hdr:".wfMsgExt( $msg1, array('language' => 'en'))." Msg: ". - call_user_func_array('wfMsgExt',array_merge( array($msg2, array('language' => 'en')),$args))); + wfMsgExt($msg2,array('language' => 'en'),$args)); header( 'HTTP/1.0 403 Forbidden' ); header( 'Cache-Control: no-cache' ); header( 'Content-Type: text/html; charset=utf-8' );