X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=thumb.php;h=5be1ed07abefa2664b703cd6738bb0671ef18c2d;hb=bfff8c74ffe8e559299dfc1428ea12fcc69eb904;hp=cf9bd2cdfeae0010ea89bb2e6baa59036dacff6e;hpb=a891b8643c35ffacfda59d9208778195c39c3d9b;p=lhc%2Fweb%2Fwiklou.git

diff --git a/thumb.php b/thumb.php
index cf9bd2cdfe..5be1ed07ab 100644
--- a/thumb.php
+++ b/thumb.php
@@ -25,6 +25,7 @@ use MediaWiki\Logger\LoggerFactory;
 use MediaWiki\MediaWikiServices;
 
 define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
+define( 'MW_ENTRY_POINT', 'thumb' );
 require __DIR__ . '/includes/WebStart.php';
 
 // Don't use fancy MIME detection, just check the file extension for jpg/gif/png
@@ -35,7 +36,7 @@ if ( defined( 'THUMB_HANDLER' ) ) {
 	wfThumbHandle404();
 } else {
 	// Called directly, use $_GET params
-	wfStreamThumb( $wgRequest->getQueryValues() );
+	wfStreamThumb( $wgRequest->getQueryValuesOnly() );
 }
 
 $mediawiki = new MediaWiki();
@@ -91,6 +92,7 @@ function wfThumbHandle404() {
  */
 function wfStreamThumb( array $params ) {
 	global $wgVaryOnXFP;
+	$permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
 
 	$headers = []; // HTTP headers to send
 
@@ -154,8 +156,11 @@ function wfStreamThumb( array $params ) {
 
 	// Check permissions if there are read restrictions
 	$varyHeader = [];
-	if ( !in_array( 'read', User::getGroupPermissions( [ '*' ] ), true ) ) {
-		if ( !$img->getTitle() || !$img->getTitle()->userCan( 'read' ) ) {
+	if ( !in_array( 'read', $permissionManager->getGroupPermissions( [ '*' ] ), true ) ) {
+		$user = RequestContext::getMain()->getUser();
+		$imgTitle = $img->getTitle();
+
+		if ( !$imgTitle || !$permissionManager->userCan( 'read', $user, $imgTitle ) ) {
 			wfThumbError( 403, 'Access denied. You do not have permission to access ' .
 				'the source file.' );
 			return;