X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=thumb.php;h=bfaf9a02d087f268eab042695ddaf34290538237;hb=0e675650aed26a742a9c2173d9469647a9f42bcc;hp=cf7c2d67fa8d6c4f03f277eb2d03c09801e90662;hpb=3e7cdbf63a6c4d2b852216c5780d7668c07cad84;p=lhc%2Fweb%2Fwiklou.git

diff --git a/thumb.php b/thumb.php
index cf7c2d67fa..bfaf9a02d0 100644
--- a/thumb.php
+++ b/thumb.php
@@ -36,6 +36,10 @@ if ( defined( 'THUMB_HANDLER' ) ) {
 }
 
 wfLogProfilingData();
+// Commit and close up!
+$factory = wfGetLBFactory();
+$factory->commitMasterChanges();
+$factory->shutdown();
 
 //--------------------------------------------------------------------------
 
@@ -159,6 +163,12 @@ function wfStreamThumb( array $params ) {
 		return;
 	}
 
+	// Check if the file is hidden
+	if ( $img->isDeleted( File::DELETED_FILE ) ) {
+		wfThumbError( 404, "The source file '$fileName' does not exist." );
+		return;
+	}
+
 	// Check permissions if there are read restrictions
 	$varyHeader = array();
 	if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) {
@@ -243,8 +253,10 @@ function wfStreamThumb( array $params ) {
 		}
 	}
 
+	$rel404 = isset( $params['rel404'] ) ? $params['rel404'] : null;
 	unset( $params['r'] ); // ignore 'r' because we unconditionally pass File::RENDER
 	unset( $params['f'] ); // We're done with 'f' parameter.
+	unset( $params['rel404'] ); // moved to $rel404
 
 	// Get the normalized thumbnail name from the parameters...
 	try {
@@ -263,10 +275,10 @@ function wfStreamThumb( array $params ) {
 	// for the thumb params and the parent directory for the source file name.
 	// Check that the zone relative path matches up so squid caches won't pick
 	// up thumbs that would not be purged on source file deletion (bug 34231).
-	if ( isset( $params['rel404'] ) ) { // thumbnail was handled via 404
-		if ( rawurldecode( $params['rel404'] ) === $img->getThumbRel( $thumbName ) ) {
+	if ( $rel404 !== null ) { // thumbnail was handled via 404
+		if ( rawurldecode( $rel404 ) === $img->getThumbRel( $thumbName ) ) {
 			// Request for the canonical thumbnail name
-		} elseif ( rawurldecode( $params['rel404'] ) === $img->getThumbRel( $thumbName2 ) ) {
+		} elseif ( rawurldecode( $rel404 ) === $img->getThumbRel( $thumbName2 ) ) {
 			// Request for the "long" thumbnail name; redirect to canonical name
 			$response = RequestContext::getMain()->getRequest()->response();
 			$response->header( "HTTP/1.1 301 " . HttpStatus::getMessage( 301 ) );
@@ -284,7 +296,7 @@ function wfStreamThumb( array $params ) {
 		} else {
 			wfThumbError( 404, "The given path of the specified thumbnail is incorrect;
 				expected '" . $img->getThumbRel( $thumbName ) . "' but got '" .
-				rawurldecode( $params['rel404'] ) . "'." );
+				rawurldecode( $rel404 ) . "'." );
 			return;
 		}
 	}
@@ -306,11 +318,14 @@ function wfStreamThumb( array $params ) {
 	}
 
 	$user = RequestContext::getMain()->getUser();
-	if ( $user->pingLimiter( 'renderfile' ) ) {
+	if ( !wfThumbIsStandard( $img, $params ) && $user->pingLimiter( 'renderfile-nonstandard' ) ) {
 		wfThumbError( 500, wfMessage( 'actionthrottledtext' ) );
 		return;
-	} elseif ( wfThumbIsAttemptThrottled( $img, $thumbName, 5 ) ) {
-		wfThumbError( 500, wfMessage( 'thumbnail_image-failure-limit', 5 ) );
+	} elseif ( $user->pingLimiter( 'renderfile' ) ) {
+		wfThumbError( 500, wfMessage( 'actionthrottledtext' ) );
+		return;
+	} elseif ( wfThumbIsAttemptThrottled( $img, $thumbName, 4 ) ) {
+		wfThumbError( 500, wfMessage( 'thumbnail_image-failure-limit', 4 ) );
 		return;
 	}
 
@@ -352,6 +367,37 @@ function wfStreamThumb( array $params ) {
 	}
 }
 
+/**
+ * Returns true if this thumbnail is one that MediaWiki generates
+ * links to on file description pages and possibly parser output.
+ *
+ * $params is considered non-standard if they involve a non-standard
+ * width or any parameter aside from width and page number. The number
+ * of possible files with standard parameters is far less than that of all
+ * possible combinations; rate-limiting for them can thus be more generious.
+ *
+ * @param File $img
+ * @param array $params
+ * @return bool
+ */
+function wfThumbIsStandard( File $img, array $params ) {
+	global $wgThumbLimits, $wgImageLimits;
+	// @TODO: use polymorphism with media handler here
+	if ( array_diff( array_keys( $params ), array( 'width', 'page' ) ) ) {
+		return false; // extra parameters present
+	}
+	if ( isset( $params['width'] ) ) {
+		$widths = $wgThumbLimits;
+		foreach ( $wgImageLimits as $pair ) {
+			$widths[] = $pair[0];
+		}
+		if ( !in_array( $params['width'], $widths ) ) {
+			return false;
+		}
+	}
+	return true;
+}
+
 /**
  * @param File $img
  * @param string $thumbName