Add a few @since to mediawiki.api

[lhc/web/wiklou.git] / img_auth.php

diff --git a/img_auth.php b/img_auth.php
index 2d2db9a..391fb29 100644 (file)
--- a/img_auth.php
+++ b/img_auth.php
@@ -2,7 +2,7 @@
 /**
  * Image authorisation script
  *
- * To use this, see http://www.mediawiki.org/wiki/Manual:Image_Authorization
+ * To use this, see https://www.mediawiki.org/wiki/Manual:Image_Authorization
  *
  * - Set $wgUploadDirectory to a non-public directory (not web accessible)
  * - Set $wgUploadPath to point to this file
@@ -92,12 +92,17 @@ function wfImageAuthMain() {
                if ( strpos( $path, $prefix ) === 0 ) {
                        $be = FileBackendGroup::singleton()->backendFromPath( $storageDir );
                        $filename = $storageDir . substr( $path, strlen( $prefix ) ); // strip prefix
+                       // Check basic user authorization
+                       if ( !RequestContext::getMain()->getUser()->isAllowed( 'read' ) ) {
+                               wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $path );
+                               return;
+                       }
                        if ( $be->fileExists( array( 'src' => $filename ) ) ) {
                                wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." );
                                $be->streamFile( array( 'src' => $filename ),
                                        array( 'Cache-Control: private', 'Vary: Cookie' ) );
                        } else {
-                               wfForbidden( 'img-auth-accessdenied', 'img-auth-nofile', $filename );
+                               wfForbidden( 'img-auth-accessdenied', 'img-auth-nofile', $path );
                        }
                        return;
                }