(Bug 60030) Use $content of the hook for toc hiding

[lhc/web/wiklou.git] / img_auth.php

diff --git a/img_auth.php b/img_auth.php
index eba81f3..72a7dab 100644 (file)
--- a/img_auth.php
+++ b/img_auth.php
@@ -40,7 +40,7 @@
  */
 
 define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
-require ( __DIR__ . '/includes/WebStart.php' );
+require __DIR__ . '/includes/WebStart.php';
 wfProfileIn( 'img_auth.php' );
 
 # Set action base paths so that WebRequest::getPathInfo()
@@ -52,7 +52,7 @@ wfImageAuthMain();
 wfLogProfilingData();
 
 function wfImageAuthMain() {
-       global $wgImgAuthPublicTest, $wgRequest;
+       global $wgImgAuthPublicTest, $wgImgAuthUrlPathMap, $wgRequest;
 
        // See if this is a public Wiki (no protections).
        if ( $wgImgAuthPublicTest
@@ -77,14 +77,37 @@ function wfImageAuthMain() {
 
        // Check for bug 28235: QUERY_STRING overriding the correct extension
        $whitelist = array();
-       $dotPos = strrpos( $path, '.' );
-       if ( $dotPos !== false ) {
-               $whitelist[] = substr( $path, $dotPos + 1 );
+       $extension = FileBackend::extensionFromPath( $path );
+       if ( $extension != '' ) {
+               $whitelist[] = $extension;
        }
        if ( !$wgRequest->checkUrlExtension( $whitelist ) ) {
                return;
        }
 
+       // Various extensions may have their own backends that need access.
+       // Check if there is a special backend and storage base path for this file.
+       foreach ( $wgImgAuthUrlPathMap as $prefix => $storageDir ) {
+               $prefix = rtrim( $prefix, '/' ) . '/'; // implicit trailing slash
+               if ( strpos( $path, $prefix ) === 0 ) {
+                       $be = FileBackendGroup::singleton()->backendFromPath( $storageDir );
+                       $filename = $storageDir . substr( $path, strlen( $prefix ) ); // strip prefix
+                       // Check basic user authorization
+                       if ( !RequestContext::getMain()->getUser()->isAllowed( 'read' ) ) {
+                               wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $path );
+                               return;
+                       }
+                       if ( $be->fileExists( array( 'src' => $filename ) ) ) {
+                               wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." );
+                               $be->streamFile( array( 'src' => $filename ),
+                                       array( 'Cache-Control: private', 'Vary: Cookie' ) );
+                       } else {
+                               wfForbidden( 'img-auth-accessdenied', 'img-auth-nofile', $path );
+                       }
+                       return;
+               }
+       }
+
        // Get the local file repository
        $repo = RepoGroup::singleton()->getRepo( 'local' );
 
@@ -145,6 +168,7 @@ function wfForbidden( $msg1, $msg2 ) {
        $args = func_get_args();
        array_shift( $args );
        array_shift( $args );
+       $args = ( isset( $args[0] ) && is_array( $args[0] ) ) ? $args[0] : $args;
 
        $msgHdr = wfMessage( $msg1 )->escaped();
        $detailMsgKey = $wgImgAuthDetails ? $msg2 : 'badaccess-group0';