X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=img_auth.php;h=1434125af991df0cdff797465ca37c894796b923;hp=ca69d31d53e80b18d600b2125cf830f9a3282723;hb=e73328601d51674e8fef89c3db12b30ceafd702f;hpb=695d7c28fe7036e9988ce92908185ebc41238296

diff --git a/img_auth.php b/img_auth.php
index ca69d31d53..1434125af9 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -79,6 +79,8 @@ function wfImageAuthMain() {
 		return;
 	}
 
+	$user = RequestContext::getMain()->getUser();
+
 	// Various extensions may have their own backends that need access.
 	// Check if there is a special backend and storage base path for this file.
 	foreach ( $wgImgAuthUrlPathMap as $prefix => $storageDir ) {
@@ -87,7 +89,7 @@ function wfImageAuthMain() {
 			$be = FileBackendGroup::singleton()->backendFromPath( $storageDir );
 			$filename = $storageDir . substr( $path, strlen( $prefix ) ); // strip prefix
 			// Check basic user authorization
-			if ( !RequestContext::getMain()->getUser()->isAllowed( 'read' ) ) {
+			if ( !$user->isAllowed( 'read' ) ) {
 				wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $path );
 				return;
 			}
@@ -148,7 +150,7 @@ function wfImageAuthMain() {
 		}
 
 		// Run hook for extension authorization plugins
-		/** @var $result array */
+		/** @var array $result */
 		$result = null;
 		if ( !Hooks::run( 'ImgAuthBeforeStream', [ &$title, &$path, &$name, &$result ] ) ) {
 			wfForbidden( $result[0], $result[1], array_slice( $result, 2 ) );
@@ -157,7 +159,9 @@ function wfImageAuthMain() {
 
 		// Check user authorization for this title
 		// Checks Whitelist too
-		if ( !$title->userCan( 'read' ) ) {
+		$permissionManager = \MediaWiki\MediaWikiServices::getInstance()->getPermissionManager();
+
+		if ( !$permissionManager->userCan( 'read', $user, $title ) ) {
 			wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $name );
 			return;
 		}
@@ -177,7 +181,7 @@ function wfImageAuthMain() {
 
 	// Stream the requested file
 	wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." );
-	$repo->streamFile( $filename, $headers, $options );
+	$repo->streamFileWithStatus( $filename, $headers, $options );
 }
 
 /**
@@ -186,13 +190,12 @@ function wfImageAuthMain() {
  * subsequent arguments to $msg2 will be passed as parameters only for replacing in $msg2
  * @param string $msg1
  * @param string $msg2
+ * @param mixed ...$args To pass as params to wfMessage() with $msg2. Either variadic, or a single
+ *   array argument.
  */
-function wfForbidden( $msg1, $msg2 ) {
+function wfForbidden( $msg1, $msg2, ...$args ) {
 	global $wgImgAuthDetails;
 
-	$args = func_get_args();
-	array_shift( $args );
-	array_shift( $args );
 	$args = ( isset( $args[0] ) && is_array( $args[0] ) ) ? $args[0] : $args;
 
 	$msgHdr = wfMessage( $msg1 )->escaped();