X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=img_auth.php;h=f23de4f4703f71f63580735954eca7a728116b5b;hp=1434125af991df0cdff797465ca37c894796b923;hb=134e933e610b712089feab62736ddb2f88ea4f86;hpb=20d290b883bc79c975a852670a6ed10d8406896e

diff --git a/img_auth.php b/img_auth.php
index 1434125af9..f23de4f470 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -39,6 +39,7 @@
  */
 
 define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
+define( 'MW_ENTRY_POINT', 'img_auth' );
 require __DIR__ . '/includes/WebStart.php';
 
 # Set action base paths so that WebRequest::getPathInfo()
@@ -53,9 +54,10 @@ $mediawiki->doPostOutputShutdown( 'fast' );
 
 function wfImageAuthMain() {
 	global $wgImgAuthUrlPathMap;
+	$permissionManager = \MediaWiki\MediaWikiServices::getInstance()->getPermissionManager();
 
 	$request = RequestContext::getMain()->getRequest();
-	$publicWiki = in_array( 'read', User::getGroupPermissions( [ '*' ] ), true );
+	$publicWiki = in_array( 'read', $permissionManager->getGroupPermissions( [ '*' ] ), true );
 
 	// Get the requested file path (source file or thumbnail)
 	$matches = WebRequest::getPathInfo();
@@ -138,12 +140,13 @@ function wfImageAuthMain() {
 
 	$headers = []; // extra HTTP headers to send
 
+	$title = Title::makeTitleSafe( NS_FILE, $name );
+
 	if ( !$publicWiki ) {
 		// For private wikis, run extra auth checks and set cache control headers
-		$headers[] = 'Cache-Control: private';
-		$headers[] = 'Vary: Cookie';
+		$headers['Cache-Control'] = 'private';
+		$headers['Vary'] = 'Cookie';
 
-		$title = Title::makeTitleSafe( NS_FILE, $name );
 		if ( !$title instanceof Title ) { // files have valid titles
 			wfForbidden( 'img-auth-accessdenied', 'img-auth-badtitle', $name );
 			return;
@@ -159,7 +162,6 @@ function wfImageAuthMain() {
 
 		// Check user authorization for this title
 		// Checks Whitelist too
-		$permissionManager = \MediaWiki\MediaWikiServices::getInstance()->getPermissionManager();
 
 		if ( !$permissionManager->userCan( 'read', $user, $title ) ) {
 			wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $name );
@@ -167,19 +169,22 @@ function wfImageAuthMain() {
 		}
 	}
 
-	$options = []; // HTTP header options
 	if ( isset( $_SERVER['HTTP_RANGE'] ) ) {
-		$options['range'] = $_SERVER['HTTP_RANGE'];
+		$headers['Range'] = $_SERVER['HTTP_RANGE'];
 	}
 	if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
-		$options['if-modified-since'] = $_SERVER['HTTP_IF_MODIFIED_SINCE'];
+		$headers['If-Modified-Since'] = $_SERVER['HTTP_IF_MODIFIED_SINCE'];
 	}
 
 	if ( $request->getCheck( 'download' ) ) {
-		$headers[] = 'Content-Disposition: attachment';
+		$headers['Content-Disposition'] = 'attachment';
 	}
 
+	// Allow modification of headers before streaming a file
+	Hooks::run( 'ImgAuthModifyHeaders', [ $title->getTitleValue(), &$headers ] );
+
 	// Stream the requested file
+	list( $headers, $options ) = HTTPFileStreamer::preprocessHeaders( $headers );
 	wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." );
 	$repo->streamFileWithStatus( $filename, $headers, $options );
 }