X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=thumb.php;h=4e5c2134d3111e9bb092bc5e6c4783490651f112;hp=70329093c6b63570437298ef395c01b051c2de5d;hb=348a29f3e47c93df503946aff2ba74cc7bc0b951;hpb=8df18bbd1362002f821727bf5db4291c4d9a7b08

diff --git a/thumb.php b/thumb.php
index 70329093c6..4e5c2134d3 100644
--- a/thumb.php
+++ b/thumb.php
@@ -155,7 +155,11 @@ function wfStreamThumb( array $params ) {
 	// Check permissions if there are read restrictions
 	$varyHeader = [];
 	if ( !in_array( 'read', User::getGroupPermissions( [ '*' ] ), true ) ) {
-		if ( !$img->getTitle() || !$img->getTitle()->userCan( 'read' ) ) {
+		$user = RequestContext::getMain()->getUser();
+		$permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+		$imgTitle = $img->getTitle();
+
+		if ( !$imgTitle || !$permissionManager->userCan( 'read', $user, $imgTitle ) ) {
 			wfThumbError( 403, 'Access denied. You do not have permission to access ' .
 				'the source file.' );
 			return;
@@ -272,7 +276,7 @@ function wfStreamThumb( array $params ) {
 
 	// For 404 handled thumbnails, we only use the base name of the URI
 	// for the thumb params and the parent directory for the source file name.
-	// Check that the zone relative path matches up so squid caches won't pick
+	// Check that the zone relative path matches up so CDN caches won't pick
 	// up thumbs that would not be purged on source file deletion (T36231).
 	if ( $rel404 !== null ) { // thumbnail was handled via 404
 		if ( rawurldecode( $rel404 ) === $img->getThumbRel( $thumbName ) ) {
@@ -409,6 +413,8 @@ function wfProxyThumbnailRequest( $img, $thumbName ) {
 	// Send request to proxied service
 	$status = $req->execute();
 
+	MediaWiki\HeaderCallback::warnIfHeadersSent();
+
 	// Simply serve the response from the proxied service as-is
 	header( 'HTTP/1.1 ' . $req->getStatus() );
 
@@ -634,6 +640,8 @@ function wfThumbErrorText( $status, $msgText ) {
 function wfThumbError( $status, $msgHtml, $msgText = null, $context = [] ) {
 	global $wgShowHostnames;
 
+	MediaWiki\HeaderCallback::warnIfHeadersSent();
+
 	header( 'Cache-Control: no-cache' );
 	header( 'Content-Type: text/html; charset=utf-8' );
 	if ( $status == 400 || $status == 404 || $status == 429 ) {