dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2e150e0) | patch
SECURITY: Fix accidental public CC headers in img_auth.php
authorTim Starling <tstarling@wikimedia.org>
Tue, 31 Mar 2020 06:02:49 +0000 (17:02 +1100)
committerReedy <reedy@wikimedia.org>
Wed, 24 Jun 2020 16:18:23 +0000 (17:18 +0100)
commitd5aeff51afd8a451c9185f0f754f86408185c876
treec7e97d22a7e36b3b0c18b6a0fdc57308fdd3fceetree | snapshot
parent2e150e00139b500db741c8fa7a0d7e453ccc25bdcommit | diff
SECURITY: Fix accidental public CC headers in img_auth.php

Incorrect parameters to FileBackend::streamFile() caused
Cache-Control:private and Vary:Cookie response headers to be omitted
when requesting a file in a path configured by $wgImgAuthUrlPathMap.
Typically this is used to deliver images generated by extensions.

CVE-2020-15005

Bug: T248947
Change-Id: I404d9462e4b35d3d832bfab21954ff87e46e3eb2
RELEASE-NOTES-1.31 diff | blob | history
img_auth.php diff | blob | history
Wiklou, le Wiki du Wiklou