allow img_auth.php to use path= in place of PATH_INFO, so it can be used in CGI mode...

author Daniel Kinzler <daniel@users.mediawiki.org>

Thu, 29 Apr 2010 10:32:18 +0000 (10:32 +0000)

committer Daniel Kinzler <daniel@users.mediawiki.org>

Thu, 29 Apr 2010 10:32:18 +0000 (10:32 +0000)
author Daniel Kinzler <daniel@users.mediawiki.org>
Thu, 29 Apr 2010 10:32:18 +0000 (10:32 +0000)
committer Daniel Kinzler <daniel@users.mediawiki.org>
Thu, 29 Apr 2010 10:32:18 +0000 (10:32 +0000)
diff --git a/img_auth.php b/img_auth.php

index bc4464d..e8ad6b9 100644 (file)
--- a/img_auth.php
+++ b/img_auth.php
@@ -38,11 +38,14 @@ if ( $wgImgAuthPublicTest
  }
  
  // Extract path and image information
-if( !isset( $_SERVER['PATH_INFO'] ) )
-       wfForbidden('img-auth-accessdenied','img-auth-nopathinfo');
+if( !isset( $_SERVER['PATH_INFO'] ) ) {
+        if( isset( $_GET['path'] ) ) $path = $_GET['path'];
+        else wfForbidden('img-auth-accessdenied','img-auth-nopathinfo');
+} else {
+        $path = $_SERVER['PATH_INFO'];
+}
  
-$path = $_SERVER['PATH_INFO'];
-$filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
+$filename = realpath( $wgUploadDirectory . '/' . $path );
  $realUpload = realpath( $wgUploadDirectory );
  
  // Basic directory traversal check
author	Daniel Kinzler <daniel@users.mediawiki.org>
	Thu, 29 Apr 2010 10:32:18 +0000 (10:32 +0000)
committer	Daniel Kinzler <daniel@users.mediawiki.org>
	Thu, 29 Apr 2010 10:32:18 +0000 (10:32 +0000)