00001 <?php
00002
00028 define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
00029 require_once( dirname( __FILE__ ) . '/includes/WebStart.php' );
00030 wfProfileIn( 'img_auth.php' );
00031 require_once( dirname( __FILE__ ) . '/includes/StreamFile.php' );
00032
00033
00034 if ( $wgImgAuthPublicTest
00035 && in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) )
00036 {
00037 wfForbidden('img-auth-accessdenied','img-auth-public');
00038 }
00039
00040
00041 if ( isset( $_SERVER['QUERY_STRING'] )
00042 && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
00043 {
00044 wfForbidden( 'img-auth-accessdenied', 'img-auth-bad-query-string' );
00045 }
00046
00047
00048 if( !isset( $_SERVER['PATH_INFO'] ) )
00049 wfForbidden('img-auth-accessdenied','img-auth-nopathinfo');
00050
00051 $path = $_SERVER['PATH_INFO'];
00052 $filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
00053 $realUpload = realpath( $wgUploadDirectory );
00054
00055
00056 if( substr( $filename, 0, strlen( $realUpload ) ) != $realUpload )
00057 wfForbidden('img-auth-accessdenied','img-auth-notindir');
00058
00059
00060
00061 $name = wfBaseName( $path );
00062 if( preg_match( '!\d+px-(.*)!i', $name, $m ) )
00063 $name = $m[1];
00064
00065
00066 if( !file_exists( $filename ) )
00067 wfForbidden('img-auth-accessdenied','img-auth-nofile',$filename);
00068
00069
00070 if( is_dir( $filename ) )
00071 wfForbidden('img-auth-accessdenied','img-auth-isdir',$filename);
00072
00073
00074 $title = Title::makeTitleSafe( NS_FILE, $name );
00075
00076
00077 if( !$title instanceof Title )
00078 wfForbidden('img-auth-accessdenied','img-auth-badtitle',$name);
00079
00080
00081 if (!wfRunHooks( 'ImgAuthBeforeStream', array( &$title, &$path, &$name, &$result ) ) )
00082 wfForbidden($result[0],$result[1],array_slice($result,2));
00083
00084
00085
00086 if( !$title->userCanRead() )
00087 wfForbidden('img-auth-accessdenied','img-auth-noread',$name);
00088
00089
00090 wfDebugLog( 'img_auth', "Streaming `".$filename."`." );
00091 wfStreamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
00092 wfLogProfilingData();
00093
00099 function wfForbidden($msg1,$msg2) {
00100 global $wgImgAuthDetails;
00101 $args = func_get_args();
00102 array_shift( $args );
00103 array_shift( $args );
00104 $MsgHdr = htmlspecialchars(wfMsg($msg1));
00105 $detailMsg = (htmlspecialchars(wfMsg(($wgImgAuthDetails ? $msg2 : 'badaccess-group0'),$args)));
00106 wfDebugLog('img_auth', "wfForbidden Hdr:".wfMsgExt( $msg1, array('language' => 'en'))." Msg: ".
00107 wfMsgExt($msg2,array('language' => 'en'),$args));
00108 header( 'HTTP/1.0 403 Forbidden' );
00109 header( 'Cache-Control: no-cache' );
00110 header( 'Content-Type: text/html; charset=utf-8' );
00111 echo <<<ENDS
00112 <html>
00113 <body>
00114 <h1>$MsgHdr</h1>
00115 <p>$detailMsg</p>
00116 </body>
00117 </html>
00118 ENDS;
00119 wfLogProfilingData();
00120 exit();
00121 }