00001 <?php
00002
00017 define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
00018 require_once( dirname( __FILE__ ) . '/includes/WebStart.php' );
00019 wfProfileIn( 'img_auth.php' );
00020 require_once( dirname( __FILE__ ) . '/includes/StreamFile.php' );
00021
00022 $perms = User::getGroupPermissions( array( '*' ) );
00023 if ( in_array( 'read', $perms, true ) ) {
00024 wfDebugLog( 'img_auth', 'Public wiki' );
00025 wfPublicError();
00026 }
00027
00028
00029 if( !isset( $_SERVER['PATH_INFO'] ) ) {
00030 wfDebugLog( 'img_auth', 'Missing PATH_INFO' );
00031 wfForbidden();
00032 }
00033
00034 $path = $_SERVER['PATH_INFO'];
00035 $filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
00036 $realUpload = realpath( $wgUploadDirectory );
00037 wfDebugLog( 'img_auth', "\$path is {$path}" );
00038 wfDebugLog( 'img_auth', "\$filename is {$filename}" );
00039
00040
00041 if( substr( $filename, 0, strlen( $realUpload ) ) != $realUpload ) {
00042 wfDebugLog( 'img_auth', 'Requested path not in upload directory' );
00043 wfForbidden();
00044 }
00045
00046
00047
00048 $name = wfBaseName( $path );
00049 if( preg_match( '!\d+px-(.*)!i', $name, $m ) )
00050 $name = $m[1];
00051 wfDebugLog( 'img_auth', "\$name is {$name}" );
00052
00053 $title = Title::makeTitleSafe( NS_FILE, $name );
00054 if( !$title instanceof Title ) {
00055 wfDebugLog( 'img_auth', "Unable to construct a valid Title from `{$name}`" );
00056 wfForbidden();
00057 }
00058 $title = $title->getPrefixedText();
00059
00060
00061 if( !$wgUser->getId() && ( !is_array( $wgWhitelistRead ) || !in_array( $title, $wgWhitelistRead ) ) ) {
00062 wfDebugLog( 'img_auth', "Not logged in and `{$title}` not in whitelist." );
00063 wfForbidden();
00064 }
00065
00066 if( !file_exists( $filename ) ) {
00067 wfDebugLog( 'img_auth', "`{$filename}` does not exist" );
00068 wfForbidden();
00069 }
00070 if( is_dir( $filename ) ) {
00071 wfDebugLog( 'img_auth', "`{$filename}` is a directory" );
00072 wfForbidden();
00073 }
00074
00075
00076 wfDebugLog( 'img_auth', "Streaming `{$filename}`" );
00077 wfStreamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
00078 wfLogProfilingData();
00079
00084 function wfForbidden() {
00085 header( 'HTTP/1.0 403 Forbidden' );
00086 header( 'Vary: Cookie' );
00087 header( 'Content-Type: text/html; charset=utf-8' );
00088 echo <<<ENDS
00089 <html>
00090 <body>
00091 <h1>Access Denied</h1>
00092 <p>You need to log in to access files on this server.</p>
00093 </body>
00094 </html>
00095 ENDS;
00096 wfLogProfilingData();
00097 exit();
00098 }
00099
00103 function wfPublicError() {
00104 header( 'HTTP/1.0 403 Forbidden' );
00105 header( 'Content-Type: text/html; charset=utf-8' );
00106 echo <<<ENDS
00107 <html>
00108 <body>
00109 <h1>Access Denied</h1>
00110 <p>The function of img_auth.php is to output files from a private wiki. This wiki
00111 is configured as a public wiki. For optimal security, img_auth.php is disabled in
00112 this case.
00113 </p>
00114 </body>
00115 </html>
00116 ENDS;
00117 wfLogProfilingData();
00118 exit;
00119 }
00120