Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F3855
img_auth.patch
Public
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
•
bzimport
Nov 21 2014, 9:39 PM
2014-11-21 21:39:50 (UTC+0)
Size
3 KB
Referenced Files
None
Subscribers
None
img_auth.patch
View Options
Index: img_auth.php
===================================================================
--- img_auth.php (revision 22115)
+++ img_auth.php (working copy)
@@ -9,7 +9,7 @@
*/
define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
require_once( './includes/WebStart.php' );
-wfProfileIn( 'img_auth.php' );
+wfProfileIn( 'img_authNS.php' );
require_once( './includes/StreamFile.php' );
if( !isset( $_SERVER['PATH_INFO'] ) ) {
@@ -18,30 +18,67 @@
}
# Get filenames/directories
-wfDebugLog( 'img_auth', "PATH_INFO is: " . $_SERVER['PATH_INFO'] );
+wfDebugLog( 'img_authNS', "PATH_INFO is: " . $_SERVER['PATH_INFO'] );
$filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
$realUploadDirectory = realpath( $wgUploadDirectory );
-$imageName = $wgContLang->getNsText( NS_IMAGE ) . ":" . wfBaseName( $_SERVER['PATH_INFO'] );
+# $imageName = $wgContLang->getNsText( NS_IMAGE ) . ":" . wfBaseName( $_SERVER['PATH_INFO'] );
+
+## Added for Namespace detection
+$nsbase = "";
+$subdirs = explode('/',$_SERVER['PATH_INFO']);
+
+if (strlen($subdirs[1]) == 3 && is_numeric($subdirs[1]) ) {
+## this sucks but wgContLang->getNsText( $subdirs[1] ) doesn't work!
+ $nst = $wgCanonicalNamespaceNames[$subdirs[1]];
+##
+ if ($nst) {
+ $nsbase = $nst.":";
+ wfDebugLog( 'img_authNS', "Found ns: $nsbase." );
+ }
+}else {
+ $nst = false;
+}
+$imageName = $wgContLang->getNsText( NS_IMAGE ) . ":" . $nsbase . wfBaseName( $_SERVER['PATH_INFO'] );
+##
+
# Check if the filename is in the correct directory
if ( substr( $filename, 0, strlen( $realUploadDirectory ) ) != $realUploadDirectory ) {
- wfDebugLog( 'img_auth', "requested path not in upload dir: $filename" );
+ wfDebugLog( 'img_authNS', "requested path not in upload dir: $filename" );
wfForbidden();
}
if ( is_array( $wgWhitelistRead ) && !in_array( $imageName, $wgWhitelistRead ) && !$wgUser->getID() ) {
- wfDebugLog( 'img_auth', "not logged in and requested file not in whitelist: $imageName" );
+ wfDebugLog( 'img_authNS', "not logged in and requested file not in whitelist: $imageName" );
wfForbidden();
}
if( !file_exists( $filename ) ) {
- wfDebugLog( 'img_auth', "requested file does not exist: $filename" );
+ wfDebugLog( 'img_authNS', "requested file does not exist: $filename" );
wfForbidden();
}
if( is_dir( $filename ) ) {
- wfDebugLog( 'img_auth', "requested file is a directory: $filename" );
+ wfDebugLog( 'img_authNS', "requested file is a directory: $filename" );
wfForbidden();
}
+## Check to see if NS is locked for read and if so, does the user have rights
+wfDebugLog( 'img_authNS', "nst: $nst" );
+if ($nst){
+ $groups = @$wgNamespacePermissionLockdown[$subdirs[1]]['read'];
+ wfDebugLog( 'img_authNS', "nst: $nst" );
+ wfDebugLog( 'img_authNS', "Matched: ".print_r($groups,True) );
+ if (!$groups) $groups = @$wgNamespacePermissionLockdown['*']['read'];
+ if (!$groups) $groups = @$wgNamespacePermissionLockdown[$subdirs[1]]['*'];
+ if ($groups){
+ wfDebugLog( 'img_authNS', "Matched: ".print_r($groups,True) );
+ $ugroups = $wgUser->getEffectiveGroups();
+ $match = array_intersect($ugroups, $groups);
+ if (!$match) {
+ wfForbidden();
+ }
+ }
+}
+##
# Write file
wfDebugLog( 'img_auth', "streaming file: $filename" );
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3422
Default Alt Text
img_auth.patch (3 KB)
Attached To
Mode
T11887: Allow namespace and category designation for Images/files - and subsequent namespace/category-based functionality enhancement with images
Attached
Detach File
Event Timeline
Log In to Comment