Page MenuHomePhabricator

Enable image_auth.php to handle point-of-entry use cases
Open, Needs TriagePublicFeature


MediaWiki provides "img_auth.php" for use in private wikis to protect uploaded files from being seen by unauthorized users. It does this well , however img_auth.php is not a valid point-of-entry for MediaWiki and as such, when users follow a link to a direct image (for example, from an email) img_auth.php blocks the request (as it should) but does not do anything to help remedy the situation (like a link to an article will route the user to a log-in screen and then, once logged-in, redirect them back to the page originally linked.

It would be ideal if Img_auth.php functioned as a valid point-of-entry, but if not, it would be nice if img_auth.php allowed sites to customize/internationalize the access denied response page (similar to the way apache allows admins to define custom 404 error pages that are tailored for the organization)

Thank you!

Event Timeline

Reedy renamed this task from Enable Image_Auth.php to handle point-of-entry use cases to Enable image_auth.php to handle point-of-entry use cases.Apr 8 2022, 3:46 PM
Reedy added a project: MediaWiki-General.

It seems that there could be a hook added to decide what to do.

Alternatively, add a config option that provides the option to redirect on permission error

Is there an example of the hook solution that I could review?