Page MenuHomePhabricator

r89628 breaks img_auth.php
Closed, ResolvedPublic


Try to get the image [[Datei:File.jpg|thumb|300px]] through img_auth.php: http://localhost/mediawiki-1.17/img_auth.php/thumb/4/42/File.jpg/300px-File.jpg

r89627 works.

r89628 doesn't work:
<h1>Forbidden</h1><p>Invalid file extension found in the path info or query string.</p>

$wgScriptPath = "/mediawiki-1.17";
$wgUploadPath = "$wgScriptPath/img_auth.php";

Version: 1.17.x
Severity: normal



Event Timeline

bzimport raised the priority of this task from to High.Nov 21 2014, 11:30 PM
bzimport set Reference to bz29531.
  • This bug has been marked as a duplicate of bug 28840 ***

Can you please add the following at the top of img_auth.php:

var_dump( $_SERVER );

And then request that same failing URL and paste the output into a comment?

Output with var_dump( $_SERVER ); in img_auth.php

The requested file is in /apps/www/images/thumb/4/42/File.jpg/300px-File.jpg

$wgUploadDirectory = "/apps/www/images";

May be img_auth.php tries to access the wrong path /srv/www/htdocs/thumb/4/42/File.jpg/300px-File.jpg from PATH_TRANSLATED.

Before r89628 the same configuration worked correctly.


Try changing the strpos() in img_auth.php to strrpos(). Here's a patch file for it if you prefer:

Index: img_auth.php

  • img_auth.php (revision 90644)

+++ img_auth.php (working copy)
@@ -46,7 +46,7 @@
$path = $matches['title'];

// Check for bug 28235: QUERY_STRING overriding the correct extension
-$dotPos = strpos( $path, '.' );
+$dotPos = strrpos( $path, '.' );
$whitelist = array();
if ( $dotPos !== false ) {

	$whitelist[] = substr( $path, $dotPos + 1 );

(In reply to comment #4)

Try changing the strpos() in img_auth.php to strrpos().

Yes. With strrpos() it works again.

Gilles raised the priority of this task from High to Unbreak Now!.Dec 4 2014, 10:21 AM
Gilles moved this task from Untriaged to Done on the Multimedia board.
Gilles lowered the priority of this task from Unbreak Now! to High.Dec 4 2014, 11:23 AM