REL1_33/php/img__auth_8php_source.html

<?php

define( 'MW_NO_OUTPUT_COMPRESSION', 1 );

require __DIR__ . '/includes/WebStart.php';


# Set action base paths so that WebRequest::getPathInfo()

# recognizes the "X" as the 'title' in ../img_auth.php/X urls.

$wgArticlePath = false; # Don't let a "/*" article path clober our action path

$wgActionPaths = [ "$wgUploadPath/" ];


wfImageAuthMain();


$mediawiki = new MediaWiki();

$mediawiki->doPostOutputShutdown( 'fast' );


function wfImageAuthMain() {

    global $wgImgAuthUrlPathMap;


    $request = RequestContext::getMain()->getRequest();

    $publicWiki = in_array( 'read', User::getGroupPermissions( [ '*' ] ), true );


    // Get the requested file path (source file or thumbnail)

    $matches = WebRequest::getPathInfo();

    if ( !isset( $matches['title'] ) ) {

        wfForbidden( 'img-auth-accessdenied', 'img-auth-nopathinfo' );

        return;

    }

    $path = $matches['title'];

    if ( $path && $path[0] !== '/' ) {

        // Make sure $path has a leading /

        $path = "/" . $path;

    }


    // Check for T30235: QUERY_STRING overriding the correct extension

    $whitelist = [];

    $extension = FileBackend::extensionFromPath( $path, 'rawcase' );

    if ( $extension != '' ) {

        $whitelist[] = $extension;

    }

    if ( !$request->checkUrlExtension( $whitelist ) ) {

        return;

    }


    // Various extensions may have their own backends that need access.

    // Check if there is a special backend and storage base path for this file.

    foreach ( $wgImgAuthUrlPathMap as $prefix => $storageDir ) {

        $prefix = rtrim( $prefix, '/' ) . '/'; // implicit trailing slash

        if ( strpos( $path, $prefix ) === 0 ) {

            $be = FileBackendGroup::singleton()->backendFromPath( $storageDir );

            $filename = $storageDir . substr( $path, strlen( $prefix ) ); // strip prefix

            // Check basic user authorization

            if ( !RequestContext::getMain()->getUser()->isAllowed( 'read' ) ) {

                wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $path );

                return;

            }

            if ( $be->fileExists( [ 'src' => $filename ] ) ) {

                wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." );

                $be->streamFile( [

                    'src' => $filename,

                    'headers' => [ 'Cache-Control: private', 'Vary: Cookie' ]

                ] );

            } else {

                wfForbidden( 'img-auth-accessdenied', 'img-auth-nofile', $path );

            }

            return;

        }

    }


    // Get the local file repository

    $repo = RepoGroup::singleton()->getRepo( 'local' );

    $zone = strstr( ltrim( $path, '/' ), '/', true );


    // Get the full file storage path and extract the source file name.

    // (e.g. 120px-Foo.png => Foo.png or page2-120px-Foo.png => Foo.png).

    // This only applies to thumbnails/transcoded, and each of them should

    // be under a folder that has the source file name.

    if ( $zone === 'thumb' || $zone === 'transcoded' ) {

        $name = wfBaseName( dirname( $path ) );

        $filename = $repo->getZonePath( $zone ) . substr( $path, strlen( "/" . $zone ) );

        // Check to see if the file exists

        if ( !$repo->fileExists( $filename ) ) {

            wfForbidden( 'img-auth-accessdenied', 'img-auth-nofile', $filename );

            return;

        }

    } else {

        $name = wfBaseName( $path ); // file is a source file

        $filename = $repo->getZonePath( 'public' ) . $path;

        // Check to see if the file exists and is not deleted

        $bits = explode( '!', $name, 2 );

        if ( substr( $path, 0, 9 ) === '/archive/' && count( $bits ) == 2 ) {

            $file = $repo->newFromArchiveName( $bits[1], $name );

        } else {

            $file = $repo->newFile( $name );

        }

        if ( !$file->exists() || $file->isDeleted( File::DELETED_FILE ) ) {

            wfForbidden( 'img-auth-accessdenied', 'img-auth-nofile', $filename );

            return;

        }

    }


    $headers = []; // extra HTTP headers to send


    $title = Title::makeTitleSafe( NS_FILE, $name );


    if ( !$publicWiki ) {

        // For private wikis, run extra auth checks and set cache control headers

        $headers['Cache-Control'] = 'private';

        $headers['Vary'] = 'Cookie';


        if ( !$title instanceof Title ) { // files have valid titles

            wfForbidden( 'img-auth-accessdenied', 'img-auth-badtitle', $name );

            return;

        }


        // Run hook for extension authorization plugins

        $result = null;

        if ( !Hooks::run( 'ImgAuthBeforeStream', [ &$title, &$path, &$name, &$result ] ) ) {

            wfForbidden( $result[0], $result[1], array_slice( $result, 2 ) );

            return;

        }


        // Check user authorization for this title

        // Checks Whitelist too

        if ( !$title->userCan( 'read' ) ) {

            wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $name );

            return;

        }

    }


    if ( isset( $_SERVER['HTTP_RANGE'] ) ) {

        $headers['Range'] = $_SERVER['HTTP_RANGE'];

    }

    if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {

        $headers['If-Modified-Since'] = $_SERVER['HTTP_IF_MODIFIED_SINCE'];

    }


    if ( $request->getCheck( 'download' ) ) {

        $headers['Content-Disposition'] = 'attachment';

    }


    // Allow modification of headers before streaming a file

    Hooks::run( 'ImgAuthModifyHeaders', [ $title->getTitleValue(), &$headers ] );


    // Stream the requested file

    list( $headers, $options ) = HTTPFileStreamer::preprocessHeaders( $headers );

    wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." );

    $repo->streamFile( $filename, $headers, $options );

}


function wfForbidden( $msg1, $msg2 ) {

    global $wgImgAuthDetails;


    $args = func_get_args();

    array_shift( $args );

    array_shift( $args );

    $args = ( isset( $args[0] ) && is_array( $args[0] ) ) ? $args[0] : $args;


    $msgHdr = wfMessage( $msg1 )->escaped();

    $detailMsgKey = $wgImgAuthDetails ? $msg2 : 'badaccess-group0';

    $detailMsg = wfMessage( $detailMsgKey, $args )->escaped();


    wfDebugLog( 'img_auth',

        "wfForbidden Hdr: " . wfMessage( $msg1 )->inLanguage( 'en' )->text() . " Msg: " .

            wfMessage( $msg2, $args )->inLanguage( 'en' )->text()

    );


    HttpStatus::header( 403 );

    header( 'Cache-Control: no-cache' );

    header( 'Content-Type: text/html; charset=utf-8' );

    echo <<<ENDS

<!DOCTYPE html>

<html>

<head>

<meta charset="UTF-8" />

<title>$msgHdr</title>

</head>

<body>

<h1>$msgHdr</h1>

<p>$detailMsg</p>

</body>

</html>

ENDS;

}


text
This list may contain false positives That usually means there is additional text with links below the first Each row contains links to the first and second as well as the first line of the second redirect text
Definition All_system_messages.txt:1267

Cookie
Definition Cookie.php:24

$wgArticlePath
$wgArticlePath
Definition img_auth.php:46

php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition injection.txt:37

Content
Base interface for content objects.
Definition Content.php:34

cache
you have access to all of the normal MediaWiki so you can get a DB use the cache
Definition maintenance.txt:55

title
title
Definition parserTests.txt:245