47 define(
'MW_NO_OUTPUT_COMPRESSION', 1 );
48 define(
'MW_ENTRY_POINT',
'img_auth' );
49 require __DIR__ .
'/includes/WebStart.php';
60 $permissionManager = $services->getPermissionManager();
63 $publicWiki = $services->getGroupPermissionsLookup()->groupHasPermission(
'*',
'read' );
66 $baseUrl = $services->getRepoGroup()->getLocalRepo()->getZoneUrl(
'public' );
67 if ( $baseUrl[0] ===
'/' ) {
70 $basePath = parse_url( $baseUrl, PHP_URL_PATH );
72 $path = WebRequest::getRequestPathSuffix( $basePath );
74 if (
$path ===
false ) {
77 $path = WebRequest::getRequestPathSuffix( $basePath );
80 if (
$path ===
false ) {
81 wfForbidden(
'img-auth-accessdenied',
'img-auth-notindir' );
95 $prefix = rtrim( $prefix,
'/' ) .
'/';
96 if ( strpos(
$path, $prefix ) === 0 ) {
97 $be = $services->getFileBackendGroup()->backendFromPath( $storageDir );
98 $filename = $storageDir . substr(
$path, strlen( $prefix ) );
100 $isAllowedUser = $permissionManager->userHasRight( $user,
'read' );
101 if ( !$isAllowedUser ) {
105 if ( $be->fileExists( [
'src' => $filename ] ) ) {
106 wfDebugLog(
'img_auth',
"Streaming `" . $filename .
"`." );
109 'headers' => [
'Cache-Control: private',
'Vary: Cookie' ]
119 $repo = $services->getRepoGroup()->getRepo(
'local' );
120 $zone = strstr( ltrim(
$path,
'/' ),
'/',
true );
126 if ( $zone ===
'thumb' || $zone ===
'transcoded' ) {
128 $filename = $repo->getZonePath( $zone ) . substr(
$path, strlen(
"/" . $zone ) );
130 if ( !$repo->fileExists( $filename ) ) {
131 wfForbidden(
'img-auth-accessdenied',
'img-auth-nofile', $filename );
136 $filename = $repo->getZonePath(
'public' ) .
$path;
138 $bits = explode(
'!', $name, 2 );
139 if ( str_starts_with(
$path,
'/archive/' ) && count( $bits ) == 2 ) {
140 $file = $repo->newFromArchiveName( $bits[1], $name );
142 $file = $repo->newFile( $name );
145 wfForbidden(
'img-auth-accessdenied',
'img-auth-nofile', $filename );
152 $title = Title::makeTitleSafe(
NS_FILE, $name );
154 $hookRunner =
new HookRunner( $services->getHookContainer() );
155 if ( !$publicWiki ) {
157 $headers[
'Cache-Control'] =
'private';
158 $headers[
'Vary'] =
'Cookie';
160 if ( !$title instanceof
Title ) {
161 wfForbidden(
'img-auth-accessdenied',
'img-auth-badtitle', $name );
168 if ( !$hookRunner->onImgAuthBeforeStream( $title,
$path, $name, $result ) ) {
169 wfForbidden( $result[0], $result[1], array_slice( $result, 2 ) );
176 if ( !$permissionManager->userCan(
'read', $user, $title ) ) {
177 wfForbidden(
'img-auth-accessdenied',
'img-auth-noread', $name );
182 if ( isset( $_SERVER[
'HTTP_RANGE'] ) ) {
183 $headers[
'Range'] = $_SERVER[
'HTTP_RANGE'];
185 if ( isset( $_SERVER[
'HTTP_IF_MODIFIED_SINCE'] ) ) {
186 $headers[
'If-Modified-Since'] = $_SERVER[
'HTTP_IF_MODIFIED_SINCE'];
189 if ( $request->getCheck(
'download' ) ) {
190 $headers[
'Content-Disposition'] =
'attachment';
194 $hookRunner->onImgAuthModifyHeaders( $title->getTitleValue(), $headers );
198 wfDebugLog(
'img_auth',
"Streaming `" . $filename .
"`." );
199 $repo->streamFileWithStatus( $filename, $headers, $options );
214 $args = ( isset( $args[0] ) && is_array( $args[0] ) ) ? $args[0] : $args;
218 $detailMsg =
wfMessage( $detailMsgKey, $args )->text();
221 "wfForbidden Hdr: " .
wfMessage( $msg1 )->inLanguage(
'en' )->text() .
" Msg: " .
222 wfMessage( $msg2, $args )->inLanguage(
'en' )->text()
226 header(
'Cache-Control: no-cache' );
227 header(
'Content-Type: text/html; charset=utf-8' );
231 'detailMsg' => $detailMsg,
wfBaseName( $path, $suffix='')
Return the final portion of a pathname.
wfDebugLog( $logGroup, $text, $dest='all', array $context=[])
Send a line to a supplementary debug log file, if configured, or main debug log if not.
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
static preprocessHeaders( $headers)
Takes HTTP headers in a name => value format and converts them to the weird format expected by stream...
static header( $code)
Output an HTTP status code header.
static getMain()
Get the RequestContext object associated with the main request.
$wgImgAuthPath
Config variable stub for the ImgAuthPath setting, for use by phpdoc and IDEs.
$wgImgAuthDetails
Config variable stub for the ImgAuthDetails setting, for use by phpdoc and IDEs.
$wgImgAuthUrlPathMap
Config variable stub for the ImgAuthUrlPathMap setting, for use by phpdoc and IDEs.
$wgScriptPath
Config variable stub for the ScriptPath setting, for use by phpdoc and IDEs.
wfForbidden( $msg1, $msg2,... $args)
Issue a standard HTTP 403 Forbidden header ($msg1-a message index, not a message) and an error messag...
if(PHP_SAPI !='cli-server') if(!isset( $_SERVER['SCRIPT_FILENAME'])) $file
Item class for a filearchive table row.