Follow-up r65652: Do not double-slash the path if it came from PATH_INFO

author Bryan Tong Minh <btongminh@users.mediawiki.org>

Sun, 12 Dec 2010 15:50:25 +0000 (15:50 +0000)

committer Bryan Tong Minh <btongminh@users.mediawiki.org>

Sun, 12 Dec 2010 15:50:25 +0000 (15:50 +0000)
author Bryan Tong Minh <btongminh@users.mediawiki.org>
Sun, 12 Dec 2010 15:50:25 +0000 (15:50 +0000)
committer Bryan Tong Minh <btongminh@users.mediawiki.org>
Sun, 12 Dec 2010 15:50:25 +0000 (15:50 +0000)
diff --git a/img_auth.php b/img_auth.php

index b99773b..c2541f6 100644 (file)
--- a/img_auth.php
+++ b/img_auth.php
@@ -43,11 +43,12 @@ if( !isset( $_SERVER['PATH_INFO'] ) ) {
         if( !$path ) {
          wfForbidden( 'img-auth-accessdenied', 'img-auth-nopathinfo' );
         }
+       $path = "/$path";
  } else {
         $path = $_SERVER['PATH_INFO'];
  }
  
-$filename = realpath( $wgUploadDirectory . '/' . $path );
+$filename = realpath( $wgUploadDirectory . $path );
  $realUpload = realpath( $wgUploadDirectory );
  
  // Basic directory traversal check
author	Bryan Tong Minh <btongminh@users.mediawiki.org>
	Sun, 12 Dec 2010 15:50:25 +0000 (15:50 +0000)
committer	Bryan Tong Minh <btongminh@users.mediawiki.org>
	Sun, 12 Dec 2010 15:50:25 +0000 (15:50 +0000)