From 2e3023a464f51ea892e0ff70439c9aaec3bab1d3 Mon Sep 17 00:00:00 2001 From: Tim Starling Date: Mon, 8 Mar 2010 22:39:14 +0000 Subject: [PATCH] Fix data leakage from thumb.php for wikis where access to images is restricted (e.g. using img_auth.php). For backport to 1.15. --- thumb.php | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/thumb.php b/thumb.php index b973cc654b..6e04f4aa3c 100644 --- a/thumb.php +++ b/thumb.php @@ -20,6 +20,9 @@ wfLogProfilingData(); function wfThumbMain() { wfProfileIn( __METHOD__ ); + + $headers = array(); + // Get input parameters if ( get_magic_quotes_gpc() ) { $params = array_map( 'stripslashes', $_REQUEST ); @@ -65,6 +68,17 @@ function wfThumbMain() { $img = wfLocalFile( $fileName ); } + // Check permissions if there are read restrictions + if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) { + if ( !$img->getTitle()->userCanRead() ) { + wfThumbError( 403, 'Access denied. You do not have permission to access ' . + 'the source file.' ); + return; + } + $headers[] = 'Cache-Control: private'; + $headers[] = 'Vary: Cookie'; + } + if ( !$img ) { wfThumbError( 404, wfMsg( 'badtitletext' ) ); return; @@ -101,7 +115,7 @@ function wfThumbMain() { $thumbPath = $img->getThumbPath( $thumbName ); if ( is_file( $thumbPath ) ) { - wfStreamFile( $thumbPath ); + wfStreamFile( $thumbPath, $headers ); return; } } @@ -128,7 +142,7 @@ function wfThumbMain() { $errorMsg = wfMsgHtml( 'thumbnail_error', 'Image was not scaled, ' . 'is the requested width bigger than the source?' ); } else { - wfStreamFile( $thumb->getPath() ); + wfStreamFile( $thumb->getPath(), $headers ); } if ( $errorMsg !== false ) { wfThumbError( 500, $errorMsg ); @@ -143,6 +157,9 @@ function wfThumbError( $status, $msg ) { header( 'Content-Type: text/html; charset=utf-8' ); if ( $status == 404 ) { header( 'HTTP/1.1 404 Not found' ); + } elseif ( $status == 403 ) { + header( 'HTTP/1.1 403 Forbidden' ); + header( 'Vary: Cookie' ); } else { header( 'HTTP/1.1 500 Internal server error' ); } -- 2.20.1