$headers = []; // HTTP headers to send
- $fileName = isset( $params['f'] ) ? $params['f'] : '';
+ $fileName = $params['f'] ?? '';
// Backwards compatibility parameters
if ( isset( $params['w'] ) ) {
// Check permissions if there are read restrictions
$varyHeader = [];
if ( !in_array( 'read', User::getGroupPermissions( [ '*' ] ), true ) ) {
- if ( !$img->getTitle() || !$img->getTitle()->userCan( 'read' ) ) {
+ $user = RequestContext::getMain()->getUser();
+ $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+ $imgTitle = $img->getTitle();
+
+ if ( !$imgTitle || !$permissionManager->userCan( 'read', $user, $imgTitle ) ) {
wfThumbError( 403, 'Access denied. You do not have permission to access ' .
'the source file.' );
return;
}
}
- $rel404 = isset( $params['rel404'] ) ? $params['rel404'] : null;
+ $rel404 = $params['rel404'] ?? null;
unset( $params['r'] ); // ignore 'r' because we unconditionally pass File::RENDER
unset( $params['f'] ); // We're done with 'f' parameter.
unset( $params['rel404'] ); // moved to $rel404
// For 404 handled thumbnails, we only use the base name of the URI
// for the thumb params and the parent directory for the source file name.
- // Check that the zone relative path matches up so squid caches won't pick
+ // Check that the zone relative path matches up so CDN caches won't pick
// up thumbs that would not be purged on source file deletion (T36231).
if ( $rel404 !== null ) { // thumbnail was handled via 404
if ( rawurldecode( $rel404 ) === $img->getThumbRel( $thumbName ) ) {
// Send request to proxied service
$status = $req->execute();
+ MediaWiki\HeaderCallback::warnIfHeadersSent();
+
// Simply serve the response from the proxied service as-is
header( 'HTTP/1.1 ' . $req->getStatus() );
}
/** @noinspection PhpUnusedLocalVariableInspection */
- $done = true; // no PHP fatal occured
+ $done = true; // no PHP fatal occurred
if ( !$thumb || $thumb->isError() ) {
// Randomize TTL to reduce stampedes
*
* @param int $status
* @param string $msgHtml HTML
- * @param string $msgText Short error description, for internal logging. Defaults to $msgHtml.
+ * @param string|null $msgText Short error description, for internal logging. Defaults to $msgHtml.
* Only used for HTTP 500 errors.
* @param array $context Error context, for internal logging. Only used for HTTP 500 errors.
* @return void
function wfThumbError( $status, $msgHtml, $msgText = null, $context = [] ) {
global $wgShowHostnames;
+ MediaWiki\HeaderCallback::warnIfHeadersSent();
+
header( 'Cache-Control: no-cache' );
header( 'Content-Type: text/html; charset=utf-8' );
if ( $status == 400 || $status == 404 || $status == 429 ) {
if ( $wgShowHostnames ) {
header( 'X-MW-Thumbnail-Renderer: ' . wfHostname() );
$url = htmlspecialchars(
- isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '',
+ $_SERVER['REQUEST_URI'] ?? '',
ENT_NOQUOTES
);
$hostname = htmlspecialchars( wfHostname(), ENT_NOQUOTES );