(bug 18394) img_auth.php now respects userCan

author Chad Horohoe <demon@users.mediawiki.org>

Fri, 3 Jul 2009 20:06:01 +0000 (20:06 +0000)

committer Chad Horohoe <demon@users.mediawiki.org>

Fri, 3 Jul 2009 20:06:01 +0000 (20:06 +0000)
author Chad Horohoe <demon@users.mediawiki.org>
Fri, 3 Jul 2009 20:06:01 +0000 (20:06 +0000)
committer Chad Horohoe <demon@users.mediawiki.org>
Fri, 3 Jul 2009 20:06:01 +0000 (20:06 +0000)
diff --git a/RELEASE-NOTES b/RELEASE-NOTES

index 19b6c4e..6f2073a 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -223,6 +223,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
  * (bug 11242) Check for MySQL storage engines during installation now checks
    whether the engines are actually available
  * (bug 19390) Omit the "printable version" link on the printable version
+* (bug 18394) img_auth.php now respects userCan
  
  == API changes in 1.16 ==
  
diff --git a/img_auth.php b/img_auth.php

index e5d8d88..cd8ec43 100644 (file)
--- a/img_auth.php
+++ b/img_auth.php
@@ -55,6 +55,10 @@ if( !$title instanceof Title ) {
         wfDebugLog( 'img_auth', "Unable to construct a valid Title from `{$name}`" );
         wfForbidden();
  }
+if( !$title->userCanRead() ) {
+       wfDebugLog( 'img_auth', "User does not have access to read `{$name}`" );
+       wfForbidden();
+}
  $title = $title->getPrefixedText();
  
  // Check the whitelist if needed
author	Chad Horohoe <demon@users.mediawiki.org>
	Fri, 3 Jul 2009 20:06:01 +0000 (20:06 +0000)
committer	Chad Horohoe <demon@users.mediawiki.org>
	Fri, 3 Jul 2009 20:06:01 +0000 (20:06 +0000)
RELEASE-NOTES		patch \| blob \| history
img_auth.php		patch \| blob \| history