Incorrect parameters to FileBackend::streamFile() caused
Cache-Control:private and Vary:Cookie response headers to be omitted
when requesting a file in a path configured by $wgImgAuthUrlPathMap.
Typically this is used to deliver images generated by extensions.
CVE-2020-15005
Bug: T248947
Change-Id: I404d9462e4b35d3d832bfab21954ff87e46e3eb2
* (T206476) Call ob_start() before running tests.
* (T234450) Per-user concurrency in SpecialContributions can now be limited by
setting $wgPoolCounterConf['SpecialContributions'] appropriately.
+* (T248947) SECURITY: img_auth.php may leak private extension images into the
+ public cache.
== MediaWiki 1.31.7 ==
}
if ( $be->fileExists( [ 'src' => $filename ] ) ) {
wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." );
- $be->streamFile( [ 'src' => $filename ],
- [ 'Cache-Control: private', 'Vary: Cookie' ] );
+ $be->streamFile( [
+ 'src' => $filename,
+ 'headers' => [ 'Cache-Control: private', 'Vary: Cookie' ]
+ ] );
} else {
wfForbidden( 'img-auth-accessdenied', 'img-auth-nofile', $path );
}