* Fix for r81363: instead of giving a PHP notice when PATH_INFO is missing, show...

* Revert the change to the relevant message made in r102612: it is plain text, not wikitext, a format which does not support protocol-relative URLs.

diff --git a/img_auth.php b/img_auth.php
index 7f922c5..f0d100f 100644 (file)
--- a/img_auth.php
+++ b/img_auth.php
@@ -56,6 +56,10 @@ function wfImageAuthMain() {
 
        // Get the requested file path (source file or thumbnail)
        $matches = WebRequest::getPathInfo();
+       if ( !isset( $matches['title'] ) ) {
+               wfForbidden( 'img-auth-accessdenied', 'img-auth-nopathinfo' );
+               return;
+       }
        $path = $matches['title'];
        if ( $path && $path[0] !== '/' ) {
                // Make sure $path has a leading /

diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 7bb0317..dee5433 100644 (file)
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -2295,7 +2295,7 @@ It cannot be properly checked for security.',
 'img-auth-nopathinfo'       => 'Missing PATH_INFO.
 Your server is not set up to pass this information.
 It may be CGI-based and cannot support img_auth.
-[//www.mediawiki.org/wiki/Manual:Image_Authorization See image authorization.]',
+See http://www.mediawiki.org/wiki/Manual:Image_Authorization.',
 'img-auth-notindir'         => 'Requested path is not in the configured upload directory.',
 'img-auth-badtitle'         => 'Unable to construct a valid title from "$1".',
 'img-auth-nologinnWL'       => 'You are not logged in and "$1" is not in the whitelist.',