<?php
-# Image download authorisation script
-# To use, in LocalSettings.php set $wgUploadDirectory to point to a non-public directory, and
-# $wgUploadPath to point to this file. Also set $wgWhitelistRead to an array of pages you want
-# everyone to be able to access. Your server must support PATH_INFO, CGI-based configurations
-# generally don't.
-
+/**
+ * Image download authorisation script
+ *
+ * To use, in LocalSettings.php set $wgUploadDirectory to point to a non-public
+ * directory, and $wgUploadPath to point to this file. Also set $wgWhitelistRead
+ * to an array of pages you want everyone to be able to access. Your server must
+ * support PATH_INFO, CGI-based configurations generally don't.
+ */
# Valid web server entry point, enable includes
-define( "MEDIAWIKI", true );
+define( 'MEDIAWIKI', true );
-require_once( "./LocalSettings.php" );
-require_once( "includes/Setup.php" );
+require_once( 'includes/Defines.php' );
+require_once( './LocalSettings.php' );
+require_once( 'includes/Setup.php' );
+
+if( !isset( $_SERVER['PATH_INFO'] ) ) {
+ wfForbidden();
+}
# Get filenames/directories
$filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
wfForbidden();
}
+if( !file_exists( $filename ) ) {
+ wfForbidden();
+}
+if( is_dir( $filename ) ) {
+ wfForbidden();
+}
+
# Write file
$type = wfGetType( $filename );
if ( $type ) {
- header("Content-type: $type");
+ header('Content-type: '.$type);
+} else {
+ header('Content-type: application/x-wiki');
}
readfile( $filename );
model/vrml wrl vrml
text/calendar ics ifb
text/css css
-text/html html htm
-text/plain asc txt
text/richtext rtx
text/rtf rtf
text/sgml sgml sgm
video/vnd.mpegurl mxu
video/x-msvideo avi
video/x-sgi-movie movie
-x-conference/x-cooltalk ice";
+x-conference/x-cooltalk ice
END_STRING;
+ // Needed for windows servers who use \r\n not \n
$endl = "
";
$types = explode( $endl, $types );
- if ( !preg_match( "/\.(.*?)$/", $filename, $matches ) ) {
+ if ( !preg_match( "/\.([^.]*?)$/", $filename, $matches ) ) {
return false;
}
}
function wfForbidden() {
- header( "HTTP/1.0 403 Forbidden" );
+ header( 'HTTP/1.0 403 Forbidden' );
print
"<html><body>
<h1>Access denied</h1>