<?php
+/**
+ * Image download authorisation script
+ *
+ * To use, in LocalSettings.php set $wgUploadDirectory to point to a non-public
+ * directory, and $wgUploadPath to point to this file. Also set $wgWhitelistRead
+ * to an array of pages you want everyone to be able to access. Your server must
+ * support PATH_INFO, CGI-based configurations generally don't.
+ */
+# Valid web server entry point, enable includes
+define( 'MEDIAWIKI', true );
-# Image download authorisation script
-define( "MEDIAWIKI", true );
-require_once( "./LocalSettings.php" );
-require_once( "includes/Setup.php" );
-if ( $wgWhitelistRead && !$wgUser->getID() ) {
- header( "HTTP/1.0 403 Forbidden" );
- exit;
+require_once( 'includes/Defines.php' );
+require_once( './LocalSettings.php' );
+require_once( 'includes/Setup.php' );
+
+if( !isset( $_SERVER['PATH_INFO'] ) ) {
+ wfForbidden();
}
-# Check if the filename is in the correct directory
+# Get filenames/directories
$filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
$realUploadDirectory = realpath( $wgUploadDirectory );
+$imageName = $wgLang->getNsText( NS_IMAGE ) . ":" . basename( $_SERVER['PATH_INFO'] );
+
+# Check if the filename is in the correct directory
if ( substr( $filename, 0, strlen( $realUploadDirectory ) ) != $realUploadDirectory ) {
- header( "HTTP/1.0 403 Forbidden" );
- exit;
+ wfForbidden();
+}
+
+if ( is_array( $wgWhitelistRead ) && !in_array( $imageName, $wgWhitelistRead ) && !$wgUser->getID() ) {
+ wfForbidden();
+}
+
+if( !file_exists( $filename ) ) {
+ wfForbidden();
+}
+if( is_dir( $filename ) ) {
+ wfForbidden();
}
# Write file
$type = wfGetType( $filename );
if ( $type ) {
- header("Content-type: $type");
+ header('Content-type: '.$type);
+} else {
+ header('Content-type: application/x-wiki');
}
readfile( $filename );
function wfGetType( $filename ) {
# There's probably a better way to do this
- $types = "application/andrew-inset ez
+ $types = <<<END_STRING
+application/andrew-inset ez
application/mac-binhex40 hqx
application/mac-compactpro cpt
application/mathml+xml mathml
model/vrml wrl vrml
text/calendar ics ifb
text/css css
-text/html html htm
-text/plain asc txt
text/richtext rtx
text/rtf rtf
text/sgml sgml sgm
video/vnd.mpegurl mxu
video/x-msvideo avi
video/x-sgi-movie movie
-x-conference/x-cooltalk ice";
-
- $types = explode( "\n", $types );
- if ( !preg_match( "/\.(.*?)$/", $filename, $matches ) ) {
+x-conference/x-cooltalk ice
+END_STRING;
+ // Needed for windows servers who use \r\n not \n
+ $endl = "
+";
+ $types = explode( $endl, $types );
+ if ( !preg_match( "/\.([^.]*?)$/", $filename, $matches ) ) {
return false;
}
}
return false;
}
+
+function wfForbidden() {
+ header( 'HTTP/1.0 403 Forbidden' );
+ print
+"<html><body>
+<h1>Access denied</h1>
+<p>You need to log in to access files on this server</p>
+</body></html>";
+ exit;
+}
+
?>