<?php
-/**
- * PHP script to stream out an image thumbnail.
- * If the file exists, we make do with abridged MediaWiki initialisation.
+/**
+ * PHP script to stream out an image thumbnail.
+ * If the file exists, we make do with abridged MediaWiki initialisation.
*/
define( 'MEDIAWIKI', true );
unset( $IP );
-$wgNoOutputBuffer = true;
+if ( isset( $_REQUEST['GLOBALS'] ) ) {
+ echo '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>';
+ die( -1 );
+}
+
+define( 'MW_NO_OUTPUT_BUFFER', true );
require_once( './includes/Defines.php' );
require_once( './LocalSettings.php' );
}
$thumbPath = wfImageThumbDir( $fileName ) . '/' . $thumbName;
-if ( file_exists( $thumbPath ) && filemtime( $thumbPath ) >= filemtime( $imagePath ) ) {
+if ( is_file( $thumbPath ) && filemtime( $thumbPath ) >= filemtime( $imagePath ) ) {
wfStreamFile( $thumbPath );
exit;
}