X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;ds=sidebyside;f=img_auth.php;h=3999bf3e80e2a3b2dc2360e34cc57b613b9cf501;hb=b51076f9f703f623fef6ce59a8f33aa3cd7051d8;hp=7f922c52239190a4591b64e9e7252a442774544f;hpb=5275f9b097cdae5dbab0845e3ea127086e3a6570;p=lhc%2Fweb%2Fwiklou.git

diff --git a/img_auth.php b/img_auth.php
index 7f922c5223..3999bf3e80 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -43,7 +43,7 @@ wfImageAuthMain();
 wfLogProfilingData();
 
 function wfImageAuthMain() {
-	global $wgImgAuthPublicTest, $wgRequest, $wgUploadDirectory;
+	global $wgImgAuthPublicTest, $wgRequest;
 
 	// See if this is a public Wiki (no protections).
 	if ( $wgImgAuthPublicTest
@@ -56,6 +56,10 @@ function wfImageAuthMain() {
 
 	// Get the requested file path (source file or thumbnail)
 	$matches = WebRequest::getPathInfo();
+	if ( !isset( $matches['title'] ) ) {
+		wfForbidden( 'img-auth-accessdenied', 'img-auth-nopathinfo' );
+		return;
+	}
 	$path = $matches['title'];
 	if ( $path && $path[0] !== '/' ) {
 		// Make sure $path has a leading /
@@ -104,7 +108,7 @@ function wfImageAuthMain() {
 		wfForbidden( $result[0], $result[1], array_slice( $result, 2 ) );
 		return;
 	}
-	
+
 	// Check user authorization for this title
 	// Checks Whitelist too
 	if ( !$title->userCan( 'read' ) ) {