X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=img_auth.php;h=bc4464d4cc151136e397591328e3d7fe8b03c42d;hb=c824e30197e40d473e36da488287ae05fa19e646;hp=4764b780ef5b9d2c2117f418258e5b6432dc52f2;hpb=81fad6027c7882939996e97bc4afbda952a50fe3;p=lhc%2Fweb%2Fwiklou.git

diff --git a/img_auth.php b/img_auth.php
index 4764b780ef..bc4464d4cc 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -30,11 +30,12 @@ require_once( dirname( __FILE__ ) . '/includes/WebStart.php' );
 wfProfileIn( 'img_auth.php' );
 require_once( dirname( __FILE__ ) . '/includes/StreamFile.php' );
 
-$perms = User::getGroupPermissions( array( '*' ) );
-
 // See if this is a public Wiki (no protections)
-if ( $wgImgAuthPublicTest && in_array( 'read', $perms, true ) )
+if ( $wgImgAuthPublicTest 
+	&& in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) )
+{
 	wfForbidden('img-auth-accessdenied','img-auth-public');
+}
 
 // Extract path and image information
 if( !isset( $_SERVER['PATH_INFO'] ) )
@@ -56,31 +57,30 @@ if( preg_match( '!\d+px-(.*)!i', $name, $m ) )
 
 // Check to see if the file exists
 if( !file_exists( $filename ) )
-	wfForbidden('img-auth-accessdenied','img-auth-nofile',htmlspecialchars($filename));
+	wfForbidden('img-auth-accessdenied','img-auth-nofile',$filename);
 
 // Check to see if tried to access a directory
 if( is_dir( $filename ) )
-	wfForbidden('img-auth-accessdenied','img-auth-isdir',htmlspecialchars($filename));
+	wfForbidden('img-auth-accessdenied','img-auth-isdir',$filename);
 
 
 $title = Title::makeTitleSafe( NS_FILE, $name );
 
 // See if could create the title object
 if( !$title instanceof Title ) 
-	wfForbidden('img-auth-accessdenied','img-auth-badtitle',htmlspecialchars($name));
+	wfForbidden('img-auth-accessdenied','img-auth-badtitle',$name);
 
 // Run hook
 if (!wfRunHooks( 'ImgAuthBeforeStream', array( &$title, &$path, &$name, &$result ) ) )
-	call_user_func_array('wfForbidden',merge_array(array($result[0],$result[1]),array_slice($result,2)));
+	wfForbidden($result[0],$result[1],array_slice($result,2));
 	
 //  Check user authorization for this title
 //  UserCanRead Checks Whitelist too
-if( !$title->userCanRead() )
-	wfForbidden('img-auth-accessdenied','img-auth-noread',htmlspecialchars($name));
-
+if( !$title->userCanRead() ) 
+	wfForbidden('img-auth-accessdenied','img-auth-noread',$name);
 
 // Stream the requested file
-wfDebugLog( 'img_auth', "Streaming `".htmlspecialchars($filename)."`." );
+wfDebugLog( 'img_auth', "Streaming `".$filename."`." );
 wfStreamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
 wfLogProfilingData();
 
@@ -94,10 +94,10 @@ function wfForbidden($msg1,$msg2) {
 	$args = func_get_args();
 	array_shift( $args );
 	array_shift( $args );
-	$MsgHdr = wfMsgHTML($msg1);
-	$detailMsg = call_user_func_array('wfMsgHTML',array_merge(array($wgImgAuthDetails ? $msg2 : 'badaccess-group0'),$args));
+	$MsgHdr = htmlspecialchars(wfMsg($msg1));
+	$detailMsg = (htmlspecialchars(wfMsg(($wgImgAuthDetails ? $msg2 : 'badaccess-group0'),$args)));
 	wfDebugLog('img_auth', "wfForbidden Hdr:".wfMsgExt( $msg1, array('language' => 'en'))." Msg: ".
-				call_user_func_array('wfMsgExt',array_merge( array($msg2, array('language' => 'en')),$args)));
+				wfMsgExt($msg2,array('language' => 'en'),$args));
 	header( 'HTTP/1.0 403 Forbidden' );
 	header( 'Cache-Control: no-cache' );
 	header( 'Content-Type: text/html; charset=utf-8' );