X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=thumb.php;h=61fd788c9b641a6b42ebbc280c198336e90bb783;hb=55e2bcad65a5c0d6e7d16d1c4fef58faa6695a10;hp=a273393d330e6448dacd6283966d5e104232f352;hpb=087a9f70c5c152b72dc6c539cf64e334a0f2d029;p=lhc%2Fweb%2Fwiklou.git

diff --git a/thumb.php b/thumb.php
index a273393d33..61fd788c9b 100644
--- a/thumb.php
+++ b/thumb.php
@@ -7,12 +7,14 @@
  * @ingroup Media
  */
 define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
-require_once( './includes/WebStart.php' );
+if ( isset( $_SERVER['MW_COMPILED'] ) ) {
+	require ( 'phase3/includes/WebStart.php' );
+} else {
+	require ( dirname( __FILE__ ) . '/includes/WebStart.php' );
+}
 
 $wgTrivialMimeDetection = true; //don't use fancy mime detection, just check the file extension for jpg/gif/png.
 
-require_once( "$IP/includes/StreamFile.php" );
-
 wfThumbMain();
 wfLogProfilingData();
 
@@ -20,6 +22,9 @@ wfLogProfilingData();
 
 function wfThumbMain() {
 	wfProfileIn( __METHOD__ );
+
+	$headers = array();
+
 	// Get input parameters
 	if ( get_magic_quotes_gpc() ) {
 		$params = array_map( 'stripslashes', $_REQUEST );
@@ -38,23 +43,61 @@ function wfThumbMain() {
 	if ( isset( $params['p'] ) ) {
 		$params['page'] = $params['p'];
 	}
-	unset( $params['r'] );
+	unset( $params['r'] ); // ignore 'r' because we unconditionally pass File::RENDER
+
+	// Is this a thumb of an archived file?
+	$isOld = (isset( $params['archived'] ) && $params['archived']);
+	unset( $params['archived'] );
 
 	// Some basic input validation
 	$fileName = strtr( $fileName, '\\/', '__' );
 
-	$img = wfLocalFile( $fileName );
+	// Actually fetch the image. Method depends on whether it is archived or not.
+	if( $isOld ) {
+		// Format is <timestamp>!<name>
+		$bits = explode( '!', $fileName, 2 );
+		if( !isset($bits[1]) ) {
+			wfThumbError( 404, wfMsg( 'badtitletext' ) );
+			wfProfileOut( __METHOD__ );
+			return;
+		}
+		$title = Title::makeTitleSafe( NS_FILE, $bits[1] );
+		if( is_null($title) ) {
+			wfThumbError( 404, wfMsg( 'badtitletext' ) );
+			wfProfileOut( __METHOD__ );
+			return;
+		}
+		$img = RepoGroup::singleton()->getLocalRepo()->newFromArchiveName( $title, $fileName );
+	} else {
+		$img = wfLocalFile( $fileName );
+	}
+
+	// Check permissions if there are read restrictions
+	if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) {
+		if ( !$img->getTitle()->userCanRead() ) {
+			wfThumbError( 403, 'Access denied. You do not have permission to access ' . 
+				'the source file.' );
+			wfProfileOut( __METHOD__ );
+			return;
+		}
+		$headers[] = 'Cache-Control: private';
+		$headers[] = 'Vary: Cookie';
+	}
+
 	if ( !$img ) {
 		wfThumbError( 404, wfMsg( 'badtitletext' ) );
+		wfProfileOut( __METHOD__ );
 		return;
 	}
 	if ( !$img->exists() ) {
 		wfThumbError( 404, 'The source file for the specified thumbnail does not exist.' );
+		wfProfileOut( __METHOD__ );
 		return;
 	}
 	$sourcePath = $img->getPath();
 	if ( $sourcePath === false ) {
 		wfThumbError( 500, 'The source file is not locally accessible.' );
+		wfProfileOut( __METHOD__ );
 		return;
 	}
 
@@ -66,10 +109,11 @@ function wfThumbMain() {
 		// Calculate time
 		wfSuppressWarnings();
 		$imsUnix = strtotime( $imsString );
+		$stat = stat( $sourcePath );
 		wfRestoreWarnings();
-		$stat = @stat( $sourcePath );
 		if ( $stat['mtime'] <= $imsUnix ) {
 			header( 'HTTP/1.1 304 Not Modified' );
+			wfProfileOut( __METHOD__ );
 			return;
 		}
 	}
@@ -80,12 +124,14 @@ function wfThumbMain() {
 			$thumbPath = $img->getThumbPath( $thumbName );
 
 			if ( is_file( $thumbPath ) ) {
-				wfStreamFile( $thumbPath );
+				StreamFile::stream( $thumbPath, $headers );
+				wfProfileOut( __METHOD__ );
 				return;
 			}
 		}
 	} catch ( MWException $e ) {
 		wfThumbError( 500, $e->getHTML() );
+		wfProfileOut( __METHOD__ );
 		return;
 	}
 
@@ -107,7 +153,7 @@ function wfThumbMain() {
 		$errorMsg = wfMsgHtml( 'thumbnail_error', 'Image was not scaled, ' .
 			'is the requested width bigger than the source?' );
 	} else {
-		wfStreamFile( $thumb->getPath() );
+		StreamFile::stream( $thumb->getPath(), $headers );
 	}
 	if ( $errorMsg !== false ) {
 		wfThumbError( 500, $errorMsg );
@@ -117,13 +163,24 @@ function wfThumbMain() {
 }
 
 function wfThumbError( $status, $msg ) {
+	global $wgShowHostnames;
 	header( 'Cache-Control: no-cache' );
 	header( 'Content-Type: text/html; charset=utf-8' );
 	if ( $status == 404 ) {
 		header( 'HTTP/1.1 404 Not found' );
+	} elseif ( $status == 403 ) {
+		header( 'HTTP/1.1 403 Forbidden' );
+		header( 'Vary: Cookie' );
 	} else {
 		header( 'HTTP/1.1 500 Internal server error' );
 	}
+	if( $wgShowHostnames ) {
+		$url = htmlspecialchars( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' );
+		$hostname = htmlspecialchars( wfHostname() );
+		$debug = "<!-- $url -->\n<!-- $hostname -->\n";
+	} else {
+		$debug = "";
+	}
 	echo <<<EOT
 <html><head><title>Error generating thumbnail</title></head>
 <body>
@@ -131,6 +188,7 @@ function wfThumbError( $status, $msg ) {
 <p>
 $msg
 </p>
+$debug
 </body>
 </html>