dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d684497) | patch
SECURITY: Fix accidental public CC headers in img_auth.php
authorTim Starling <tstarling@wikimedia.org>
Tue, 31 Mar 2020 06:02:49 +0000 (17:02 +1100)
committerReedy <reedy@wikimedia.org>
Wed, 24 Jun 2020 16:21:01 +0000 (17:21 +0100)
commitd3e023d11064a91c2478ef8dec8fa39d15d6bdfc
tree09482dbdbf927117463b8bd2cf23b86b3c742bd6tree | snapshot
parentd68449722356d740291415fd84855ec75d7bb01bcommit | diff
SECURITY: Fix accidental public CC headers in img_auth.php

Incorrect parameters to FileBackend::streamFile() caused
Cache-Control:private and Vary:Cookie response headers to be omitted
when requesting a file in a path configured by $wgImgAuthUrlPathMap.
Typically this is used to deliver images generated by extensions.

CVE-2020-15005

Bug: T248947
Change-Id: I404d9462e4b35d3d832bfab21954ff87e46e3eb2
RELEASE-NOTES-1.34 diff | blob | history
img_auth.php diff | blob | history
Wiklou, le Wiki du Wiklou