dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
469f01e
)
Follow-up r65652: Do not double-slash the path if it came from PATH_INFO
author
Bryan Tong Minh
<btongminh@users.mediawiki.org>
Sun, 12 Dec 2010 15:50:25 +0000
(15:50 +0000)
committer
Bryan Tong Minh
<btongminh@users.mediawiki.org>
Sun, 12 Dec 2010 15:50:25 +0000
(15:50 +0000)
img_auth.php
patch
|
blob
|
history
diff --git
a/img_auth.php
b/img_auth.php
index
b99773b
..
c2541f6
100644
(file)
--- a/
img_auth.php
+++ b/
img_auth.php
@@
-43,11
+43,12
@@
if( !isset( $_SERVER['PATH_INFO'] ) ) {
if( !$path ) {
wfForbidden( 'img-auth-accessdenied', 'img-auth-nopathinfo' );
}
+ $path = "/$path";
} else {
$path = $_SERVER['PATH_INFO'];
}
-$filename = realpath( $wgUploadDirectory .
'/' .
$path );
+$filename = realpath( $wgUploadDirectory . $path );
$realUpload = realpath( $wgUploadDirectory );
// Basic directory traversal check