img_auth.php

   1 <?php
   2
   3 /**
   4  * Image authorisation script
   5  *
   6  * To use this:
   7  *
   8  * Set $wgUploadDirectory to a non-public directory (not web accessible)
   9  * Set $wgUploadPath to point to this file
  10  *
  11  * Your server needs to support PATH_INFO; CGI-based configurations
  12  * usually don't.
  13  */
  14
  15 define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
  16 $dir = dirname(__FILE__) . '/';
  17 require_once( $dir . 'includes/WebStart.php' );
  18 wfProfileIn( 'img_auth.php' );
  19 require_once( $dir . 'includes/StreamFile.php' );
  20
  21 $perms = User::getGroupPermissions( array( '*' ) );
  22 if ( in_array( 'read', $perms, true ) ) {
  23         wfDebugLog( 'img_auth', 'Public wiki' );
  24         wfPublicError();
  25 }
  26
  27 // Extract path and image information
  28 if( !isset( $_SERVER['PATH_INFO'] ) ) {
  29         wfDebugLog( 'img_auth', 'Missing PATH_INFO' );
  30         wfForbidden();
  31 }
  32
  33 $path = $_SERVER['PATH_INFO'];
  34 $filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
  35 $realUpload = realpath( $wgUploadDirectory );
  36 wfDebugLog( 'img_auth', "\$path is {$path}" );
  37 wfDebugLog( 'img_auth', "\$filename is {$filename}" );
  38
  39 // Basic directory traversal check
  40 if( substr( $filename, 0, strlen( $realUpload ) ) != $realUpload ) {
  41         wfDebugLog( 'img_auth', 'Requested path not in upload directory' );
  42         wfForbidden();
  43 }
  44
  45 // Extract the file name and chop off the size specifier
  46 // (e.g. 120px-Foo.png => Foo.png)
  47 $name = wfBaseName( $path );
  48 if( preg_match( '!\d+px-(.*)!i', $name, $m ) )
  49         $name = $m[1];
  50 wfDebugLog( 'img_auth', "\$name is {$name}" );
  51
  52 $title = Title::makeTitleSafe( NS_IMAGE, $name );
  53 if( !$title instanceof Title ) {
  54         wfDebugLog( 'img_auth', "Unable to construct a valid Title from `{$name}`" );
  55         wfForbidden();
  56 }
  57 $title = $title->getPrefixedText();
  58
  59 // Check the whitelist if needed
  60 if( !$wgUser->getId() && ( !is_array( $wgWhitelistRead ) || !in_array( $title, $wgWhitelistRead ) ) ) {
  61         wfDebugLog( 'img_auth', "Not logged in and `{$title}` not in whitelist." );
  62         wfForbidden();
  63 }
  64
  65 if( !file_exists( $filename ) ) {
  66         wfDebugLog( 'img_auth', "`{$filename}` does not exist" );
  67         wfForbidden();
  68 }
  69 if( is_dir( $filename ) ) {
  70         wfDebugLog( 'img_auth', "`{$filename}` is a directory" );
  71         wfForbidden();
  72 }
  73
  74 // Stream the requested file
  75 wfDebugLog( 'img_auth', "Streaming `{$filename}`" );
  76 wfStreamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
  77 wfLogProfilingData();
  78
  79 /**
  80  * Issue a standard HTTP 403 Forbidden header and a basic
  81  * error message, then end the script
  82  */
  83 function wfForbidden() {
  84         header( 'HTTP/1.0 403 Forbidden' );
  85         header( 'Vary: Cookie' );
  86         header( 'Content-Type: text/html; charset=utf-8' );
  87         echo <<<ENDS
  88 <html>
  89 <body>
  90 <h1>Access Denied</h1>
  91 <p>You need to log in to access files on this server.</p>
  92 </body>
  93 </html>
  94 ENDS;
  95         wfLogProfilingData();
  96         exit();
  97 }
  98
  99 /**
 100  * Show a 403 error for use when the wiki is public
 101  */
 102 function wfPublicError() {
 103         header( 'HTTP/1.0 403 Forbidden' );
 104         header( 'Content-Type: text/html; charset=utf-8' );
 105         echo <<<ENDS
 106 <html>
 107 <body>
 108 <h1>Access Denied</h1>
 109 <p>The function of img_auth.php is to output files from a private wiki. This wiki
 110 is configured as a public wiki. For optimal security, img_auth.php is disabled in
 111 this case.
 112 </p>
 113 </body>
 114 </html>
 115 ENDS;
 116         wfLogProfilingData();
 117         exit;
 118 }
 119