Protect users from attacks against their browsers via malicious script-containing...

Protect users from attacks against their browsers via malicious script-containing uploads, by:
1) Requiring a session token before streaming files out via Special:Undelete
2) Restricting img_auth.php to private wikis only (its intended use case)