-$realUploadDirectory = realpath( $wgUploadDirectory );
-$imageName = $wgContLang->getNsText( NS_IMAGE ) . ":" . wfBaseName( $_SERVER['PATH_INFO'] );
+$realUpload = realpath( $wgUploadDirectory );
+wfDebugLog( 'img_auth', "\$path is {$path}" );
+wfDebugLog( 'img_auth', "\$filename is {$filename}" );
+
+// Basic directory traversal check
+if( substr( $filename, 0, strlen( $realUpload ) ) != $realUpload ) {
+ wfDebugLog( 'img_auth', 'Requested path not in upload directory' );
+ wfForbidden();
+}
+
+// Extract the file name and chop off the size specifier
+// (e.g. 120px-Foo.png => Foo.png)
+$name = wfBaseName( $path );
+if( preg_match( '!\d+px-(.*)!i', $name, $m ) )
+ $name = $m[1];
+wfDebugLog( 'img_auth', "\$name is {$name}" );