X-Git-Url: https://git.cyclocoop.org/%242?a=blobdiff_plain;f=thumb.php;h=13dbc0e767ca3742e3d8d68e288b165abb95edbc;hb=178d312eb80718c148e3e5774d116358c6e302f8;hp=b59116eaed3881a68438e93489e65cdef551444d;hpb=2dd32981a8326a6207ac866b39410f1b86179288;p=lhc%2Fweb%2Fwiklou.git diff --git a/thumb.php b/thumb.php index b59116eaed..13dbc0e767 100644 --- a/thumb.php +++ b/thumb.php @@ -91,6 +91,7 @@ function wfThumbHandle404() { */ function wfStreamThumb( array $params ) { global $wgVaryOnXFP; + $permissionManager = MediaWikiServices::getInstance()->getPermissionManager(); $headers = []; // HTTP headers to send @@ -154,8 +155,11 @@ function wfStreamThumb( array $params ) { // Check permissions if there are read restrictions $varyHeader = []; - if ( !in_array( 'read', User::getGroupPermissions( [ '*' ] ), true ) ) { - if ( !$img->getTitle() || !$img->getTitle()->userCan( 'read' ) ) { + if ( !in_array( 'read', $permissionManager->getGroupPermissions( [ '*' ] ), true ) ) { + $user = RequestContext::getMain()->getUser(); + $imgTitle = $img->getTitle(); + + if ( !$imgTitle || !$permissionManager->userCan( 'read', $user, $imgTitle ) ) { wfThumbError( 403, 'Access denied. You do not have permission to access ' . 'the source file.' ); return; @@ -272,7 +276,7 @@ function wfStreamThumb( array $params ) { // For 404 handled thumbnails, we only use the base name of the URI // for the thumb params and the parent directory for the source file name. - // Check that the zone relative path matches up so squid caches won't pick + // Check that the zone relative path matches up so CDN caches won't pick // up thumbs that would not be purged on source file deletion (T36231). if ( $rel404 !== null ) { // thumbnail was handled via 404 if ( rawurldecode( $rel404 ) === $img->getThumbRel( $thumbName ) ) { @@ -409,6 +413,8 @@ function wfProxyThumbnailRequest( $img, $thumbName ) { // Send request to proxied service $status = $req->execute(); + MediaWiki\HeaderCallback::warnIfHeadersSent(); + // Simply serve the response from the proxied service as-is header( 'HTTP/1.1 ' . $req->getStatus() ); @@ -500,7 +506,7 @@ function wfGenerateThumbnail( File $file, array $params, $thumbName, $thumbPath } /** @noinspection PhpUnusedLocalVariableInspection */ - $done = true; // no PHP fatal occured + $done = true; // no PHP fatal occurred if ( !$thumb || $thumb->isError() ) { // Randomize TTL to reduce stampedes @@ -626,7 +632,7 @@ function wfThumbErrorText( $status, $msgText ) { * * @param int $status * @param string $msgHtml HTML - * @param string $msgText Short error description, for internal logging. Defaults to $msgHtml. + * @param string|null $msgText Short error description, for internal logging. Defaults to $msgHtml. * Only used for HTTP 500 errors. * @param array $context Error context, for internal logging. Only used for HTTP 500 errors. * @return void @@ -634,6 +640,8 @@ function wfThumbErrorText( $status, $msgText ) { function wfThumbError( $status, $msgHtml, $msgText = null, $context = [] ) { global $wgShowHostnames; + MediaWiki\HeaderCallback::warnIfHeadersSent(); + header( 'Cache-Control: no-cache' ); header( 'Content-Type: text/html; charset=utf-8' ); if ( $status == 400 || $status == 404 || $status == 429 ) {