* I've done this with a Cache-Control: no-cache header() call within UndeleteForm::showFile(), but I would appreciate a review to be sure this is the best method. It's possible for an administrator to preview a deleted image, and for this response to be cached such that a user without appropriate permissions can then access the preview.
if possible (should not happen, though, outside interwiki transclusion... and
maybe not even then, but it does)
* (bug 8447) Fix SQL typo breaking non-default $wgHitcounterUpdateFreq
-
+* Do not allow previews of deleted images to be cached
== Languages updated ==
global $wgOut;
$wgOut->disable();
+ # We mustn't allow the output to be Squid cached, otherwise
+ # if an admin previews a deleted image, and it's cached, then
+ # a user without appropriate permissions can toddle off and
+ # nab the image, and Squid will serve it
+ header( 'Cache-Control: no-cache' );
$store = FileStore::get( 'deleted' );
$store->stream( $key );
}