From: Bryan Tong Minh <btongminh@users.mediawiki.org>
Date: Sun, 12 Dec 2010 15:50:25 +0000 (+0000)
Subject: Follow-up r65652: Do not double-slash the path if it came from PATH_INFO
X-Git-Tag: 1.31.0-rc.0~33361
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/exercices/journal.php?a=commitdiff_plain;h=8008372fc6489769579eb7af7dc890fc45f036ad;p=lhc%2Fweb%2Fwiklou.git

Follow-up r65652: Do not double-slash the path if it came from PATH_INFO
---

diff --git a/img_auth.php b/img_auth.php
index b99773b776..c2541f69b2 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -43,11 +43,12 @@ if( !isset( $_SERVER['PATH_INFO'] ) ) {
 	if( !$path ) {
         wfForbidden( 'img-auth-accessdenied', 'img-auth-nopathinfo' );
 	}
+	$path = "/$path";
 } else {
 	$path = $_SERVER['PATH_INFO'];
 }
 
-$filename = realpath( $wgUploadDirectory . '/' . $path );
+$filename = realpath( $wgUploadDirectory . $path );
 $realUpload = realpath( $wgUploadDirectory );
 
 // Basic directory traversal check