Security fix: Previously it was possible to include unprotected and even content...

[lhc/web/wiklou.git] / img_auth.php

diff --git a/img_auth.php b/img_auth.php
index 8794bc7..24bda42 100644 (file)
--- a/img_auth.php
+++ b/img_auth.php
@@ -7,6 +7,7 @@
  * to an array of pages you want everyone to be able to access. Your server must
  * support PATH_INFO, CGI-based configurations generally don't.
  */
+define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
 require_once( './includes/WebStart.php' );
 wfProfileIn( 'img_auth.php' );
 require_once( './includes/StreamFile.php' );
@@ -49,6 +50,7 @@ wfLogProfilingData();
 
 function wfForbidden() {
        header( 'HTTP/1.0 403 Forbidden' );
+       header( 'Content-Type: text/html; charset=utf-8' );
        print
 "<html><body>
 <h1>Access denied</h1>
@@ -58,4 +60,4 @@ function wfForbidden() {
        exit;
 }
 
-?>
+