wfForbidden('img-auth-accessdenied','img-auth-public');
}
+// Check for bug 28235: QUERY_STRING overriding the correct extension
+if ( isset( $_SERVER['QUERY_STRING'] )
+ && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
+{
+ wfForbidden( 'img-auth-accessdenied', 'img-auth-bad-query-string' );
+}
+
$matches = WebRequest::getPathInfo();
$path = $matches['title'];
$filename = realpath( $wgUploadDirectory . $path );