X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=blobdiff_plain;f=thumb.php;h=0bb0b60c34558b40dd30dfd71eb26127b4760635;hb=5e56acb64a25d4f5c8d49b6c4417228362aa229f;hp=677979a0f4ab49c3014f550738836e5aca6176a7;hpb=95b4aef2dc89bbfc728a2b6df317e5f9dd2b0afe;p=lhc%2Fweb%2Fwiklou.git diff --git a/thumb.php b/thumb.php index 677979a0f4..0bb0b60c34 100644 --- a/thumb.php +++ b/thumb.php @@ -7,12 +7,14 @@ * @ingroup Media */ define( 'MW_NO_OUTPUT_COMPRESSION', 1 ); -require_once( './includes/WebStart.php' ); +if ( isset( $_SERVER['MW_COMPILED'] ) ) { + require ( 'phase3/includes/WebStart.php' ); +} else { + require ( dirname( __FILE__ ) . '/includes/WebStart.php' ); +} $wgTrivialMimeDetection = true; //don't use fancy mime detection, just check the file extension for jpg/gif/png. -require_once( "$IP/includes/StreamFile.php" ); - wfThumbMain(); wfLogProfilingData(); @@ -20,11 +22,16 @@ wfLogProfilingData(); function wfThumbMain() { wfProfileIn( __METHOD__ ); + + $headers = array(); + // Get input parameters - if ( get_magic_quotes_gpc() ) { - $params = array_map( 'stripslashes', $_REQUEST ); + if ( defined( 'THUMB_HANDLER' ) ) { + $params = $_REQUEST; // called from thumb_handler.php } else { - $params = $_REQUEST; + $params = get_magic_quotes_gpc() + ? array_map( 'stripslashes', $_REQUEST ) + : $_REQUEST; } $fileName = isset( $params['f'] ) ? $params['f'] : ''; @@ -38,23 +45,61 @@ function wfThumbMain() { if ( isset( $params['p'] ) ) { $params['page'] = $params['p']; } - unset( $params['r'] ); + unset( $params['r'] ); // ignore 'r' because we unconditionally pass File::RENDER + + // Is this a thumb of an archived file? + $isOld = ( isset( $params['archived'] ) && $params['archived'] ); + unset( $params['archived'] ); // Some basic input validation $fileName = strtr( $fileName, '\\/', '__' ); - $img = wfLocalFile( $fileName ); + // Actually fetch the image. Method depends on whether it is archived or not. + if ( $isOld ) { + // Format is ! + $bits = explode( '!', $fileName, 2 ); + if ( count( $bits ) != 2 ) { + wfThumbError( 404, wfMsg( 'badtitletext' ) ); + wfProfileOut( __METHOD__ ); + return; + } + $title = Title::makeTitleSafe( NS_FILE, $bits[1] ); + if ( is_null( $title ) ) { + wfThumbError( 404, wfMsg( 'badtitletext' ) ); + wfProfileOut( __METHOD__ ); + return; + } + $img = RepoGroup::singleton()->getLocalRepo()->newFromArchiveName( $title, $fileName ); + } else { + $img = wfLocalFile( $fileName ); + } + + // Check permissions if there are read restrictions + if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) { + if ( !$img->getTitle()->userCanRead() ) { + wfThumbError( 403, 'Access denied. You do not have permission to access ' . + 'the source file.' ); + wfProfileOut( __METHOD__ ); + return; + } + $headers[] = 'Cache-Control: private'; + $headers[] = 'Vary: Cookie'; + } + if ( !$img ) { wfThumbError( 404, wfMsg( 'badtitletext' ) ); + wfProfileOut( __METHOD__ ); return; } if ( !$img->exists() ) { wfThumbError( 404, 'The source file for the specified thumbnail does not exist.' ); + wfProfileOut( __METHOD__ ); return; } $sourcePath = $img->getPath(); if ( $sourcePath === false ) { wfThumbError( 500, 'The source file is not locally accessible.' ); + wfProfileOut( __METHOD__ ); return; } @@ -66,29 +111,33 @@ function wfThumbMain() { // Calculate time wfSuppressWarnings(); $imsUnix = strtotime( $imsString ); + $stat = stat( $sourcePath ); wfRestoreWarnings(); - $stat = @stat( $sourcePath ); if ( $stat['mtime'] <= $imsUnix ) { header( 'HTTP/1.1 304 Not Modified' ); + wfProfileOut( __METHOD__ ); return; } } - // Stream the file if it exists already + // Stream the file if it exists already... try { - if ( false != ( $thumbName = $img->thumbName( $params ) ) ) { + $thumbName = $img->thumbName( $params ); + if ( $thumbName !== false ) { // valid params? $thumbPath = $img->getThumbPath( $thumbName ); - if ( is_file( $thumbPath ) ) { - wfStreamFile( $thumbPath ); + StreamFile::stream( $thumbPath, $headers ); + wfProfileOut( __METHOD__ ); return; } } } catch ( MWException $e ) { wfThumbError( 500, $e->getHTML() ); + wfProfileOut( __METHOD__ ); return; } + // Thumbnail isn't already there, so create the new thumbnail... try { $thumb = $img->transform( $params, File::RENDER_NOW ); } catch( Exception $ex ) { @@ -96,6 +145,7 @@ function wfThumbMain() { $thumb = false; } + // Check for thumbnail generation errors... $errorMsg = false; if ( !$thumb ) { $errorMsg = wfMsgHtml( 'thumbnail_error', 'File::transform() returned false' ); @@ -106,27 +156,36 @@ function wfThumbMain() { } elseif ( $thumb->getPath() == $img->getPath() ) { $errorMsg = wfMsgHtml( 'thumbnail_error', 'Image was not scaled, ' . 'is the requested width bigger than the source?' ); - } else { - wfStreamFile( $thumb->getPath() ); } + if ( $errorMsg !== false ) { wfThumbError( 500, $errorMsg ); + } else { + // Stream the file if there were no errors + StreamFile::stream( $thumb->getPath(), $headers ); } wfProfileOut( __METHOD__ ); } +/** + * @param $status + * @param $msg + */ function wfThumbError( $status, $msg ) { global $wgShowHostnames; header( 'Cache-Control: no-cache' ); header( 'Content-Type: text/html; charset=utf-8' ); if ( $status == 404 ) { header( 'HTTP/1.1 404 Not found' ); + } elseif ( $status == 403 ) { + header( 'HTTP/1.1 403 Forbidden' ); + header( 'Vary: Cookie' ); } else { header( 'HTTP/1.1 500 Internal server error' ); } - if( $wgShowHostnames ) { - $url = htmlspecialchars( @$_SERVER['REQUEST_URI'] ); + if ( $wgShowHostnames ) { + $url = htmlspecialchars( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' ); $hostname = htmlspecialchars( wfHostname() ); $debug = "\n\n"; } else {