From: Aaron Schulz <aschulz@wikimedia.org>
Date: Tue, 7 Jan 2014 19:32:40 +0000 (-0800)
Subject: SECURITY: Added missing auth check in img_auth.php
X-Git-Tag: 1.31.0-rc.0~17263
X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=commitdiff_plain;h=befff4f2efb2c0274e24e7a7a842091f3b81a541;p=lhc%2Fweb%2Fwiklou.git

SECURITY: Added missing auth check in img_auth.php

For $wgImgAuthUrlPathMap in img_auth.php

Bug: 57016
Change-Id: I874878322a91bf14091500223d3520861a1556bb
---

diff --git a/img_auth.php b/img_auth.php
index 2d2db9a5ed..72a7dab855 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -92,12 +92,17 @@ function wfImageAuthMain() {
 		if ( strpos( $path, $prefix ) === 0 ) {
 			$be = FileBackendGroup::singleton()->backendFromPath( $storageDir );
 			$filename = $storageDir . substr( $path, strlen( $prefix ) ); // strip prefix
+                       // Check basic user authorization
+                       if ( !RequestContext::getMain()->getUser()->isAllowed( 'read' ) ) {
+                               wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $path );
+                               return;
+                       }
 			if ( $be->fileExists( array( 'src' => $filename ) ) ) {
 				wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." );
 				$be->streamFile( array( 'src' => $filename ),
 					array( 'Cache-Control: private', 'Vary: Cookie' ) );
 			} else {
-				wfForbidden( 'img-auth-accessdenied', 'img-auth-nofile', $filename );
+				wfForbidden( 'img-auth-accessdenied', 'img-auth-nofile', $path );
 			}
 			return;
 		}