-# Write file
-wfDebugLog( 'img_auth', "streaming file: $filename" );
-wfStreamFile( $filename );
+$title = Title::makeTitleSafe( NS_FILE, $name );
+
+// See if could create the title object
+if( !$title instanceof Title )
+ wfForbidden('img-auth-accessdenied','img-auth-badtitle',$name);
+
+// Run hook
+if (!wfRunHooks( 'ImgAuthBeforeStream', array( &$title, &$path, &$name, &$result ) ) )
+ wfForbidden($result[0],$result[1],array_slice($result,2));
+
+// Check user authorization for this title
+// UserCanRead Checks Whitelist too
+if( !$title->userCanRead() )
+ wfForbidden('img-auth-accessdenied','img-auth-noread',$name);
+
+// Stream the requested file
+wfDebugLog( 'img_auth', "Streaming `".$filename."`." );
+wfStreamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );