dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
DB name can have hyphens (fixed in r79767), bug 26685 pointed out the message discrepancy
[lhc/web/wiklou.git] / img_auth.php
diff --git a/img_auth.php b/img_auth.php
index 8246d7e..c2541f6 100644 (file)
--- a/img_auth.php
+++ b/img_auth.php
@@ -30,18 +30,25 @@ require_once( dirname( __FILE__ ) . '/includes/WebStart.php' );
 wfProfileIn( 'img_auth.php' );
 require_once( dirname( __FILE__ ) . '/includes/StreamFile.php' );
 
-$perms = User::getGroupPermissions( array( '*' ) );
-
 // See if this is a public Wiki (no protections)
-if ( $wgImgAuthPublicTest && in_array( 'read', $perms, true ) )
+if ( $wgImgAuthPublicTest 
+       && in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) )
+{
        wfForbidden('img-auth-accessdenied','img-auth-public');
+}
 
 // Extract path and image information
-if( !isset( $_SERVER['PATH_INFO'] ) )
-       wfForbidden('img-auth-accessdenied','img-auth-nopathinfo');
+if( !isset( $_SERVER['PATH_INFO'] ) ) {
+       $path = $wgRequest->getText( 'path' );
+       if( !$path ) {
+        wfForbidden( 'img-auth-accessdenied', 'img-auth-nopathinfo' );
+       }
+       $path = "/$path";
+} else {
+       $path = $_SERVER['PATH_INFO'];
+}
 
-$path = $_SERVER['PATH_INFO'];
-$filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
+$filename = realpath( $wgUploadDirectory . $path );
 $realUpload = realpath( $wgUploadDirectory );
 
 // Basic directory traversal check
Wiklou, le Wiki du Wiklou