summaryrefslogtreecommitdiff
path: root/img_auth.php
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2011-06-22 11:28:20 +0200
committerPierre Schmitz <pierre@archlinux.de>2011-06-22 11:28:20 +0200
commit9db190c7e736ec8d063187d4241b59feaf7dc2d1 (patch)
tree46d1a0dee7febef5c2d57a9f7b972be16a163b3d /img_auth.php
parent78677c7bbdcc9739f6c10c75935898a20e1acd9e (diff)
update to MediaWiki 1.17.0
Diffstat (limited to 'img_auth.php')
-rw-r--r--img_auth.php28
1 files changed, 19 insertions, 9 deletions
diff --git a/img_auth.php b/img_auth.php
index 0fe239ba..1daba85f 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -37,19 +37,29 @@ if ( $wgImgAuthPublicTest
wfForbidden('img-auth-accessdenied','img-auth-public');
}
+// Extract path and image information
+if( !isset( $_SERVER['PATH_INFO'] ) ) {
+ $path = $wgRequest->getText( 'path' );
+ if( !$path ) {
+ wfForbidden( 'img-auth-accessdenied', 'img-auth-nopathinfo' );
+ }
+ $path = "/$path";
+} else {
+ $path = $_SERVER['PATH_INFO'];
+}
+
// Check for bug 28235: QUERY_STRING overriding the correct extension
-if ( isset( $_SERVER['QUERY_STRING'] )
- && preg_match( '/\.[^\\/:*?"<>|%]+(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
+$dotPos = strpos( $path, '.' );
+$whitelist = array();
+if ( $dotPos !== false ) {
+ $whitelist[] = substr( $path, $dotPos + 1 );
+}
+if ( !$wgRequest->checkUrlExtension( $whitelist ) )
{
- wfForbidden( 'img-auth-accessdenied', 'img-auth-bad-query-string' );
+ return;
}
-// Extract path and image information
-if( !isset( $_SERVER['PATH_INFO'] ) )
- wfForbidden('img-auth-accessdenied','img-auth-nopathinfo');
-
-$path = $_SERVER['PATH_INFO'];
-$filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
+$filename = realpath( $wgUploadDirectory . $path );
$realUpload = realpath( $wgUploadDirectory );
// Basic directory traversal check