1 files changed, 28 insertions, 0 deletions

diff --git a/img_auth.php b/img_auth.php
index bb419b39..4b625e39 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -17,6 +17,12 @@ require_once( dirname( __FILE__ ) . '/includes/WebStart.php' );
 wfProfileIn( 'img_auth.php' );
 require_once( dirname( __FILE__ ) . '/includes/StreamFile.php' );
 
+$perms = User::getGroupPermissions( array( '*' ) );
+if ( in_array( 'read', $perms, true ) ) {
+	wfDebugLog( 'img_auth', 'Public wiki' );
+	wfPublicError();
+}
+
 // Extract path and image information
 if( !isset( $_SERVER['PATH_INFO'] ) ) {
 	wfDebugLog( 'img_auth', 'Missing PATH_INFO' );
@@ -88,3 +94,25 @@ ENDS;
 	wfLogProfilingData();
 	exit();
 }
+
+/**
+ * Show a 403 error for use when the wiki is public
+ */
+function wfPublicError() {
+	header( 'HTTP/1.0 403 Forbidden' );
+	header( 'Content-Type: text/html; charset=utf-8' );
+	echo <<<ENDS
+<html>
+<body>
+<h1>Access Denied</h1>
+<p>The function of img_auth.php is to output files from a private wiki. This wiki
+is configured as a public wiki. For optimal security, img_auth.php is disabled in 
+this case.
+</p>
+</body>
+</html>
+ENDS;
+	wfLogProfilingData();
+	exit;
+}
+