]> scripts.mit.edu Git - autoinstalls/mediawiki.git/blobdiff - img_auth.php
scripts.mit.edu / autoinstalls / mediawiki.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
MediaWiki 1.17.1-scripts
[autoinstalls/mediawiki.git] / img_auth.php
diff --git a/img_auth.php b/img_auth.php
index bc4464d4cc151136e397591328e3d7fe8b03c42d..4fa301b60833f81552c0d551527960cf86f9f7c2 100644 (file)
--- a/img_auth.php
+++ b/img_auth.php
@@ -38,11 +38,28 @@ if ( $wgImgAuthPublicTest
 }
 
 // Extract path and image information
-if( !isset( $_SERVER['PATH_INFO'] ) )
-       wfForbidden('img-auth-accessdenied','img-auth-nopathinfo');
+if( !isset( $_SERVER['PATH_INFO'] ) ) {
+       $path = $wgRequest->getText( 'path' );
+       if( !$path ) {
+        wfForbidden( 'img-auth-accessdenied', 'img-auth-nopathinfo' );
+       }
+       $path = "/$path";
+} else {
+       $path = $_SERVER['PATH_INFO'];
+}
+
+// Check for bug 28235: QUERY_STRING overriding the correct extension
+$dotPos = strrpos( $path, '.' );
+$whitelist = array();
+if ( $dotPos !== false ) {
+       $whitelist[] = substr( $path, $dotPos + 1 );
+}
+if ( !$wgRequest->checkUrlExtension( $whitelist ) )
+{
+       return;
+}
 
-$path = $_SERVER['PATH_INFO'];
-$filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
+$filename = realpath( $wgUploadDirectory . $path );
 $realUpload = realpath( $wgUploadDirectory );
 
 // Basic directory traversal check
MediaWiki autoinstaller for scripts.mit.edu