r56051 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r56050‎ \| r56051 \| r56052 >
Date:	18:07, 8 September 2009
Author:	brion
Status:	ok (Comments)
Tags:
Comment:	Revert r55800 "bug 19646 Localization of img_auth.php - with enhancements" The localization code here is really ugly with weird things like call_user_func_array() all over the place, and there are bugs with escaping for log entries and such. Tried to rebuild all the localization files, but rebuildLanguage.php doesn't seem to consider the messages as "unknown". Have removed from English and qqq.
Modified paths:	/trunk/phase3/img_auth.php (modified) (history) /trunk/phase3/includes/DefaultSettings.php (modified) (history) /trunk/phase3/js2/mwEmbed/skins/ctrlBuilder.js (modified) (history) /trunk/phase3/languages/messages/MessagesEn.php (modified) (history) /trunk/phase3/languages/messages/MessagesQqq.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/DefaultSettings.php
—	—	@@ -191,14 +191,6 @@
192	192	$wgFileStore['deleted']['url'] = null; ///< Private
193	193	$wgFileStore['deleted']['hash'] = 3; ///< 3-level subdirectory split
194	194
195		-
196		-/**
197		~~- * used only for img_auth script - see [[Image Authorization]]~~
198		~~- */~~
199		~~-$wgImgAuthDetails = false; ///< defaults to false - only set to true if you use img_auth and want the user to see details on why access failed~~
200		~~-$wgImgAuthPublicTest = true; ///< defaults to true - if public read is turned on, no need for img_auth, config error unless other access is used~~
201		-
202		-
203	195	/**@{
204	196	* File repository structures
205	197	*
—	—	@@ -290,6 +282,7 @@
291	283	$wgLegalTitleChars = " %!\"$&'()*,\\-.\\/0-9:;=?@A-Z\\\\^_`a-z~\\x80-\\xFF+";
292	284	$wgIllegalFileChars = ":"; // These are additional characters that should be replaced with '-' in file names
293	285
	286	+
294	287	/**
295	288	* The external URL protocols
296	289	*/
Index: trunk/phase3/img_auth.php
—	—	@@ -3,112 +3,122 @@
4	4	/**
5	5	* Image authorisation script
6	6	*
7		~~- * To use this, see http://www.mediawiki.org/wiki/Manual:Image_Authorization~~
	7	+ * To use this:
8	8	*
9	9	* - Set $wgUploadDirectory to a non-public directory (not web accessible)
10	10	* - Set $wgUploadPath to point to this file
11	11	*
12		~~- * Optional Parameters~~
	12	+ * Your server needs to support PATH_INFO; CGI-based configurations
	13	+ * usually don't.
13	14	*
14		~~- * - Set $wgImgAuthDetails = true if you want the reason the access was denied messages to be displayed~~
15		~~- * instead of just the 403 error (doesn't work on IE anyway), otherwise will only appear in error logs~~
16		~~- * - Set $wgImgAuthPublicTest false if you don't want to just check and see if all are public~~
17		~~- * must be set to false if using specific restrictions such as LockDown or NSFileRepo~~
18		- *
19		~~- * For security reasons, you usually don't want your user to know why access was denied, just that it was.~~
20		~~- * If you want to change this, you can set $wgImgAuthDetails to 'true' in localsettings.php and it will give the user the reason~~
21		~~- * why access was denied.~~
22		- *
23		~~- * Your server needs to support PATH_INFO; CGI-based configurations usually don't.~~
24		- *
25	15	* @file
26		- *
27		~~- **/~~
28		-
	16	+ */
	17	+
29	18	define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
30	19	require_once( dirname( __FILE__ ) . '/includes/WebStart.php' );
31	20	wfProfileIn( 'img_auth.php' );
32	21	require_once( dirname( __FILE__ ) . '/includes/StreamFile.php' );
33	22
34	23	$perms = User::getGroupPermissions( array( '*' ) );
	24	+if ( in_array( 'read', $perms, true ) ) {
	25	+ wfDebugLog( 'img_auth', 'Public wiki' );
	26	+ wfPublicError();
	27	+}
35	28
36		~~-// See if this is a public Wiki (no protections)~~
37		~~-if ( $wgImgAuthPublicTest && in_array( 'read', $perms, true ) )~~
38		~~- wfForbidden('img-auth-accessdenied','img-auth-public');~~
39		-
40	29	// Extract path and image information
41		~~-if( !isset( $_SERVER['PATH_INFO'] ) )~~
42		~~- wfForbidden('img-auth-accessdenied','img-auth-nopathinfo');~~
	30	+if( !isset( $_SERVER['PATH_INFO'] ) ) {
	31	+ wfDebugLog( 'img_auth', 'Missing PATH_INFO' );
	32	+ wfForbidden();
	33	+}
43	34
44	35	$path = $_SERVER['PATH_INFO'];
45	36	$filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
46	37	$realUpload = realpath( $wgUploadDirectory );
	38	+wfDebugLog( 'img_auth', "\$path is {$path}" );
	39	+wfDebugLog( 'img_auth', "\$filename is {$filename}" );
47	40
48	41	// Basic directory traversal check
49		~~-if( substr( $filename, 0, strlen( $realUpload ) ) != $realUpload )~~
50		~~- wfForbidden('img-auth-accessdenied','img-auth-notindir');~~
	42	+if( substr( $filename, 0, strlen( $realUpload ) ) != $realUpload ) {
	43	+ wfDebugLog( 'img_auth', 'Requested path not in upload directory' );
	44	+ wfForbidden();
	45	+}
51	46
52	47	// Extract the file name and chop off the size specifier
53	48	// (e.g. 120px-Foo.png => Foo.png)
54	49	$name = wfBaseName( $path );
55	50	if( preg_match( '!\d+px-(.*)!i', $name, $m ) )
56	51	$name = $m[1];
	52	+wfDebugLog( 'img_auth', "\$name is {$name}" );
57	53
58		~~-// Check to see if the file exists~~
59		~~-if( !file_exists( $filename ) )~~
60		~~- wfForbidden('img-auth-accessdenied','img-auth-nofile',htmlspecialchars($filename));~~
61		-
62		~~-// Check to see if tried to access a directory~~
63		~~-if( is_dir( $filename ) )~~
64		~~- wfForbidden('img-auth-accessdenied','img-auth-isdir',htmlspecialchars($filename));~~
65		-
66		-
67	54	$title = Title::makeTitleSafe( NS_FILE, $name );
	55	+if( !$title instanceof Title ) {
	56	+ wfDebugLog( 'img_auth', "Unable to construct a valid Title from `{$name}`" );
	57	+ wfForbidden();
	58	+}
	59	+if( !$title->userCanRead() ) {
	60	+ wfDebugLog( 'img_auth', "User does not have access to read `{$name}`" );
	61	+ wfForbidden();
	62	+}
	63	+$title = $title->getPrefixedText();
68	64
69		~~-// See if could create the title object~~
70		~~-if( !$title instanceof Title )~~
71		~~- wfForbidden('img-auth-accessdenied','img-auth-badtitle',htmlspecialchars($name));~~
	65	+// Check the whitelist if needed
	66	+if( !$wgUser->getId() && ( !is_array( $wgWhitelistRead ) \|\| !in_array( $title, $wgWhitelistRead ) ) ) {
	67	+ wfDebugLog( 'img_auth', "Not logged in and `{$title}` not in whitelist." );
	68	+ wfForbidden();
	69	+}
72	70
73		~~-// Run hook~~
74		~~-if (!wfRunHooks( 'ImgAuthBeforeStream', array( &$title, &$path, &$name, &$result ) ) )~~
75		~~- call_user_func_array('wfForbidden',merge_array(array($result[0],$result[1]),array_slice($result,2)));~~
76		-
77		~~-// Check user authorization for this title~~
78		~~-// UserCanRead Checks Whitelist too~~
79		~~-if( !$title->userCanRead() )~~
80		~~- wfForbidden('img-auth-accessdenied','img-auth-noread',htmlspecialchars($name));~~
	71	+if( !file_exists( $filename ) ) {
	72	+ wfDebugLog( 'img_auth', "`{$filename}` does not exist" );
	73	+ wfForbidden();
	74	+}
	75	+if( is_dir( $filename ) ) {
	76	+ wfDebugLog( 'img_auth', "`{$filename}` is a directory" );
	77	+ wfForbidden();
	78	+}
81	79
82		-
83	80	// Stream the requested file
84		~~-wfDebugLog( 'img_auth', "Streaming `".htmlspecialchars($filename)."`." );~~
	81	+wfDebugLog( 'img_auth', "Streaming `{$filename}`" );
85	82	wfStreamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
86	83	wfLogProfilingData();
87	84
88	85	/**
89		~~- * Issue a standard HTTP 403 Forbidden header ($msg1-a message index, not a message) and an~~
90		~~- * error message ($msg2, also a message index), (both required) then end the script~~
91		~~- * subsequent arguments to $msg2 will be passed as parameters only for replacing in $msg2~~
	86	+ * Issue a standard HTTP 403 Forbidden header and a basic
	87	+ * error message, then end the script
92	88	*/
93		~~-function wfForbidden($msg1,$msg2) {~~
94		~~- global $wgImgAuthDetails;~~
95		~~- $args = func_get_args();~~
96		~~- array_shift( $args );~~
97		~~- array_shift( $args );~~
98		~~- $MsgHdr = wfMsgHTML($msg1);~~
99		~~- $detailMsg = call_user_func_array('wfMsgHTML',array_merge(array($wgImgAuthDetails ? $msg2 : 'badaccess-group0'),$args));~~
100		~~- wfDebugLog('img_auth', "wfForbidden Hdr:".wfMsgExt( $msg1, array('language' => 'en'))." Msg: ".~~
101		~~- call_user_func_array('wfMsgExt',array_merge( array($msg2, array('language' => 'en')),$args)));~~
	89	+function wfForbidden() {
102	90	header( 'HTTP/1.0 403 Forbidden' );
103		~~- header( 'Cache-Control: no-cache' );~~
	91	+ header( 'Vary: Cookie' );
104	92	header( 'Content-Type: text/html; charset=utf-8' );
105	93	echo <<<ENDS
106	94	<html>
107	95	<body>
108		~~-<h1>$MsgHdr</h1>~~
109		~~-<p>$detailMsg</p>~~
	96	+<h1>Access Denied</h1>
	97	+<p>You need to log in to access files on this server.</p>
110	98	</body>
111	99	</html>
112	100	ENDS;
113	101	wfLogProfilingData();
114	102	exit();
115	103	}
	104	+
	105	+/**
	106	+ * Show a 403 error for use when the wiki is public
	107	+ */
	108	+function wfPublicError() {
	109	+ header( 'HTTP/1.0 403 Forbidden' );
	110	+ header( 'Content-Type: text/html; charset=utf-8' );
	111	+ echo <<<ENDS
	112	+<html>
	113	+<body>
	114	+<h1>Access Denied</h1>
	115	+<p>The function of img_auth.php is to output files from a private wiki. This wiki
	116	+is configured as a public wiki. For optimal security, img_auth.php is disabled in
	117	+this case.
	118	+</p>
	119	+</body>
	120	+</html>
	121	+ENDS;
	122	+ wfLogProfilingData();
	123	+ exit;
	124	+}
	125	+
Property changes on: trunk/phase3/js2/mwEmbed/skins/ctrlBuilder.js
___________________________________________________________________
Name: svn:mergeinfo
116	126	- /branches/REL1_15/phase3/js2/mwEmbed/skins/ctrlBuilder.js:51646
Index: trunk/phase3/languages/messages/MessagesQqq.php
—	—	@@ -1523,18 +1523,6 @@
1524	1524
1525	1525	'upload-file-error' => '{{Identical\|Internal error}}',
1526	1526
1527		~~-# img_auth script messages~~
1528		~~-'img-auth-accessdenied' => '[[mw:Manual:Image Authorization\|Manual:Image Authorization]]: Access Denied',~~
1529		~~-'img-auth-nopathinfo' => '[[mw:Manual:Image Authorization\|Manual:Image Authorization]]: Missing PATH_INFO - see english description',~~
1530		~~-'img-auth-notindir' => '[[mw:Manual:Image Authorization\|Manual:Image Authorization]]: When the specified path is not in upload directory.',~~
1531		~~-'img-auth-badtitle' => '[[mw:Manual:Image Authorization\|Manual:Image Authorization]]: Bad title, $1 is the invalid title',~~
1532		~~-'img-auth-nologinnWL' => '[[mw:Manual:Image Authorization\|Manual:Image Authorization]]: Logged in and file not whitelisted. $1 is the file not in whitelist.',~~
1533		~~-'img-auth-nofile' => '[[mw:Manual:Image Authorization\|Manual:Image Authorization]]: Non existent file, $1 is the file that does not exist.',~~
1534		~~-'img-auth-isdir' => '[[mw:Manual:Image Authorization\|Manual:Image Authorization]]: Trying to access a directory instead of a file, $1 is the directory.',~~
1535		~~-'img-auth-streaming' => '[[mw:Manual:Image Authorization\|Manual:Image Authorization]]: Is now streaming file specified by $1.',~~
1536		-'img-auth-public' => '[[mw:Manual:Image Authorization\|Manual:Image Authorization]]: An error message when the admin has configured the wiki to be a public wiki, but is using img_auth script - normally this is a configuration error, except when special restriction extensions are used',
1537		~~-'img-auth-noread' => '[[mw:Manual:Image Authorization\|Manual:Image Authorization]]: User does not have access to read file, $1 is the file',~~
1538		-
1539	1527	'license' => 'This appears in the upload form for the license drop-down. The header in the file description page is now at {{msg-mw\|License-header}}.',
1540	1528	'nolicense' => '{{Identical\|None selected}}',
1541	1529	'license-nopreview' => 'Error message when a certain license does not exist',
Index: trunk/phase3/languages/messages/MessagesEn.php
—	—	@@ -2148,24 +2148,6 @@
2149	2149	'upload-unknown-size' => 'Unknown size',
2150	2150	'upload-http-error' => 'An HTTP error occured: $1',
2151	2151
2152		~~-# img_auth script messages~~
2153		~~-'img-auth-accessdenied' => 'Access denied',~~
2154		~~-'img-auth-nopathinfo' => 'Missing PATH_INFO.~~
2155		~~-Your server is not set up to pass this information.~~
2156		~~-It may be CGI-based and cannot support img_auth.~~
2157		~~-See http://www.mediawiki.org/wiki/Manual:Image_Authorization.',~~
2158		~~-'img-auth-notindir' => 'Requested path is not in the configured upload directory.',~~
2159		~~-'img-auth-badtitle' => 'Unable to construct a valid title from "$1".',~~
2160		~~-'img-auth-nologinnWL' => 'You are not logged in and "$1" is not in the whitelist.',~~
2161		~~-'img-auth-nofile' => 'File "$1" does not exist.',~~
2162		~~-'img-auth-isdir' => 'You are trying to access a directory "$1".~~
2163		~~-Only file access is allowed.',~~
2164		~~-'img-auth-streaming' => 'Streaming "$1".',~~
2165		~~-'img-auth-public' => 'The function of img_auth.php is to output files from a private wiki.~~
2166		~~-This wiki is configured as a public wiki.~~
2167		~~-For optimal security, img_auth.php is disabled.',~~
2168		~~-'img-auth-noread' => 'User does not have access to read "$1".',~~
2169		-
2170	2152	# Some likely curl errors. More could be added from <http://curl.haxx.se/libcurl/c/libcurl-errors.html>
2171	2153	'upload-curl-error6' => 'Could not reach URL',
2172	2154	'upload-curl-error6-text' => 'The URL provided could not be reached.

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r55800	bug 19646 Localization of img_auth.php - with enhancements...	jdpond	02:44, 4 September 2009

Comments

#Comment by Jpond (talk | contribs) 19:11, 8 September 2009

"call_user_func_array() all over the place"

This is only used once in the error and logging message function. It is used because the messages may have a variable number of replaceable arguments($1, $2 , . . .). This is documented in both the code and the hook: http://www.mediawiki.org/wiki/Manual:Hooks/ImgAuthBeforeStream

Was created to MINIMIZE requiring each message to localize individually for simplification and reduced future programmatic errors.

"there are bugs with escaping for log entries and such"

- huh? This has been thoroughly tested - where were these bugs found and how might I reproduce them?

rebuildLanguage.php

- Need more information

Status & tagging log

18:58, 8 September 2009 Brion VIBBER (talk | contribs) changed the status of r56051 [removed: new added: ok]