r63435 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r63434‎ | r63435 | r63436 >
Date:22:43, 8 March 2010
Author:tstarling
Status:ok
Tags:
Comment:
MFT r63431: Fix data leakage from thumb.php for wikis where access to images is restricted (e.g. using img_auth.php).
Modified paths:
  • /branches/REL1_16/phase3/thumb.php (modified) (history)

Diff [purge]

Index: branches/REL1_16/phase3/thumb.php
@@ -20,6 +20,9 @@
2121
2222 function wfThumbMain() {
2323 wfProfileIn( __METHOD__ );
 24+
 25+ $headers = array();
 26+
2427 // Get input parameters
2528 if ( get_magic_quotes_gpc() ) {
2629 $params = array_map( 'stripslashes', $_REQUEST );
@@ -65,6 +68,17 @@
6669 $img = wfLocalFile( $fileName );
6770 }
6871
 72+ // Check permissions if there are read restrictions
 73+ if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) {
 74+ if ( !$img->getTitle()->userCanRead() ) {
 75+ wfThumbError( 403, 'Access denied. You do not have permission to access ' .
 76+ 'the source file.' );
 77+ return;
 78+ }
 79+ $headers[] = 'Cache-Control: private';
 80+ $headers[] = 'Vary: Cookie';
 81+ }
 82+
6983 if ( !$img ) {
7084 wfThumbError( 404, wfMsg( 'badtitletext' ) );
7185 return;
@@ -101,7 +115,7 @@
102116 $thumbPath = $img->getThumbPath( $thumbName );
103117
104118 if ( is_file( $thumbPath ) ) {
105 - wfStreamFile( $thumbPath );
 119+ wfStreamFile( $thumbPath, $headers );
106120 return;
107121 }
108122 }
@@ -128,7 +142,7 @@
129143 $errorMsg = wfMsgHtml( 'thumbnail_error', 'Image was not scaled, ' .
130144 'is the requested width bigger than the source?' );
131145 } else {
132 - wfStreamFile( $thumb->getPath() );
 146+ wfStreamFile( $thumb->getPath(), $headers );
133147 }
134148 if ( $errorMsg !== false ) {
135149 wfThumbError( 500, $errorMsg );
@@ -143,6 +157,9 @@
144158 header( 'Content-Type: text/html; charset=utf-8' );
145159 if ( $status == 404 ) {
146160 header( 'HTTP/1.1 404 Not found' );
 161+ } elseif ( $status == 403 ) {
 162+ header( 'HTTP/1.1 403 Forbidden' );
 163+ header( 'Vary: Cookie' );
147164 } else {
148165 header( 'HTTP/1.1 500 Internal server error' );
149166 }

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r63431Fix data leakage from thumb.php for wikis where access to images is restricte...tstarling22:39, 8 March 2010

Status & tagging log