Index: branches/REL1_16/phase3/thumb.php |
— | — | @@ -20,6 +20,9 @@ |
21 | 21 | |
22 | 22 | function wfThumbMain() { |
23 | 23 | wfProfileIn( __METHOD__ ); |
| 24 | + |
| 25 | + $headers = array(); |
| 26 | + |
24 | 27 | // Get input parameters |
25 | 28 | if ( get_magic_quotes_gpc() ) { |
26 | 29 | $params = array_map( 'stripslashes', $_REQUEST ); |
— | — | @@ -65,6 +68,17 @@ |
66 | 69 | $img = wfLocalFile( $fileName ); |
67 | 70 | } |
68 | 71 | |
| 72 | + // Check permissions if there are read restrictions |
| 73 | + if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) { |
| 74 | + if ( !$img->getTitle()->userCanRead() ) { |
| 75 | + wfThumbError( 403, 'Access denied. You do not have permission to access ' . |
| 76 | + 'the source file.' ); |
| 77 | + return; |
| 78 | + } |
| 79 | + $headers[] = 'Cache-Control: private'; |
| 80 | + $headers[] = 'Vary: Cookie'; |
| 81 | + } |
| 82 | + |
69 | 83 | if ( !$img ) { |
70 | 84 | wfThumbError( 404, wfMsg( 'badtitletext' ) ); |
71 | 85 | return; |
— | — | @@ -101,7 +115,7 @@ |
102 | 116 | $thumbPath = $img->getThumbPath( $thumbName ); |
103 | 117 | |
104 | 118 | if ( is_file( $thumbPath ) ) { |
105 | | - wfStreamFile( $thumbPath ); |
| 119 | + wfStreamFile( $thumbPath, $headers ); |
106 | 120 | return; |
107 | 121 | } |
108 | 122 | } |
— | — | @@ -128,7 +142,7 @@ |
129 | 143 | $errorMsg = wfMsgHtml( 'thumbnail_error', 'Image was not scaled, ' . |
130 | 144 | 'is the requested width bigger than the source?' ); |
131 | 145 | } else { |
132 | | - wfStreamFile( $thumb->getPath() ); |
| 146 | + wfStreamFile( $thumb->getPath(), $headers ); |
133 | 147 | } |
134 | 148 | if ( $errorMsg !== false ) { |
135 | 149 | wfThumbError( 500, $errorMsg ); |
— | — | @@ -143,6 +157,9 @@ |
144 | 158 | header( 'Content-Type: text/html; charset=utf-8' ); |
145 | 159 | if ( $status == 404 ) { |
146 | 160 | header( 'HTTP/1.1 404 Not found' ); |
| 161 | + } elseif ( $status == 403 ) { |
| 162 | + header( 'HTTP/1.1 403 Forbidden' ); |
| 163 | + header( 'Vary: Cookie' ); |
147 | 164 | } else { |
148 | 165 | header( 'HTTP/1.1 500 Internal server error' ); |
149 | 166 | } |