r65652 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r65651‎ \| r65652 \| r65653 >
Date:	10:32, 29 April 2010
Author:	daniel
Status:	resolved
Tags:
Comment:	allow img_auth.php to use path= in place of PATH_INFO, so it can be used in CGI mode. Use with RewriteRule ^/w/images/(.*)$ /w/img_auth.php?path=bell-style
Modified paths:	/trunk/phase3/img_auth.php (modified) (history)

Diff [purge]

Index: trunk/phase3/img_auth.php
—	—	@@ -38,11 +38,14 @@
39	39	}
40	40
41	41	// Extract path and image information
42		~~-if( !isset( $_SERVER['PATH_INFO'] ) )~~
43		~~- wfForbidden('img-auth-accessdenied','img-auth-nopathinfo');~~
	42	+if( !isset( $_SERVER['PATH_INFO'] ) ) {
	43	+ if( isset( $_GET['path'] ) ) $path = $_GET['path'];
	44	+ else wfForbidden('img-auth-accessdenied','img-auth-nopathinfo');
	45	+} else {
	46	+ $path = $_SERVER['PATH_INFO'];
	47	+}
44	48
45		~~-$path = $_SERVER['PATH_INFO'];~~
46		~~-$filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );~~
	49	+$filename = realpath( $wgUploadDirectory . '/' . $path );
47	50	$realUpload = realpath( $wgUploadDirectory );
48	51
49	52	// Basic directory traversal check

Revision	Commit summary	Author	Date
r78253	Follow-up r65652: Do not double-slash the path if it came from PATH_INFO	btongminh	15:50, 12 December 2010

13:46, 14 January 2011 Catrope (talk | contribs) changed the status of r65652 [removed: new added: resolved]