r78253 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r78252‎ \| r78253 \| r78254 >
Date:	15:50, 12 December 2010
Author:	btongminh
Status:	ok
Tags:
Comment:	Follow-up r65652: Do not double-slash the path if it came from PATH_INFO
Modified paths:	/trunk/phase3/img_auth.php (modified) (history)

Diff [purge]

Index: trunk/phase3/img_auth.php
—	—	@@ -43,11 +43,12 @@
44	44	if( !$path ) {
45	45	wfForbidden( 'img-auth-accessdenied', 'img-auth-nopathinfo' );
46	46	}
	47	+ $path = "/$path";
47	48	} else {
48	49	$path = $_SERVER['PATH_INFO'];
49	50	}
50	51
51		~~-$filename = realpath( $wgUploadDirectory . '/' . $path );~~
	52	+$filename = realpath( $wgUploadDirectory . $path );
52	53	$realUpload = realpath( $wgUploadDirectory );
53	54
54	55	// Basic directory traversal check

Follow-up revisions

Revision	Commit summary	Author	Date
r80526	1.17: MFT r78232, r78253, r79722, r79732, r79785, r79817, r79864, r79891, r79...	catrope	22:19, 18 January 2011

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r65652	allow img_auth.php to use path= in place of PATH_INFO, so it can be used in C...	daniel	10:32, 29 April 2010

Status & tagging log

22:19, 18 January 2011 Catrope (talk | contribs) changed the tags for r78253 [removed: 1.17]
13:45, 14 January 2011 Catrope (talk | contribs) changed the status of r78253 [removed: new added: ok]
00:54, 14 January 2011 Reedy (talk | contribs) changed the tags for r78253 [added: 1.17]