Index: trunk/phase3/includes/WebRequest.php |
— | — | @@ -55,6 +55,60 @@ |
56 | 56 | $this->data = $_POST + $_GET; |
57 | 57 | } |
58 | 58 | |
| 59 | + static public function getPathInfo( $want = 'all' ) { |
| 60 | + if ( !empty( $_SERVER['REQUEST_URI'] ) ) { |
| 61 | + // Slurp out the path portion to examine... |
| 62 | + $url = $_SERVER['REQUEST_URI']; |
| 63 | + if ( !preg_match( '!^https?://!', $url ) ) { |
| 64 | + $url = 'http://unused' . $url; |
| 65 | + } |
| 66 | + $a = parse_url( $url ); |
| 67 | + if( $a ) { |
| 68 | + $path = isset( $a['path'] ) ? $a['path'] : ''; |
| 69 | + |
| 70 | + global $wgScript; |
| 71 | + if( $path == $wgScript && $want !== 'all' ) { |
| 72 | + // Script inside a rewrite path? |
| 73 | + // Abort to keep from breaking... |
| 74 | + return; |
| 75 | + } |
| 76 | + // Raw PATH_INFO style |
| 77 | + $matches = self::extractTitle( $path, "$wgScript/$1" ); |
| 78 | + |
| 79 | + global $wgArticlePath; |
| 80 | + if( !$matches && $wgArticlePath ) { |
| 81 | + $matches = self::extractTitle( $path, $wgArticlePath ); |
| 82 | + } |
| 83 | + |
| 84 | + global $wgActionPaths; |
| 85 | + if( !$matches && $wgActionPaths ) { |
| 86 | + $matches = self::extractTitle( $path, $wgActionPaths, 'action' ); |
| 87 | + } |
| 88 | + |
| 89 | + global $wgVariantArticlePath, $wgContLang; |
| 90 | + if( !$matches && $wgVariantArticlePath ) { |
| 91 | + $variantPaths = array(); |
| 92 | + foreach( $wgContLang->getVariants() as $variant ) { |
| 93 | + $variantPaths[$variant] = |
| 94 | + str_replace( '$2', $variant, $wgVariantArticlePath ); |
| 95 | + } |
| 96 | + $matches = self::extractTitle( $path, $variantPaths, 'variant' ); |
| 97 | + } |
| 98 | + } |
| 99 | + } elseif ( isset( $_SERVER['ORIG_PATH_INFO'] ) && $_SERVER['ORIG_PATH_INFO'] != '' ) { |
| 100 | + // Mangled PATH_INFO |
| 101 | + // http://bugs.php.net/bug.php?id=31892 |
| 102 | + // Also reported when ini_get('cgi.fix_pathinfo')==false |
| 103 | + $matches['title'] = substr( $_SERVER['ORIG_PATH_INFO'], 1 ); |
| 104 | + |
| 105 | + } elseif ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != '') ) { |
| 106 | + // Regular old PATH_INFO yay |
| 107 | + $matches['title'] = substr( $_SERVER['PATH_INFO'], 1 ); |
| 108 | + } |
| 109 | + |
| 110 | + return $matches; |
| 111 | + } |
| 112 | + |
59 | 113 | /** |
60 | 114 | * Check for title, action, and/or variant data in the URL |
61 | 115 | * and interpolate it into the GET variables. |
— | — | @@ -70,64 +124,9 @@ |
71 | 125 | return; |
72 | 126 | } |
73 | 127 | |
74 | | - if ( $wgUsePathInfo ) { |
75 | | - // PATH_INFO is mangled due to http://bugs.php.net/bug.php?id=31892 |
76 | | - // And also by Apache 2.x, double slashes are converted to single slashes. |
77 | | - // So we will use REQUEST_URI if possible. |
78 | | - $matches = array(); |
79 | | - |
80 | | - if ( !empty( $_SERVER['REQUEST_URI'] ) ) { |
81 | | - // Slurp out the path portion to examine... |
82 | | - $url = $_SERVER['REQUEST_URI']; |
83 | | - if ( !preg_match( '!^https?://!', $url ) ) { |
84 | | - $url = 'http://unused' . $url; |
85 | | - } |
86 | | - $a = parse_url( $url ); |
87 | | - if( $a ) { |
88 | | - $path = isset( $a['path'] ) ? $a['path'] : ''; |
89 | | - |
90 | | - global $wgScript; |
91 | | - if( $path == $wgScript ) { |
92 | | - // Script inside a rewrite path? |
93 | | - // Abort to keep from breaking... |
94 | | - return; |
95 | | - } |
96 | | - // Raw PATH_INFO style |
97 | | - $matches = $this->extractTitle( $path, "$wgScript/$1" ); |
98 | | - |
99 | | - global $wgArticlePath; |
100 | | - if( !$matches && $wgArticlePath ) { |
101 | | - $matches = $this->extractTitle( $path, $wgArticlePath ); |
102 | | - } |
103 | | - |
104 | | - global $wgActionPaths; |
105 | | - if( !$matches && $wgActionPaths ) { |
106 | | - $matches = $this->extractTitle( $path, $wgActionPaths, 'action' ); |
107 | | - } |
108 | | - |
109 | | - global $wgVariantArticlePath, $wgContLang; |
110 | | - if( !$matches && $wgVariantArticlePath ) { |
111 | | - $variantPaths = array(); |
112 | | - foreach( $wgContLang->getVariants() as $variant ) { |
113 | | - $variantPaths[$variant] = |
114 | | - str_replace( '$2', $variant, $wgVariantArticlePath ); |
115 | | - } |
116 | | - $matches = $this->extractTitle( $path, $variantPaths, 'variant' ); |
117 | | - } |
118 | | - } |
119 | | - } elseif ( isset( $_SERVER['ORIG_PATH_INFO'] ) && $_SERVER['ORIG_PATH_INFO'] != '' ) { |
120 | | - // Mangled PATH_INFO |
121 | | - // http://bugs.php.net/bug.php?id=31892 |
122 | | - // Also reported when ini_get('cgi.fix_pathinfo')==false |
123 | | - $matches['title'] = substr( $_SERVER['ORIG_PATH_INFO'], 1 ); |
124 | | - |
125 | | - } elseif ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != '') ) { |
126 | | - // Regular old PATH_INFO yay |
127 | | - $matches['title'] = substr( $_SERVER['PATH_INFO'], 1 ); |
128 | | - } |
129 | | - foreach( $matches as $key => $val) { |
130 | | - $this->data[$key] = $_GET[$key] = $_REQUEST[$key] = $val; |
131 | | - } |
| 128 | + $matches = self::getPathInfo( 'title' ); |
| 129 | + foreach( $matches as $key => $val) { |
| 130 | + $this->data[$key] = $_GET[$key] = $_REQUEST[$key] = $val; |
132 | 131 | } |
133 | 132 | } |
134 | 133 | |
— | — | @@ -141,7 +140,7 @@ |
142 | 141 | * passed on as the value of this URL parameter |
143 | 142 | * @return array of URL variables to interpolate; empty if no match |
144 | 143 | */ |
145 | | - private function extractTitle( $path, $bases, $key=false ) { |
| 144 | + private static function extractTitle( $path, $bases, $key=false ) { |
146 | 145 | foreach( (array)$bases as $keyValue => $base ) { |
147 | 146 | // Find the part after $wgArticlePath |
148 | 147 | $base = str_replace( '$1', '', $base ); |
Index: trunk/phase3/img_auth.php |
— | — | @@ -30,6 +30,7 @@ |
31 | 31 | wfProfileIn( 'img_auth.php' ); |
32 | 32 | require_once( dirname( __FILE__ ) . '/includes/StreamFile.php' ); |
33 | 33 | |
| 34 | +$wgActionPaths[] = $_SERVER['SCRIPT_NAME']; |
34 | 35 | // See if this is a public Wiki (no protections) |
35 | 36 | if ( $wgImgAuthPublicTest |
36 | 37 | && in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) |
— | — | @@ -37,17 +38,8 @@ |
38 | 39 | wfForbidden('img-auth-accessdenied','img-auth-public'); |
39 | 40 | } |
40 | 41 | |
41 | | -// Extract path and image information |
42 | | -if( !isset( $_SERVER['PATH_INFO'] ) ) { |
43 | | - $path = $wgRequest->getText( 'path' ); |
44 | | - if( !$path ) { |
45 | | - wfForbidden( 'img-auth-accessdenied', 'img-auth-nopathinfo' ); |
46 | | - } |
47 | | - $path = "/$path"; |
48 | | -} else { |
49 | | - $path = $_SERVER['PATH_INFO']; |
50 | | -} |
51 | | - |
| 42 | +$matches = WebRequest::getPathInfo(); |
| 43 | +$path = $matches['title']; |
52 | 44 | $filename = realpath( $wgUploadDirectory . $path ); |
53 | 45 | $realUpload = realpath( $wgUploadDirectory ); |
54 | 46 | |