[MediaWiki-commits] [Gerrit] mediawiki/core[master]: thumb.php should use the ImgAuthBeforeStream hook

[MarkAHershberger (Code Review)]

MarkAHershberger has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/341135 )

Change subject: thumb.php should use the ImgAuthBeforeStream hook
......................................................................

thumb.php should use the ImgAuthBeforeStream hook

Otherwise, thumbnails are accessible when img_auth wouldn't allow
them.

Also, wfForbidden() should be in GlobalFunctions.php

Bug: T159611
Change-Id: I4a084fbd072dab0287fd18da24346872633e1a3e
---
M img_auth.php
M includes/GlobalFunctions.php
M thumb.php
3 files changed, 70 insertions(+), 42 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/35/341135/1

diff --git a/img_auth.php b/img_auth.php
index 2052809..aaff8ee 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -178,45 +178,3 @@
        wfDebugLog( 'img_auth', "Streaming `" . $filename . "`." );
        $repo->streamFile( $filename, $headers, $options );
 }
-
-/**
- * Issue a standard HTTP 403 Forbidden header ($msg1-a message index, not a 
message) and an
- * error message ($msg2, also a message index), (both required) then end the 
script
- * subsequent arguments to $msg2 will be passed as parameters only for 
replacing in $msg2
- * @param string $msg1
- * @param string $msg2
- */
-function wfForbidden( $msg1, $msg2 ) {
-       global $wgImgAuthDetails;
-
-       $args = func_get_args();
-       array_shift( $args );
-       array_shift( $args );
-       $args = ( isset( $args[0] ) && is_array( $args[0] ) ) ? $args[0] : 
$args;
-
-       $msgHdr = wfMessage( $msg1 )->escaped();
-       $detailMsgKey = $wgImgAuthDetails ? $msg2 : 'badaccess-group0';
-       $detailMsg = wfMessage( $detailMsgKey, $args )->escaped();
-
-       wfDebugLog( 'img_auth',
-               "wfForbidden Hdr: " . wfMessage( $msg1 )->inLanguage( 'en' 
)->text() . " Msg: " .
-                       wfMessage( $msg2, $args )->inLanguage( 'en' )->text()
-       );
-
-       HttpStatus::header( 403 );
-       header( 'Cache-Control: no-cache' );
-       header( 'Content-Type: text/html; charset=utf-8' );
-       echo <<<ENDS
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="UTF-8" />
-<title>$msgHdr</title>
-</head>
-<body>
-<h1>$msgHdr</h1>
-<p>$detailMsg</p>
-</body>
-</html>
-ENDS;
-}
diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 3747c23..add1306 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -3708,3 +3708,45 @@
 
        return $baseArray;
 }
+
+/**
+ * Issue a standard HTTP 403 Forbidden header ($msg1-a message index, not a 
message) and an
+ * error message ($msg2, also a message index), (both required) then end the 
script
+ * subsequent arguments to $msg2 will be passed as parameters only for 
replacing in $msg2
+ * @param string $msg1
+ * @param string $msg2
+ */
+function wfForbidden( $msg1, $msg2 ) {
+       global $wgImgAuthDetails;
+
+       $args = func_get_args();
+       array_shift( $args );
+       array_shift( $args );
+       $args = ( isset( $args[0] ) && is_array( $args[0] ) ) ? $args[0] : 
$args;
+
+       $msgHdr = wfMessage( $msg1 )->escaped();
+       $detailMsgKey = $wgImgAuthDetails ? $msg2 : 'badaccess-group0';
+       $detailMsg = wfMessage( $detailMsgKey, $args )->escaped();
+
+       wfDebugLog( 'img_auth',
+               "wfForbidden Hdr: " . wfMessage( $msg1 )->inLanguage( 'en' 
)->text() . " Msg: " .
+                       wfMessage( $msg2, $args )->inLanguage( 'en' )->text()
+       );
+
+       HttpStatus::header( 403 );
+       header( 'Cache-Control: no-cache' );
+       header( 'Content-Type: text/html; charset=utf-8' );
+       echo <<<ENDS
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="UTF-8" />
+<title>$msgHdr</title>
+</head>
+<body>
+<h1>$msgHdr</h1>
+<p>$detailMsg</p>
+</body>
+</html>
+ENDS;
+}
diff --git a/thumb.php b/thumb.php
index de201b9..7b529e3 100644
--- a/thumb.php
+++ b/thumb.php
@@ -92,6 +92,34 @@
        global $wgVaryOnXFP;
 
        $headers = []; // HTTP headers to send
+       $publicWiki = in_array( 'read', User::getGroupPermissions( [ '*' ] ), 
true );
+       if ( !$publicWiki ) {
+               // For private wikis, run extra auth checks and set cache 
control headers
+               $headers[] = 'Cache-Control: private';
+               $headers[] = 'Vary: Cookie';
+
+               $name = $params['f'];
+               $title = Title::makeTitleSafe( NS_FILE, $name );
+               if ( !$title instanceof Title ) { // files have valid titles
+                       wfForbidden( 'img-auth-accessdenied', 
'img-auth-badtitle', $name );
+                       return;
+               }
+
+               // Run hook for extension authorization plugins
+               /** @var $result array */
+               $result = null;
+               if ( !Hooks::run( 'ImgAuthBeforeStream', array( &$title, 
&$path, &$name, &$result ) ) ) {
+                       wfForbidden( $result[0], $result[1], array_slice( 
$result, 2 ) );
+                       return;
+               }
+
+               // Check user authorization for this title
+               // Checks Whitelist too
+               if ( !$title->userCan( 'read' ) ) {
+                       wfForbidden( 'img-auth-accessdenied', 
'img-auth-noread', $name );
+                       return;
+               }
+       }
 
        $fileName = isset( $params['f'] ) ? $params['f'] : '';
 

-- 
To view, visit https://gerrit.wikimedia.org/r/341135
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I4a084fbd072dab0287fd18da24346872633e1a3e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: MarkAHershberger <m...@nichework.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits