function showImage()
{
global $wgOut;
$wgOut->disable();
$info = $this->retrieveCaptcha();
if ($info) {
/*
// Be a little less restrictive for now; in at least some circumstances,
// Konqueror tries to reload the image even if you haven't navigated
// away from the page.
if( $info['viewed'] ) {
wfHttpError( 403, 'Access Forbidden', "Can't view captcha image a second time." );
return false;
}
*/
$info['viewed'] = wfTimestamp();
$this->storeCaptcha($info);
$salt = $info['salt'];
$hash = $info['hash'];
$file = $this->imagePath($salt, $hash);
if (file_exists($file)) {
global $IP;
require_once "{$IP}/includes/StreamFile.php";
header("Cache-Control: private, s-maxage=0, max-age=3600");
wfStreamFile($file);
return true;
}
}
wfHttpError(500, 'Internal Error', 'Requested bogus captcha image');
return false;
}
}
// OK, no valid thumbnail, time to get out the heavy machinery
wfProfileOut('thumb.php-start');
require_once 'Setup.php';
wfProfileIn('thumb.php-render');
$img = Image::newFromName($fileName);
try {
if ($img) {
if (!is_null($page)) {
$img->selectPage($page);
}
$thumb = $img->renderThumb($width, false);
} else {
$thumb = false;
}
} catch (Exception $ex) {
// Tried to select a page on a non-paged file?
$thumb = false;
}
if ($thumb && $thumb->path) {
wfStreamFile($thumb->path);
} else {
$badtitle = wfMsg('badtitle');
$badtitletext = wfMsg('badtitletext');
header('Cache-Control: no-cache');
header('Content-Type: text/html; charset=utf-8');
echo "<html><head>\n\t<title>{$badtitle}</title>\n\t<body>\n<h1>{$badtitle}</h1>\n<p>{$badtitletext}</p>\n</body></html>\n";
}
wfProfileOut('thumb.php-render');
wfProfileOut('thumb.php');
wfLogProfilingData();
// Check the whitelist if needed
if (!$wgUser->getId() && (!is_array($wgWhitelistRead) || !in_array($title, $wgWhitelistRead))) {
wfDebugLog('img_auth', "Not logged in and `{$title}` not in whitelist.");
wfForbidden();
}
if (!file_exists($filename)) {
wfDebugLog('img_auth', "`{$filename}` does not exist");
wfForbidden();
}
if (is_dir($filename)) {
wfDebugLog('img_auth', "`{$filename}` is a directory");
wfForbidden();
}
// Stream the requested file
wfDebugLog('img_auth', "Streaming `{$filename}`");
wfStreamFile($filename, array('Cache-Control: private', 'Vary: Cookie'));
wfLogProfilingData();
/**
* Issue a standard HTTP 403 Forbidden header and a basic
* error message, then end the script
*/
function wfForbidden()
{
header('HTTP/1.0 403 Forbidden');
header('Vary: Cookie');
header('Content-Type: text/html; charset=utf-8');
echo <<<ENDS
<html>
<body>
<h1>Access Denied</h1>
<p>You need to log in to access files on this server.</p>
/**
* Stream a contained file directly to HTTP output.
* Will throw a 404 if file is missing; 400 if invalid key.
* @return true on success, false on failure
*/
function stream($key)
{
$path = $this->filePath($key);
if ($path === false) {
wfHttpError(400, "Bad request", "Invalid or badly-formed filename.");
return false;
}
if (file_exists($path)) {
// Set the filename for more convenient save behavior from browsers
// FIXME: Is this safe?
header('Content-Disposition: inline; filename="' . $key . '"');
require_once 'StreamFile.php';
wfStreamFile($path);
} else {
return wfHttpError(404, "Not found", "The requested resource does not exist.");
}
}
function showImage()
{
global $wgOut;
/* Wikia change start */
$error = null;
/* Wikia change end */
$wgOut->disable();
$info = $this->retrieveCaptcha();
if ($info) {
/*
// Be a little less restrictive for now; in at least some circumstances,
// Konqueror tries to reload the image even if you haven't navigated
// away from the page.
if( $info['viewed'] ) {
wfHttpError( 403, 'Access Forbidden', "Can't view captcha image a second time." );
return false;
}
*/
$info['viewed'] = wfTimestamp();
$this->storeCaptcha($info);
$salt = $info['salt'];
$hash = $info['hash'];
$file = $this->imagePath($salt, $hash);
if (file_exists($file)) {
global $IP;
require_once "{$IP}/includes/StreamFile.php";
header("Cache-Control: private, s-maxage=0, max-age=3600");
wfStreamFile($file);
return true;
} else {
$error = 'File ' . $file . ' does not exist';
}
/* Wikia change end*/
} else {
$error = 'Info is empty';
}
wfHttpError(404, '404 not found', 'Requested non-existing captcha image');
Wikia::log(__METHOD__, '', 'Captcha returned 404: ' . $error);
/* Wikia change end */
return false;
}
function wfThumbMain()
{
wfProfileIn(__METHOD__);
$headers = array();
// Get input parameters
if (get_magic_quotes_gpc()) {
$params = array_map('stripslashes', $_REQUEST);
} else {
$params = $_REQUEST;
}
$fileName = isset($params['f']) ? $params['f'] : '';
unset($params['f']);
// Backwards compatibility parameters
if (isset($params['w'])) {
$params['width'] = $params['w'];
unset($params['w']);
}
if (isset($params['p'])) {
$params['page'] = $params['p'];
}
unset($params['r']);
// ignore 'r' because we unconditionally pass File::RENDER
// Is this a thumb of an archived file?
$isOld = isset($params['archived']) && $params['archived'];
unset($params['archived']);
// Some basic input validation
$fileName = strtr($fileName, '\\/', '__');
// Actually fetch the image. Method depends on whether it is archived or not.
if ($isOld) {
// Format is <timestamp>!<name>
$bits = explode('!', $fileName, 2);
if (!isset($bits[1])) {
wfThumbError(404, wfMsg('badtitletext'));
wfProfileOut(__METHOD__);
return;
}
$title = Title::makeTitleSafe(NS_FILE, $bits[1]);
if (is_null($title)) {
wfThumbError(404, wfMsg('badtitletext'));
wfProfileOut(__METHOD__);
return;
}
$img = RepoGroup::singleton()->getLocalRepo()->newFromArchiveName($title, $fileName);
} else {
$img = wfLocalFile($fileName);
}
// Check permissions if there are read restrictions
if (!in_array('read', User::getGroupPermissions(array('*')), true)) {
if (!$img->getTitle()->userCanRead()) {
wfThumbError(403, 'Access denied. You do not have permission to access ' . 'the source file.');
wfProfileOut(__METHOD__);
return;
}
$headers[] = 'Cache-Control: private';
$headers[] = 'Vary: Cookie';
}
if (!$img) {
wfThumbError(404, wfMsg('badtitletext'));
wfProfileOut(__METHOD__);
return;
}
if (!$img->exists()) {
wfThumbError(404, 'The source file for the specified thumbnail does not exist.');
wfProfileOut(__METHOD__);
return;
}
$sourcePath = $img->getPath();
if ($sourcePath === false) {
wfThumbError(500, 'The source file is not locally accessible.');
wfProfileOut(__METHOD__);
return;
}
// Check IMS against the source file
// This means that clients can keep a cached copy even after it has been deleted on the server
if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
// Fix IE brokenness
$imsString = preg_replace('/;.*$/', '', $_SERVER["HTTP_IF_MODIFIED_SINCE"]);
// Calculate time
wfSuppressWarnings();
$imsUnix = strtotime($imsString);
$stat = stat($sourcePath);
wfRestoreWarnings();
if ($stat['mtime'] <= $imsUnix) {
header('HTTP/1.1 304 Not Modified');
wfProfileOut(__METHOD__);
return;
}
}
// Stream the file if it exists already
try {
if (false != ($thumbName = $img->thumbName($params))) {
$thumbPath = $img->getThumbPath($thumbName);
if (is_file($thumbPath)) {
wfStreamFile($thumbPath, $headers);
wfProfileOut(__METHOD__);
return;
}
}
} catch (MWException $e) {
wfThumbError(500, $e->getHTML());
wfProfileOut(__METHOD__);
return;
}
try {
$thumb = $img->transform($params, File::RENDER_NOW);
} catch (Exception $ex) {
// Tried to select a page on a non-paged file?
$thumb = false;
}
$errorMsg = false;
if (!$thumb) {
$errorMsg = wfMsgHtml('thumbnail_error', 'File::transform() returned false');
} elseif ($thumb->isError()) {
$errorMsg = $thumb->getHtmlMsg();
} elseif (!$thumb->getPath()) {
$errorMsg = wfMsgHtml('thumbnail_error', 'No path supplied in thumbnail object');
} elseif ($thumb->getPath() == $img->getPath()) {
$errorMsg = wfMsgHtml('thumbnail_error', 'Image was not scaled, ' . 'is the requested width bigger than the source?');
} else {
wfStreamFile($thumb->getPath(), $headers);
}
if ($errorMsg !== false) {
wfThumbError(500, $errorMsg);
}
wfProfileOut(__METHOD__);
}
/**
* Show a deleted file version requested by the visitor.
*/
private function showFile($key)
{
$this->getOutput()->disable();
# We mustn't allow the output to be Squid cached, otherwise
# if an admin previews a deleted image, and it's cached, then
# a user without appropriate permissions can toddle off and
# nab the image, and Squid will serve it
$response = $this->getRequest()->response();
$response->header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
$response->header('Cache-Control: no-cache, no-store, max-age=0, must-revalidate');
$response->header('Pragma: no-cache');
global $IP;
require_once "{$IP}/includes/StreamFile.php";
$repo = RepoGroup::singleton()->getLocalRepo();
$path = $repo->getZonePath('deleted') . '/' . $repo->getDeletedHashPath($key) . $key;
wfStreamFile($path);
}
// Run hook
if (!wfRunHooks('ImgAuthBeforeStream', array(&$title, &$path, &$name, &$result))) {
wfForbidden($result[0], $result[1], array_slice($result, 2));
}
// Check user authorization for this title
// UserCanRead Checks Whitelist too
if (!$title->userCanRead()) {
wfForbidden('img-auth-accessdenied', 'img-auth-noread', $name);
}
// Stream the requested file
wfDebugLog('img_auth', "Streaming `" . $filename . "`.");
# PATCH
if (!isset($wgImgAuthMaxAge)) {
$wgImgAuthMaxAge = 0;
}
wfStreamFile($filename, array("Cache-Control:max-age={$wgImgAuthMaxAge}", 'Vary: Cookie'));
# /PATCH
// This was added by Yann Missler for Seizam
wfRunHooks('ImgAuthFullyStreamedFile', array(&$title, $filename));
/*
$wikiplaces_img_auth_file_mod = dirname( __FILE__ ) .'/extensions/Wikiplaces/Wikiplaces.img_auth.php';
if ( file_exists($wikiplaces_img_auth_file_mod) ) { // ensure to not break img_auth if wikiplaces not available
require_once ( $wikiplaces_img_auth_file_mod );
WikiplacesImgAuth::onImgAuthFullyStreamedFile($filename);
}*/
wfLogProfilingData();
/**
* Issue a standard HTTP 403 Forbidden header ($msg1-a message index, not a message) and an
* error message ($msg2, also a message index), (both required) then end the script
* subsequent arguments to $msg2 will be passed as parameters only for replacing in $msg2
*/
/**
* Show a deleted file version requested by the visitor.
* TODO Mostly copied from Special:Undelete. Refactor.
*/
protected function tryShowFile($archiveName)
{
global $wgOut, $wgRequest, $wgUser, $wgLang;
$repo = RepoGroup::singleton()->getLocalRepo();
$oimage = $repo->newFromArchiveName($this->targetObj, $archiveName);
$oimage->load();
// Check if user is allowed to see this file
if (!$oimage->exists()) {
$wgOut->addWikiMsg('revdelete-no-file');
return;
}
if (!$oimage->userCan(File::DELETED_FILE)) {
if ($oimage->isDeleted(File::DELETED_RESTRICTED)) {
$wgOut->permissionRequired('suppressrevision');
} else {
$wgOut->permissionRequired('deletedtext');
}
return;
}
if (!$wgUser->matchEditToken($this->token, $archiveName)) {
$wgOut->addWikiMsg('revdelete-show-file-confirm', $this->targetObj->getText(), $wgLang->date($oimage->getTimestamp()), $wgLang->time($oimage->getTimestamp()));
$wgOut->addHTML(Xml::openElement('form', array('method' => 'POST', 'action' => $this->getTitle()->getLocalUrl('target=' . urlencode($oimage->getName()) . '&file=' . urlencode($archiveName) . '&token=' . urlencode($wgUser->editToken($archiveName))))) . Xml::submitButton(wfMsg('revdelete-show-file-submit')) . '</form>');
return;
}
$wgOut->disable();
# We mustn't allow the output to be Squid cached, otherwise
# if an admin previews a deleted image, and it's cached, then
# a user without appropriate permissions can toddle off and
# nab the image, and Squid will serve it
$wgRequest->response()->header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
$wgRequest->response()->header('Cache-Control: no-cache, no-store, max-age=0, must-revalidate');
$wgRequest->response()->header('Pragma: no-cache');
# Stream the file to the client
global $IP;
require_once "{$IP}/includes/StreamFile.php";
$key = $oimage->getStorageKey();
$path = $repo->getZonePath('deleted') . '/' . $repo->getDeletedHashPath($key) . $key;
wfStreamFile($path);
}
require_once './LocalSettings.php';
require_once 'includes/Setup.php';
require_once 'includes/StreamFile.php';
if (!isset($_SERVER['PATH_INFO'])) {
wfForbidden();
}
# Get filenames/directories
$filename = realpath($wgUploadDirectory . $_SERVER['PATH_INFO']);
$realUploadDirectory = realpath($wgUploadDirectory);
$imageName = $wgLang->getNsText(NS_IMAGE) . ":" . basename($_SERVER['PATH_INFO']);
# Check if the filename is in the correct directory
if (substr($filename, 0, strlen($realUploadDirectory)) != $realUploadDirectory) {
wfForbidden();
}
if (is_array($wgWhitelistRead) && !in_array($imageName, $wgWhitelistRead) && !$wgUser->getID()) {
wfForbidden();
}
if (!file_exists($filename)) {
wfForbidden();
}
if (is_dir($filename)) {
wfForbidden();
}
# Write file
wfStreamFile($filename);
function wfForbidden()
{
header('HTTP/1.0 403 Forbidden');
print "<html><body>\n<h1>Access denied</h1>\n<p>You need to log in to access files on this server</p>\n</body></html>";
exit;
}
function wfThumbMain()
{
wfProfileIn(__METHOD__);
// Get input parameters
if (get_magic_quotes_gpc()) {
$params = array_map('stripslashes', $_REQUEST);
} else {
$params = $_REQUEST;
}
$fileName = isset($params['f']) ? $params['f'] : '';
unset($params['f']);
// Backwards compatibility parameters
if (isset($params['w'])) {
$params['width'] = $params['w'];
unset($params['w']);
}
if (isset($params['p'])) {
$params['page'] = $params['p'];
}
unset($params['r']);
// Some basic input validation
$fileName = strtr($fileName, '\\/', '__');
$img = wfLocalFile($fileName);
if (!$img) {
wfThumbError(404, wfMsg('badtitletext'));
return;
}
if (!$img->exists()) {
wfThumbError(404, 'The source file for the specified thumbnail does not exist.');
return;
}
$sourcePath = $img->getPath();
if ($sourcePath === false) {
wfThumbError(500, 'The source file is not locally accessible.');
return;
}
// Check IMS against the source file
// This means that clients can keep a cached copy even after it has been deleted on the server
if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
// Fix IE brokenness
$imsString = preg_replace('/;.*$/', '', $_SERVER["HTTP_IF_MODIFIED_SINCE"]);
// Calculate time
wfSuppressWarnings();
$imsUnix = strtotime($imsString);
wfRestoreWarnings();
$stat = @stat($sourcePath);
if ($stat['mtime'] <= $imsUnix) {
header('HTTP/1.1 304 Not Modified');
return;
}
}
// Stream the file if it exists already
try {
if (false != ($thumbName = $img->thumbName($params))) {
$thumbPath = $img->getThumbPath($thumbName);
if (is_file($thumbPath)) {
wfStreamFile($thumbPath);
return;
}
}
} catch (MWException $e) {
wfThumbError(500, $e->getHTML());
return;
}
try {
$thumb = $img->transform($params, File::RENDER_NOW);
} catch (Exception $ex) {
// Tried to select a page on a non-paged file?
$thumb = false;
}
$errorMsg = false;
if (!$thumb) {
$errorMsg = wfMsgHtml('thumbnail_error', 'File::transform() returned false');
} elseif ($thumb->isError()) {
$errorMsg = $thumb->getHtmlMsg();
} elseif (!$thumb->getPath()) {
$errorMsg = wfMsgHtml('thumbnail_error', 'No path supplied in thumbnail object');
} elseif ($thumb->getPath() == $img->getPath()) {
$errorMsg = wfMsgHtml('thumbnail_error', 'Image was not scaled, ' . 'is the requested width bigger than the source?');
} else {
wfStreamFile($thumb->getPath());
}
if ($errorMsg !== false) {
wfThumbError(500, $errorMsg);
}
wfProfileOut(__METHOD__);
}
