/**
* Show a private file requested by the visitor.
* @param $key string
*/
protected function showFile($key)
{
global $wgConfirmAccountFSRepos;
$out = $this->getOutput();
$request = $this->getRequest();
$out->disable();
# We mustn't allow the output to be Squid cached, otherwise
# if an admin previews a private image, and it's cached, then
# a user without appropriate permissions can toddle off and
# nab the image, and Squid will serve it
$request->response()->header('Expires: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
$request->response()->header('Cache-Control: no-cache, no-store, max-age=0, must-revalidate');
$request->response()->header('Pragma: no-cache');
$repo = new FSRepo($wgConfirmAccountFSRepos['accountreqs']);
$path = $repo->getZonePath('public') . '/' . UserAccountRequest::relPathFromKey($key);
$repo->streamFile($path);
}
