diff options
author | Pierre Schmitz <pierre@archlinux.de> | 2008-12-15 18:02:47 +0100 |
---|---|---|
committer | Pierre Schmitz <pierre@archlinux.de> | 2008-12-15 18:02:47 +0100 |
commit | 396b28f3d881f5debd888ba9bb9b47c2d478a76f (patch) | |
tree | 10d6e1a721ee4ef69def34a57f02d7eb3fc9e31e /img_auth.php | |
parent | 0be4d3ccf6c4fe98a72704f9463ecdea2ee5e615 (diff) |
update to Mediawiki 1.13.3; some cleanups
Diffstat (limited to 'img_auth.php')
-rw-r--r-- | img_auth.php | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/img_auth.php b/img_auth.php index bb419b39..4b625e39 100644 --- a/img_auth.php +++ b/img_auth.php @@ -17,6 +17,12 @@ require_once( dirname( __FILE__ ) . '/includes/WebStart.php' ); wfProfileIn( 'img_auth.php' ); require_once( dirname( __FILE__ ) . '/includes/StreamFile.php' ); +$perms = User::getGroupPermissions( array( '*' ) ); +if ( in_array( 'read', $perms, true ) ) { + wfDebugLog( 'img_auth', 'Public wiki' ); + wfPublicError(); +} + // Extract path and image information if( !isset( $_SERVER['PATH_INFO'] ) ) { wfDebugLog( 'img_auth', 'Missing PATH_INFO' ); @@ -88,3 +94,25 @@ ENDS; wfLogProfilingData(); exit(); } + +/** + * Show a 403 error for use when the wiki is public + */ +function wfPublicError() { + header( 'HTTP/1.0 403 Forbidden' ); + header( 'Content-Type: text/html; charset=utf-8' ); + echo <<<ENDS +<html> +<body> +<h1>Access Denied</h1> +<p>The function of img_auth.php is to output files from a private wiki. This wiki +is configured as a public wiki. For optimal security, img_auth.php is disabled in +this case. +</p> +</body> +</html> +ENDS; + wfLogProfilingData(); + exit; +} + |