From d81f562b712f2387fa02290bf2ca86392ab356f2 Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Wed, 11 Oct 2006 20:21:25 +0000 Subject: Aktualisierung auf Version 1.8.1 --- img_auth.php | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) (limited to 'img_auth.php') diff --git a/img_auth.php b/img_auth.php index fb58ba28..cfe005e9 100644 --- a/img_auth.php +++ b/img_auth.php @@ -7,18 +7,9 @@ * to an array of pages you want everyone to be able to access. Your server must * support PATH_INFO, CGI-based configurations generally don't. */ -# Valid web server entry point, enable includes -define( 'MEDIAWIKI', true ); - -if ( isset( $_REQUEST['GLOBALS'] ) ) { - echo '$GLOBALS overwrite vulnerability'; - die( -1 ); -} - -require_once( 'includes/Defines.php' ); -require_once( './LocalSettings.php' ); -require_once( 'includes/Setup.php' ); -require_once( 'includes/StreamFile.php' ); +require_once( './includes/WebStart.php' ); +wfProfileIn( 'img_auth.php' ); +require_once( './includes/StreamFile.php' ); if( !isset( $_SERVER['PATH_INFO'] ) ) { wfForbidden(); @@ -27,7 +18,7 @@ if( !isset( $_SERVER['PATH_INFO'] ) ) { # Get filenames/directories $filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] ); $realUploadDirectory = realpath( $wgUploadDirectory ); -$imageName = $wgLang->getNsText( NS_IMAGE ) . ":" . basename( $_SERVER['PATH_INFO'] ); +$imageName = $wgContLang->getNsText( NS_IMAGE ) . ":" . wfBaseName( $_SERVER['PATH_INFO'] ); # Check if the filename is in the correct directory if ( substr( $filename, 0, strlen( $realUploadDirectory ) ) != $realUploadDirectory ) { @@ -47,6 +38,7 @@ if( is_dir( $filename ) ) { # Write file wfStreamFile( $filename ); +wfLogProfilingData(); function wfForbidden() { header( 'HTTP/1.0 403 Forbidden' ); @@ -55,6 +47,7 @@ function wfForbidden() {

Access denied

You need to log in to access files on this server

"; + wfLogProfilingData(); exit; } -- cgit v1.2.3-54-g00ecf