Last modified: 2009-07-03 20:06:07 UTC
If somebody is using img_auth, then they very likely are using userCan hook. Just needs one line addition (sorry for not providing the patch as attachment): if (!$title->userCanRead()) wfForbidden(); AFTER: $title = Title::makeTitleSafe( NS_FILE, $name ); if( !$title instanceof Title ) { wfDebugLog( 'img_auth', "Unable to construct a valid Title from `{$name}`" ); wfForbidden(); }
Fixed in r52751