Last modified: 2013-09-04 11:49:50 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T31531, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 29531 - r89628 breaks img_auth.php
r89628 breaks img_auth.php
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
File management (Other open bugs)
1.17.x
All All
: High normal (vote)
: ---
Assigned To: Tim Starling
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-06-22 15:11 UTC by Fomafix
Modified: 2013-09-04 11:49 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Output with var_dump( $_SERVER ); in img_auth.php (2.21 KB, text/plain)
2011-06-27 07:12 UTC, Fomafix 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Fomafix 2011-06-22 15:11:46 UTC 
Try to get the image [[Datei:File.jpg|thumb|300px]] through img_auth.php: http://localhost/mediawiki-1.17/img_auth.php/thumb/4/42/File.jpg/300px-File.jpg

r89627 works.

r89628 doesn't work:
 <h1>Forbidden</h1><p>Invalid file extension found in the path info or query string.</p>

LocalSettings.php:
 $wgScriptPath = "/mediawiki-1.17";
 $wgUploadPath = "$wgScriptPath/img_auth.php";
Comment 1 Mark A. Hershberger 2011-06-22 18:46:45 UTC 

*** This bug has been marked as a duplicate of bug 28840 ***
Comment 2 Tim Starling 2011-06-22 23:16:38 UTC 
Can you please add the following at the top of img_auth.php:

var_dump( $_SERVER );
exit;

And then request that same failing URL and paste the output into a comment?
Comment 3 Fomafix 2011-06-27 07:12:24 UTC 
Created attachment 8714 [details]
Output with var_dump( $_SERVER ); in img_auth.php

The requested file is in /apps/www/images/thumb/4/42/File.jpg/300px-File.jpg

LocalSettings.php
 $wgUploadDirectory = "/apps/www/images";

May be img_auth.php tries to access the wrong path /srv/www/htdocs/thumb/4/42/File.jpg/300px-File.jpg from PATH_TRANSLATED.

Before r89628 the same configuration worked correctly.
Comment 4 Tim Starling 2011-06-27 07:23:36 UTC 
Try changing the strpos() in img_auth.php to strrpos(). Here's a patch file for it if you prefer:

Index: img_auth.php
===================================================================
--- img_auth.php	(revision 90644)
+++ img_auth.php	(working copy)
@@ -46,7 +46,7 @@
 $path = $matches['title'];
 
 // Check for bug 28235: QUERY_STRING overriding the correct extension
-$dotPos = strpos( $path, '.' );
+$dotPos = strrpos( $path, '.' );
 $whitelist = array();
 if ( $dotPos !== false ) {
 	$whitelist[] = substr( $path, $dotPos + 1 );
Comment 5 Fomafix 2011-06-27 07:45:02 UTC 
(In reply to comment #4)
> Try changing the strpos() in img_auth.php to strrpos().

Yes. With strrpos() it works again.
Comment 6 Sam Reed (reedy) 2011-06-30 01:44:40 UTC 
r91153
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links