3 # Image download authorisation script
4 define( "MEDIAWIKI", true );
5 require_once( "./LocalSettings.php" );
6 require_once( "includes/Setup.php" );
7 if ( $wgWhitelistRead && !$wgUser->getID() ) {
8 header( "HTTP/1.0 403 Forbidden" );
12 # Check if the filename is in the correct directory
13 $filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
14 $realUploadDirectory = realpath( $wgUploadDirectory );
15 if ( substr( $filename, 0, strlen( $realUploadDirectory ) ) != $realUploadDirectory ) {
16 header( "HTTP/1.0 403 Forbidden" );
21 $type = wfGetType( $filename );
23 header("Content-type: $type");
26 readfile( $filename );
28 function wfGetType( $filename ) {
29 # There's probably a better way to do this
30 $types = "application/andrew-inset ez
31 application/mac-binhex40 hqx
32 application/mac-compactpro cpt
33 application/mathml+xml mathml
34 application/msword doc
35 application/octet-stream bin dms lha lzh exe class so dll
39 application/postscript ai eps ps
40 application/rdf+xml rdf
41 application/smil smi smil
43 application/srgs+xml grxml
44 application/vnd.mif mif
45 application/vnd.ms-excel xls
46 application/vnd.ms-powerpoint ppt
47 application/vnd.wap.wbxml wbxml
48 application/vnd.wap.wmlc wmlc
49 application/vnd.wap.wmlscriptc wmlsc
50 application/voicexml+xml vxml
51 application/x-bcpio bcpio
52 application/x-cdlink vcd
53 application/x-chess-pgn pgn
54 application/x-cpio cpio
56 application/x-director dcr dir dxr
58 application/x-futuresplash spl
59 application/x-gtar gtar
61 application/x-javascript js
62 application/x-koan skp skd skt skm
63 application/x-latex latex
64 application/x-netcdf nc cdf
66 application/x-shar shar
67 application/x-shockwave-flash swf
68 application/x-stuffit sit
69 application/x-sv4cpio sv4cpio
70 application/x-sv4crc sv4crc
74 application/x-texinfo texinfo texi
75 application/x-troff t tr roff
76 application/x-troff-man man
77 application/x-troff-me me
78 application/x-troff-ms ms
79 application/x-ustar ustar
80 application/x-wais-source src
81 application/xhtml+xml xhtml xht
82 application/xslt+xml xslt
83 application/xml xml xsl
84 application/xml-dtd dtd
87 audio/midi mid midi kar
88 audio/mpeg mpga mp2 mp3
89 audio/x-aiff aif aiff aifc
91 audio/x-pn-realaudio ram rm
92 audio/x-pn-realaudio-plugin rpm
101 image/jpeg jpeg jpg jpe
105 image/vnd.djvu djvu djv
106 image/vnd.wap.wbmp wbmp
107 image/x-cmu-raster ras
109 image/x-portable-anymap pnm
110 image/x-portable-bitmap pbm
111 image/x-portable-graymap pgm
112 image/x-portable-pixmap ppm
116 image/x-xwindowdump xwd
118 model/mesh msh mesh silo
120 text/calendar ics ifb
127 text/tab-separated-values tsv
129 text/vnd.wap.wmlscript wmls
131 video/mpeg mpeg mpg mpe
132 video/quicktime qt mov
133 video/vnd.mpegurl mxu
135 video/x-sgi-movie movie
136 x-conference/x-cooltalk ice";
138 $types = explode( "\n", $types );
139 if ( !preg_match( "/\.(.*?)$/", $filename, $matches ) ) {
143 foreach( $types as $type ) {
144 $extensions = explode( " ", $type );
145 for ( $i=1; $i<count( $extensions ); $i++
) {
146 if ( $extensions[$i] == $matches[1] ) {
147 return $extensions[0];