2 # Image download authorisation script
3 # To use, in LocalSettings.php set $wgUploadDirectory to point to a non-public directory, and
4 # $wgUploadPath to point to this file. Also set $wgWhitelistRead to an array of pages you want
5 # everyone to be able to access. Your server must support PATH_INFO, CGI-based configurations
8 define( "MEDIAWIKI", true );
9 require_once( "./LocalSettings.php" );
10 require_once( "includes/Setup.php" );
12 # Get filenames/directories
13 $filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
14 $realUploadDirectory = realpath( $wgUploadDirectory );
15 $imageName = $wgLang->getNsText( NS_IMAGE
) . ":" . basename( $_SERVER['PATH_INFO'] );
17 # Check if the filename is in the correct directory
18 if ( substr( $filename, 0, strlen( $realUploadDirectory ) ) != $realUploadDirectory ) {
22 if ( is_array( $wgWhitelistRead ) && !in_array( $imageName, $wgWhitelistRead ) && !$wgUser->getID() ) {
27 $type = wfGetType( $filename );
29 header("Content-type: $type");
32 readfile( $filename );
34 function wfGetType( $filename ) {
35 # There's probably a better way to do this
36 $types = <<<END_STRING
37 application/andrew-inset ez
38 application/mac-binhex40 hqx
39 application/mac-compactpro cpt
40 application/mathml+xml mathml
41 application/msword doc
42 application/octet-stream bin dms lha lzh exe class so dll
46 application/postscript ai eps ps
47 application/rdf+xml rdf
48 application/smil smi smil
50 application/srgs+xml grxml
51 application/vnd.mif mif
52 application/vnd.ms-excel xls
53 application/vnd.ms-powerpoint ppt
54 application/vnd.wap.wbxml wbxml
55 application/vnd.wap.wmlc wmlc
56 application/vnd.wap.wmlscriptc wmlsc
57 application/voicexml+xml vxml
58 application/x-bcpio bcpio
59 application/x-cdlink vcd
60 application/x-chess-pgn pgn
61 application/x-cpio cpio
63 application/x-director dcr dir dxr
65 application/x-futuresplash spl
66 application/x-gtar gtar
68 application/x-javascript js
69 application/x-koan skp skd skt skm
70 application/x-latex latex
71 application/x-netcdf nc cdf
73 application/x-shar shar
74 application/x-shockwave-flash swf
75 application/x-stuffit sit
76 application/x-sv4cpio sv4cpio
77 application/x-sv4crc sv4crc
81 application/x-texinfo texinfo texi
82 application/x-troff t tr roff
83 application/x-troff-man man
84 application/x-troff-me me
85 application/x-troff-ms ms
86 application/x-ustar ustar
87 application/x-wais-source src
88 application/xhtml+xml xhtml xht
89 application/xslt+xml xslt
90 application/xml xml xsl
91 application/xml-dtd dtd
94 audio/midi mid midi kar
95 audio/mpeg mpga mp2 mp3
96 audio/x-aiff aif aiff aifc
98 audio/x-pn-realaudio ram rm
99 audio/x-pn-realaudio-plugin rpm
108 image/jpeg jpeg jpg jpe
112 image/vnd.djvu djvu djv
113 image/vnd.wap.wbmp wbmp
114 image/x-cmu-raster ras
116 image/x-portable-anymap pnm
117 image/x-portable-bitmap pbm
118 image/x-portable-graymap pgm
119 image/x-portable-pixmap ppm
123 image/x-xwindowdump xwd
125 model/mesh msh mesh silo
127 text/calendar ics ifb
134 text/tab-separated-values tsv
136 text/vnd.wap.wmlscript wmls
138 video/mpeg mpeg mpg mpe
139 video/quicktime qt mov
140 video/vnd.mpegurl mxu
142 video/x-sgi-movie movie
143 x-conference/x-cooltalk ice";
147 $types = explode( $endl, $types );
148 if ( !preg_match( "/\.(.*?)$/", $filename, $matches ) ) {
152 foreach( $types as $type ) {
153 $extensions = explode( " ", $type );
154 for ( $i=1; $i<count( $extensions ); $i++ ) {
155 if ( $extensions[$i] == $matches[1] ) {
156 return $extensions[0];
163 function wfForbidden() {
164 header( "HTTP/1.0 403 Forbidden" );
167 <h1>Access denied</h1>
168 <p>You need to log in to access files on this server</p>