2 # Image download authorisation script
3 # To use, in LocalSettings.php set $wgUploadDirectory to point to a non-public directory, and
4 # $wgUploadPath to point to this file. Also set $wgWhitelistRead to an array of pages you want
5 # everyone to be able to access. Your server must support PATH_INFO, CGI-based configurations
8 # Valid web server entry point, enable includes
9 define( "MEDIAWIKI", true );
11 require_once( "includes/Defines.php" );
12 require_once( "./LocalSettings.php" );
13 require_once( "includes/Setup.php" );
15 if( !isset( $_SERVER['PATH_INFO'] ) ) {
19 # Get filenames/directories
20 $filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
21 $realUploadDirectory = realpath( $wgUploadDirectory );
22 $imageName = $wgLang->getNsText( NS_IMAGE
) . ":" . basename( $_SERVER['PATH_INFO'] );
24 # Check if the filename is in the correct directory
25 if ( substr( $filename, 0, strlen( $realUploadDirectory ) ) != $realUploadDirectory ) {
29 if ( is_array( $wgWhitelistRead ) && !in_array( $imageName, $wgWhitelistRead ) && !$wgUser->getID() ) {
33 if( !file_exists( $filename ) ) {
36 if( is_dir( $filename ) ) {
41 $type = wfGetType( $filename );
43 header("Content-type: $type");
45 header("Content-type: application/x-wiki");
48 readfile( $filename );
50 function wfGetType( $filename ) {
51 # There's probably a better way to do this
52 $types = <<<END_STRING
53 application/andrew-inset ez
54 application/mac-binhex40 hqx
55 application/mac-compactpro cpt
56 application/mathml+xml mathml
57 application/msword doc
58 application/octet-stream bin dms lha lzh exe class so dll
62 application/postscript ai eps ps
63 application/rdf+xml rdf
64 application/smil smi smil
66 application/srgs+xml grxml
67 application/vnd.mif mif
68 application/vnd.ms-excel xls
69 application/vnd.ms-powerpoint ppt
70 application/vnd.wap.wbxml wbxml
71 application/vnd.wap.wmlc wmlc
72 application/vnd.wap.wmlscriptc wmlsc
73 application/voicexml+xml vxml
74 application/x-bcpio bcpio
75 application/x-cdlink vcd
76 application/x-chess-pgn pgn
77 application/x-cpio cpio
79 application/x-director dcr dir dxr
81 application/x-futuresplash spl
82 application/x-gtar gtar
84 application/x-javascript js
85 application/x-koan skp skd skt skm
86 application/x-latex latex
87 application/x-netcdf nc cdf
89 application/x-shar shar
90 application/x-shockwave-flash swf
91 application/x-stuffit sit
92 application/x-sv4cpio sv4cpio
93 application/x-sv4crc sv4crc
97 application/x-texinfo texinfo texi
98 application/x-troff t tr roff
99 application/x-troff-man man
100 application/x-troff-me me
101 application/x-troff-ms ms
102 application/x-ustar ustar
103 application/x-wais-source src
104 application/xhtml+xml xhtml xht
105 application/xslt+xml xslt
106 application/xml xml xsl
107 application/xml-dtd dtd
110 audio/midi mid midi kar
111 audio/mpeg mpga mp2 mp3
112 audio/x-aiff aif aiff aifc
114 audio/x-pn-realaudio ram rm
115 audio/x-pn-realaudio-plugin rpm
124 image/jpeg jpeg jpg jpe
128 image/vnd.djvu djvu djv
129 image/vnd.wap.wbmp wbmp
130 image/x-cmu-raster ras
132 image/x-portable-anymap pnm
133 image/x-portable-bitmap pbm
134 image/x-portable-graymap pgm
135 image/x-portable-pixmap ppm
139 image/x-xwindowdump xwd
141 model/mesh msh mesh silo
143 text/calendar ics ifb
148 text/tab-separated-values tsv
150 text/vnd.wap.wmlscript wmls
152 video/mpeg mpeg mpg mpe
153 video/quicktime qt mov
154 video/vnd.mpegurl mxu
156 video/x-sgi-movie movie
157 x-conference/x-cooltalk ice";
161 $types = explode( $endl, $types );
162 if ( !preg_match( "/\.([^.]*?)$/", $filename, $matches ) ) {
166 foreach( $types as $type ) {
167 $extensions = explode( " ", $type );
168 for ( $i=1; $i<count( $extensions ); $i++ ) {
169 if ( $extensions[$i] == $matches[1] ) {
170 return $extensions[0];
177 function wfForbidden() {
178 header( "HTTP/1.0 403 Forbidden" );
181 <h1>Access denied</h1>
182 <p>You need to log in to access files on this server</p>