diff options
| author | Tim Starling <tstarling@wikimedia.org> | 2020-03-31 16:33:41 +1100 |
|---|---|---|
| committer | Brad Jorsch <bjorsch@wikimedia.org> | 2020-04-01 12:33:38 -0400 |
| commit | 507501d6ee29eb1b8df443192971fe2b6a6addb6 (patch) | |
| tree | 17acb0363aaeec3f0560e2029d3c4c228f159a8d /thumb.php | |
| parent | b740a787a952a810cd412fae8e399c5265b9a0ae (diff) | |
| download | mediawikicore-507501d6ee29eb1b8df443192971fe2b6a6addb6.tar.gz mediawikicore-507501d6ee29eb1b8df443192971fe2b6a6addb6.zip | |
Stop using SCRIPT_NAME where possible, rely on statically configured routing
It has become apparent that $_SERVER['SCRIPT_NAME'] may contain the same
thing as REQUEST_URI, for example in WMF production. PATH_INFO is not
set, so there is no way to split the URL into SCRIPT_NAME and PATH_INFO
components apart from configuration.
* Revert the fix for T34486, which added a route for SCRIPT_NAME to the
PathRouter for the benefit of img_auth.php. In T235357, the route thus
added contained $1, breaking everything.
* Remove calls to WebRequest::getPathInfo() from everywhere other than
index.php. Dynamic modification of $wgArticlePath in order to make
PathRouter work was weird and broken anyway. All that is really needed
is a suffix of REQUEST_URI, so I added a function which provides that.
* Add $wgImgAuthPath, for use as a last resort workaround for T34486.
* Avoid the use of $_SERVER['SCRIPT_NAME'] to detect the currently
running script.
* Deprecated wfGetScriptUrl(), a fairly simple wrapper for SCRIPT_NAME.
Apparently no callers in core or extensions.
Bug: T235357
Change-Id: If2b82759f3f4aecec79d6e2d88cd4330927fdeca
Diffstat (limited to 'thumb.php')
| -rw-r--r-- | thumb.php | 24 |
1 files changed, 8 insertions, 16 deletions
diff --git a/thumb.php b/thumb.php index ad55391f36b1..b5b6f76daf44 100644 --- a/thumb.php +++ b/thumb.php @@ -58,25 +58,17 @@ $mediawiki->doPostOutputShutdown(); * @return void */ function wfThumbHandle404() { - global $wgArticlePath; - - # Set action base paths so that WebRequest::getPathInfo() - # recognizes the "X" as the 'title' in ../thumb_handler.php/X urls. - # Note: If Custom per-extension repo paths are set, this may break. + // Determine the request path relative to the thumbnail zone base $repo = MediaWikiServices::getInstance()->getRepoGroup()->getLocalRepo(); - $oldArticlePath = $wgArticlePath; - $wgArticlePath = $repo->getZoneUrl( 'thumb' ) . '/$1'; - - $matches = WebRequest::getPathInfo(); - - $wgArticlePath = $oldArticlePath; - - if ( !isset( $matches['title'] ) ) { - wfThumbError( 404, 'Could not determine the name of the requested thumbnail.' ); - return; + $baseUrl = $repo->getZoneUrl( 'thumb' ); + if ( substr( $baseUrl, 0, 1 ) === '/' ) { + $basePath = $baseUrl; + } else { + $basePath = parse_url( $baseUrl, PHP_URL_PATH ); } + $relPath = WebRequest::getRequestPathSuffix( $basePath ); - $params = wfExtractThumbRequestInfo( $matches['title'] ); // basic wiki URL param extracting + $params = wfExtractThumbRequestInfo( $relPath ); // basic wiki URL param extracting if ( $params == null ) { wfThumbError( 400, 'The specified thumbnail parameters are not recognized.' ); return; |