jenkins-bot has submitted this change and it was merged.
Change subject: Treat the "temp" repo zone as private
......................................................................
Treat the "temp" repo zone as private
* The primary user is the upload stash. Both stashed originals and thumbnails
can
be viewed through Special:UploadStash, which checks the appropriate
permissions.
There is no need for direct web access.
* Note that the scaler URL has to point to something that does no authentication
checks since the HTTP GET has no cookie headers propagated. However the file
name is the URL is determined by us_path, which is not exposed to the author
but rather stored in the DB and linked by the file key. The author should only
know the key.
* Also changed getTempRepo() to set the thumb/transcoded zones to nest in
the base repo temp zone. This way, the temp and base repo do not conflict
as to whether a container might be private or not.
Change-Id: I403520053b2053094e5f90083b6375bc04c351f4
---
M RELEASE-NOTES-1.25
M includes/filerepo/FileRepo.php
2 files changed, 26 insertions(+), 18 deletions(-)
Approvals:
Anomie: Looks good to me, approved
jenkins-bot: Verified
diff --git a/RELEASE-NOTES-1.25 b/RELEASE-NOTES-1.25
index 48d7b05..b9eb15d 100644
--- a/RELEASE-NOTES-1.25
+++ b/RELEASE-NOTES-1.25
@@ -132,6 +132,9 @@
Also, the former will now throw an MWException if called with one or more
arguments.
* Removed hitcounters and associated code.
+* The "temp" zone of the upload respository is now considered private. If it
+ already exists (such as under the images/ directory), please make sure that
+ the directory is not web readable (e.g. via a .htaccess file).
== Compatibility ==
diff --git a/includes/filerepo/FileRepo.php b/includes/filerepo/FileRepo.php
index 5929525..58245a5 100644
--- a/includes/filerepo/FileRepo.php
+++ b/includes/filerepo/FileRepo.php
@@ -114,6 +114,9 @@
/** @var string The URL of the repo's favicon, if any */
protected $favicon;
+ /** @var bool Whether all zones should be private (e.g. private wiki
repo) */
+ protected $isPrivate;
+
/**
* Factory functions for creating new files
* Override these in the base class
@@ -269,7 +272,7 @@
* @return string|bool
*/
public function getZoneUrl( $zone, $ext = null ) {
- if ( in_array( $zone, array( 'public', 'temp', 'thumb',
'transcoded' ) ) ) {
+ if ( in_array( $zone, array( 'public', 'thumb', 'transcoded' )
) ) {
// standard public zones
if ( $ext !== null && isset(
$this->zones[$zone]['urlsByExt'][$ext] ) ) {
// custom URL for extension/zone
@@ -283,7 +286,6 @@
case 'public':
return $this->url;
case 'temp':
- return "{$this->url}/temp";
case 'deleted':
return false; // no public URL
case 'thumb':
@@ -1305,7 +1307,10 @@
list( , $container, ) = FileBackend::splitStoragePath( $path );
$params = array( 'dir' => $path );
- if ( $this->isPrivate || $container ===
$this->zones['deleted']['container'] ) {
+ if ( $this->isPrivate
+ || $container === $this->zones['deleted']['container']
+ || $container === $this->zones['temp']['container']
+ ) {
# Take all available measures to prevent web
accessibility of new deleted
# directories, in case the user has not configured
offline storage
$params = array( 'noAccess' => true, 'noListing' =>
true ) + $params;
@@ -1785,9 +1790,9 @@
}
/**
- * Get an temporary FileRepo associated with this repo.
- * Files will be created in the temp zone of this repo and
- * thumbnails in a /temp subdirectory in thumb zone of this repo.
+ * Get a temporary private FileRepo associated with this repo.
+ *
+ * Files will be created in the temp zone of this repo.
* It will have the same backend as this repo.
*
* @return TempFileRepo
@@ -1798,26 +1803,26 @@
'backend' => $this->backend,
'zones' => array(
'public' => array(
+ // Same place storeTemp() uses in the
base repo, though
+ // the path hashing is mismatched,
which is annoying.
'container' =>
$this->zones['temp']['container'],
'directory' =>
$this->zones['temp']['directory']
),
'thumb' => array(
- 'container' =>
$this->zones['thumb']['container'],
- 'directory' =>
$this->zones['thumb']['directory'] == ''
- ? 'temp'
- :
$this->zones['thumb']['directory'] . '/temp'
+ 'container' =>
$this->zones['temp']['container'],
+ 'directory' =>
$this->zones['temp']['directory'] == ''
+ ? 'thumb'
+ :
$this->zones['temp']['directory'] . '/thumb'
),
'transcoded' => array(
- 'container' =>
$this->zones['transcoded']['container'],
- 'directory' =>
$this->zones['transcoded']['directory'] == ''
- ? 'temp'
- :
$this->zones['transcoded']['directory'] . '/temp'
+ 'container' =>
$this->zones['temp']['container'],
+ 'directory' =>
$this->zones['temp']['directory'] == ''
+ ? 'transcoded'
+ :
$this->zones['temp']['directory'] . '/transcoded'
)
),
- 'url' => $this->getZoneUrl( 'temp' ),
- 'thumbUrl' => $this->getZoneUrl( 'thumb' ) . '/temp',
- 'transcodedUrl' => $this->getZoneUrl( 'transcoded' ) .
'/temp',
- 'hashLevels' => $this->hashLevels // performance
+ 'hashLevels' => $this->hashLevels, // performance
+ 'isPrivate' => true // all in temp zone
) );
}
--
To view, visit https://gerrit.wikimedia.org/r/167296
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I403520053b2053094e5f90083b6375bc04c351f4
Gerrit-PatchSet: 7
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Aaron Schulz <[email protected]>
Gerrit-Reviewer: Aaron Schulz <[email protected]>
Gerrit-Reviewer: Anomie <[email protected]>
Gerrit-Reviewer: Brian Wolff <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
