Extension:ImageProtection
 | This extension is currently not actively maintained! Although it may still work, any bug reports or feature requests will more than likely be ignored. |
 Release status: unmaintained |
|
|---|---|
| Implementation | Hook |
| Description | Protects uploaded files in the images directory from direct linking. |
| Author(s) | Rob |
| Latest version | 1.1 |
| MediaWiki | 1.12.0+ |
| License | GPL |
| Download | Cut and paste from this page. |
 | This extension stores its source code on a editable wiki page rather than in a code repository. As a result, this code may be maliciously altered. It may contain security vulnerabilities, and will not receive localisation updates from translatewiki.net. Developers are strongly encouraged to host their code in a code repository rather than a wiki page so that the extension can be properly maintained, reviewed, and kept secure. |
You may prefer to use the standard image authorization mechanism provided by MediaWiki. See Bugs for the limitations of this extension. In the access log you may see entries like:
Overview
[edit]One of our MediaWiki-based research projects requires login to mediaWiki to read article content. It also needs to prevent people who have not logged in from being able to access documents and images that are uploaded into the filesystem accessible though the Image:, and Media: namespaces. This extension addresses the second of these issues.
Bugs
[edit]- The extension seems to cause some server load issues with repeated loopback requests which may be malformed - use with caution.
Installation
[edit]Add this line to your LocalSettings.php:
require_once("extensions/ImageProtection.php");
Copy this code and create a file inside the extensions directory called ImageProtection.php.
<?php
/**
* ImageProtection extension
* Protects uploaded files in the images directory from direct linking
*
* @file
* @ingroup Extensions
* @version 1.1
* @author Rob
* @link http://www.mediawiki.org/wiki/Extension:ImageProtection Documentation
*/
// Extension credits that will show up on Special:Version
$wgExtensionCredits['other'][] = array(
'name' => 'ImageProtection',
'author' => 'Rob',
'version' => '1.1',
'url' => 'http://www.mediawiki.org/wiki/Extension:ImageProtection',
'description' => 'Protects uploaded files in the images directory from direct linking.',
);
function fnImageAction($output, $article, $title, $user, $request, $wiki) {
global $wgUploadDirectory;
if( $request->getText('action') == 'image' && $user->isLoggedIn() ) {
$output->disable();
wfResetOutputBuffers();
$image_path = $wgUploadDirectory."/".$request->getText('image');
preg_match("/.+\/(.+?)$/", $image_path, $result);
$image = Image::newFromTitle($result[1]);
if( file_exists($image_path) ) {
header('Content-Type: '.$image->mime);
readfile($image_path);
}
return false;
}
return true;
}
$wgHooks['MediaWikiPerformAction'][] = 'fnImageAction';
Create an .htaccess file inside the images directory in your wiki. Apache will need to have the directive AllowOverride All set for the images directory so it will read and execute the .htaccess file.
.htaccess file:
RewriteEngine On RewriteRule ^(.*)$ /wiki/index.php?action=image&image=$1 [L] [QSA]
You will need to change or remove /wiki from the RewriteRule depending on the path of your installation.
