Extension:ImageProtection
 | This extension is currently not actively maintained! Although it may still work, any bug reports or feature requests will more than likely be ignored. |
 Release status: unmaintained |
|
|---|---|
| Implementation | Hook |
| Description | Protects uploaded files in the images directory from direct linking. |
| Author(s) | Rob |
| Latest version | 1.1 |
| MediaWiki | 1.12.0+ |
| License | GPL |
| Download | Cut and paste from this page. |
 | This extension stores its source code on a wiki page. Please be aware that this code may be unreviewed or maliciously altered. They may contain security holes, outdated interfaces that are no longer compatible etc. Note: No localisation updates are provided for this extension by translatewiki.net. |
You may prefer to use the standard image authorization mechanism provided by MediaWiki. See Bugs for the limitations of this extension. In the access log you may see entries like:
Overview
[edit]One of our MediaWiki-based research projects requires login to mediaWiki to read article content. It also needs to prevent people who have not logged in from being able to access documents and images that are uploaded into the filesystem accessible though the Image:, and Media: namespaces. This extension addresses the second of these issues.
Bugs
[edit]- The extension seems to cause some server load issues with repeated loopback requests which may be malformed - use with caution.
Installation
[edit]Add this line to your LocalSettings.php:
require_once("extensions/ImageProtection.php");
Copy this code and create a file inside the extensions directory called ImageProtection.php.
<?php
/**
* ImageProtection extension
* Protects uploaded files in the images directory from direct linking
*
* @file
* @ingroup Extensions
* @version 1.1
* @author Rob
* @link http://www.mediawiki.org/wiki/Extension:ImageProtection Documentation
*/
// Extension credits that will show up on Special:Version
$wgExtensionCredits['other'][] = array(
'name' => 'ImageProtection',
'author' => 'Rob',
'version' => '1.1',
'url' => 'http://www.mediawiki.org/wiki/Extension:ImageProtection',
'description' => 'Protects uploaded files in the images directory from direct linking.',
);
function fnImageAction($output, $article, $title, $user, $request, $wiki) {
global $wgUploadDirectory;
if( $request->getText('action') == 'image' && $user->isLoggedIn() ) {
$output->disable();
wfResetOutputBuffers();
$image_path = $wgUploadDirectory."/".$request->getText('image');
preg_match("/.+\/(.+?)$/", $image_path, $result);
$image = Image::newFromTitle($result[1]);
if( file_exists($image_path) ) {
header('Content-Type: '.$image->mime);
readfile($image_path);
}
return false;
}
return true;
}
$wgHooks['MediaWikiPerformAction'][] = 'fnImageAction';
Create an .htaccess file inside the images directory in your wiki. Apache will need to have the directive AllowOverride All set for the images directory so it will read and execute the .htaccess file.
.htaccess file:
RewriteEngine On RewriteRule ^(.*)$ /wiki/index.php?action=image&image=$1 [L] [QSA]
You will need to change or remove /wiki from the RewriteRule depending on the path of your installation.