r24107 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r24106‎ \| r24107 \| r24108 >
Date:	05:08, 15 July 2007
Author:	robchurch
Status:	old
Tags:
Comment:	MIME is an acronym...
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/RawPage.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/RawPage.php
—	—	@@ -151,7 +151,7 @@
152	152	$dangerousTypes = array( $wgJsMimeType, 'text/css' );
153	153	if ( in_array( $this->mContentType, $dangerousTypes ) &&
154	154	!($this->mTitle->isCssOrJsPage() \|\| $this->mTitle->isCssJsSubpage() ) )
155		~~- return '/* Page type not compatible with requested mime type. */';~~
	155	+ return '/* Page type not compatible with requested MIME type. */';
156	156
157	157	if($this->mGen) {
158	158	$sk = $wgUser->getSkin();
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -293,8 +293,8 @@
294	294	* Don't show non-functional toolbar buttons on Opera 7 anymore
295	295	* (bug 9151) Fix relative subpage links with section fragments
296	296	* (bug 10560) Adding a space between category letter heading and "continues"
297		~~-* Security fix: Disable retrieving pages as raw js/css that should not contain~~
298		~~- such content.~~
	297	+* Don't allow retrieving non-JavaScript/CSS pages with "text/css" or "text/javascript"
	298	+ MIME types
299	299
300	300	== API changes since 1.10 ==
301	301

Revision	Commit summary	Author	Date
r24202	Revert r24105, r24106, r24107 'security fix' forbidden text/css and text/java...	brion	15:50, 17 July 2007
r24215	Merged revisions 24095-24212 via svnmerge from...	david	21:19, 17 July 2007

15:20, 12 September 2011 Meno25 (talk | contribs) changed the status of r24107 [removed: ok added: old]