| Index: branches/REL1_3/phase3/includes/Title.php |
| — | — | @@ -515,7 +515,7 @@ |
| 516 | 516 | if( Namespace::getUser() == $this->mNamespace |
| 517 | 517 | and preg_match("/\\.(css|js)$/", $this->mTextform ) |
| 518 | 518 | and !$wgUser->isSysop() |
| 519 | | - and !preg_match("/^".preg_quote($wgUser->getName(), '/')."/", $this->mTextform) ) |
| | 519 | + and !preg_match("/^".preg_quote($wgUser->getName(), '/')."\//", $this->mTextform) ) |
| 520 | 520 | { return false; } |
| 521 | 521 | $ur = $wgUser->getRights(); |
| 522 | 522 | foreach ( $this->getRestrictions() as $r ) { |
| — | — | @@ -556,7 +556,7 @@ |
| 557 | 557 | # protect css/js subpages of user pages |
| 558 | 558 | # XXX: this might be better using restrictions |
| 559 | 559 | global $wgUser; |
| 560 | | - return ( $wgUser->isSysop() or preg_match("/^".preg_quote($wgUser->getName())."/", $this->mTextform) ); |
| | 560 | + return ( $wgUser->isSysop() or preg_match("/^".preg_quote($wgUser->getName(), '/')."\//", $this->mTextform) ); |
| 561 | 561 | } |
| 562 | 562 | |
| 563 | 563 | # Accessor/initialisation for mRestrictions |
| Index: branches/REL1_3/phase3/RELEASE-NOTES |
| — | — | @@ -4,6 +4,10 @@ |
| 5 | 5 | setting since version 1.2.0. If you have it on, turn it *off* if you can. |
| 6 | 6 | |
| 7 | 7 | |
| | 8 | +== Version 1.3.7, 2004-10-18 == |
| | 9 | +Changes from 1.3.6: |
| | 10 | +* Fix protected-page related security issue. |
| | 11 | + |
| 8 | 12 | == Version 1.3.6, 2004-10-14 == |
| 9 | 13 | |
| 10 | 14 | Changes from 1.3.5: |