r86027 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r86026‎ \| r86027 \| r86028 >
Date:	07:10, 14 April 2011
Author:	tstarling
Status:	ok
Tags:
Comment:	(bug 28507) Fix for r85844: that revision was not actually sufficient to fix bug 28235, since URLs can have more than one question mark in them.
Modified paths:	/trunk/phase3/images/.htaccess (modified) (history) /trunk/phase3/img_auth.php (modified) (history) /trunk/phase3/includes/WebRequest.php (modified) (history)

Diff [purge]

Index: trunk/phase3/images/.htaccess
—	—	@@ -1,6 +1,6 @@
2	2	# Protect against bug 28235
3	3	<IfModule rewrite_module>
4	4	RewriteEngine On
5		~~- RewriteCond %{QUERY_STRING} \.[a-z]{1,4}$ [nocase]~~
	5	+ RewriteCond %{QUERY_STRING} \.[a-z0-9]{1,4}(#\|\?\|$) [nocase]
6	6	RewriteRule . - [forbidden]
7	7	</IfModule>
Index: trunk/phase3/includes/WebRequest.php
—	—	@@ -785,7 +785,7 @@
786	786	global $wgScriptExtension;
787	787
788	788	if ( isset( $_SERVER['QUERY_STRING'] )
789		~~- && preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) )~~
	789	+ && preg_match( '/\.[a-z0-9]{1,4}(#\|\?\|$)/i', $_SERVER['QUERY_STRING'] ) )
790	790	{
791	791	// Bug 28235
792	792	// Block only Internet Explorer, and requests with missing UA
Index: trunk/phase3/img_auth.php
—	—	@@ -40,7 +40,7 @@
41	41
42	42	// Check for bug 28235: QUERY_STRING overriding the correct extension
43	43	if ( isset( $_SERVER['QUERY_STRING'] )
44		~~- && preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) )~~
	44	+ && preg_match( '/\.[a-z0-9]{1,4}(#\|\?\|$)/i', $_SERVER['QUERY_STRING'] ) )
45	45	{
46	46	wfForbidden( 'img-auth-accessdenied', 'img-auth-bad-query-string' );
47	47	}

Revision	Commit summary	Author	Date
r86028	MFT r86027: fix IE6 XSS again	tstarling	07:12, 14 April 2011
r86030	* MFT r86027: fix IE6 XSS again...	tstarling	07:14, 14 April 2011
r86031	MFT r86027: fix IE6 XSS again	tstarling	07:15, 14 April 2011
r89397	(bug 28840) If the query string hits bug 28235, redirect to a safer URL inste...	tstarling	05:32, 3 June 2011
r89558	* Added a REQUEST_URI check to the bug 28235 handling....	tstarling	11:59, 6 June 2011

Revision	Commit summary	Author	Date
r85844	Fix for bug 28235: IE6 looks for the file extension in the query string	tstarling	00:55, 12 April 2011
r85845	MFT r85844, fix for bug 28235 (IE6 looks for the file extension in the query ...	tstarling	01:07, 12 April 2011
r85846	MFT r85844, fix for bug 28235 (IE6 looks for the file extension in the query ...	tstarling	01:15, 12 April 2011

22:33, 15 April 2011 Reedy (talk | contribs) changed the status of r86027 [removed: new added: ok]