r86028 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r86027‎ \| r86028 \| r86029 >
Date:	07:12, 14 April 2011
Author:	tstarling
Status:	ok
Tags:
Comment:	MFT r86027: fix IE6 XSS again
Modified paths:	/branches/REL1_17/phase3/images/.htaccess (modified) (history) /branches/REL1_17/phase3/img_auth.php (modified) (history) /branches/REL1_17/phase3/includes/WebRequest.php (modified) (history)

Diff [purge]

Index: branches/REL1_17/phase3/images/.htaccess
—	—	@@ -1,6 +1,6 @@
2	2	# Protect against bug 28235
3	3	<IfModule rewrite_module>
4	4	RewriteEngine On
5		~~- RewriteCond %{QUERY_STRING} \.[a-z]{1,4}$ [nocase]~~
	5	+ RewriteCond %{QUERY_STRING} \.[a-z0-9]{1,4}(#\|\?\|$) [nocase]
6	6	RewriteRule . - [forbidden]
7	7	</IfModule>
Index: branches/REL1_17/phase3/includes/WebRequest.php
—	—	@@ -755,7 +755,7 @@
756	756	global $wgScriptExtension;
757	757
758	758	if ( isset( $_SERVER['QUERY_STRING'] )
759		~~- && preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) )~~
	759	+ && preg_match( '/\.[a-z0-9]{1,4}(#\|\?\|$)/i', $_SERVER['QUERY_STRING'] ) )
760	760	{
761	761	// Bug 28235
762	762	// Block only Internet Explorer, and requests with missing UA
Index: branches/REL1_17/phase3/img_auth.php
—	—	@@ -39,7 +39,7 @@
40	40
41	41	// Check for bug 28235: QUERY_STRING overriding the correct extension
42	42	if ( isset( $_SERVER['QUERY_STRING'] )
43		~~- && preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) )~~
	43	+ && preg_match( '/\.[a-z0-9]{1,4}(#\|\?\|$)/i', $_SERVER['QUERY_STRING'] ) )
44	44	{
45	45	wfForbidden( 'img-auth-accessdenied', 'img-auth-bad-query-string' );
46	46	}

Revision	Commit summary	Author	Date
r86027	(bug 28507) Fix for r85844: that revision was not actually sufficient to fix ...	tstarling	07:10, 14 April 2011

22:33, 15 April 2011 Reedy (talk | contribs) changed the status of r86028 [removed: new added: ok]