| Index: trunk/phase3/includes/WebRequest.php |
| — | — | @@ -877,6 +877,8 @@ |
| 878 | 878 | * Check for a bad query string, which IE 6 will use as a potentially |
| 879 | 879 | * insecure cache file extension. See bug 28235. Returns true if the |
| 880 | 880 | * request should be disallowed. |
| | 881 | + * |
| | 882 | + * @return Boolean |
| 881 | 883 | */ |
| 882 | 884 | public function isQueryStringBad() { |
| 883 | 885 | if ( !isset( $_SERVER['QUERY_STRING'] ) ) { |
| — | — | @@ -885,9 +887,17 @@ |
| 886 | 888 | |
| 887 | 889 | $extension = self::findIE6Extension( $_SERVER['QUERY_STRING'] ); |
| 888 | 890 | if ( strval( $extension ) === '' ) { |
| | 891 | + /* No extension or empty extension (false/'') */ |
| 889 | 892 | return false; |
| 890 | 893 | } |
| 891 | 894 | |
| | 895 | + /* Only consider the extension understood by IE to be potentially |
| | 896 | + * dangerous if it is made of normal characters (so it is more |
| | 897 | + * likely to be registered with an application) |
| | 898 | + * Compromise with api.php convenience. Considers for instance |
| | 899 | + * that no sane application will register a dangerous file type |
| | 900 | + * in an extension containing an ampersand. |
| | 901 | + */ |
| 892 | 902 | return (bool)preg_match( '/^[a-zA-Z0-9_-]+$/', $extension ); |
| 893 | 903 | } |
| 894 | 904 | |