r89621 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r89620‎ \| r89621 \| r89622 >
Date:	03:31, 7 June 2011
Author:	tstarling
Status:	ok
Tags:
Comment:	When detecting $wgServer, do not fall back to $_SERVER['HTTP_HOST']. It's unlikely that this is used by anything, since SERVER_NAME takes precedence, and SERVER_NAME is required by CGI 1.1 and appears to always be set by the major web servers. If it were ever used, it would open up a cache-poisoning vulnerability. Partially reverts r8010.
Modified paths:	/trunk/phase3/includes/DefaultSettings.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/DefaultSettings.php
—	—	@@ -63,8 +63,6 @@
64	64	$serverName = $_SERVER['SERVER_NAME'];
65	65	} elseif( isset( $_SERVER['HOSTNAME'] ) ) {
66	66	$serverName = $_SERVER['HOSTNAME'];
67		~~-} elseif( isset( $_SERVER['HTTP_HOST'] ) ) {~~
68		~~- $serverName = $_SERVER['HTTP_HOST'];~~
69	67	} elseif( isset( $_SERVER['SERVER_ADDR'] ) ) {
70	68	$serverName = $_SERVER['SERVER_ADDR'];
71	69	} else {

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r8010	more stuff to fall back on	avar	12:11, 31 March 2005

Status & tagging log

21:35, 7 June 2011 😂 (talk | contribs) changed the status of r89621 [removed: new added: ok]