r99067 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r99066‎ \| r99067 \| r99068 >
Date:	01:10, 6 October 2011
Author:	brion
Status:	ok (Comments)
Tags:
Comment:	* (bug 31374) Pass relevant additional parameters for action=raw on Special:Mypage redirects Found that Special:MyPage was sometimes being used in importScript() calls to make references to the owner's other user subpages, such as loading a User:Blah/monobook.js from User:Blah/vector.js. The importScript() correctly included action=raw and ctype=text/javascript parameters, but Special:MyPage was redirecting to the actual URL and dropped the ctype parameter. IE 9 actually now validates content-type for scripts loaded into <script> -- if and only if you send X-Content-Type-Options: nosniff. Since we now do that (since bug 15461 / r87997) this created a break for IE9 users when upgrading from MW 1.17 (without the nosniff) to MW 1.18 (with it). Can also work around by replacing the Special:MyPage reference with a direct one. No other browsers I tested (Firefox 8, Chrome 14, Opera 11.5) rejected a <script> load for text/x-wiki but it's a legit thing to do (Firefox does check for CSS)
Modified paths:	/trunk/phase3/includes/SpecialPage.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/SpecialPage.php
—	—	@@ -1005,7 +1005,9 @@
1006	1006	function __construct() {
1007	1007	parent::__construct( 'Mypage' );
1008	1008	$this->mAllowedRedirectParams = array( 'action' , 'preload' , 'editintro',
1009		~~- 'section', 'oldid', 'diff', 'dir' );~~
	1009	+ 'section', 'oldid', 'diff', 'dir',
	1010	+ // Options for action=raw; missing ctype can break JS or CSS in some browsers
	1011	+ 'ctype', 'maxage', 'smaxage' );
1010	1012	}
1011	1013
1012	1014	function getRedirect( $subpage ) {

Revision	Commit summary	Author	Date
r99068	MFT r99067: fix bug 31400, followup to r87997....	brion	01:13, 6 October 2011
r99069	MFT r99067	aaron	01:18, 6 October 2011
r106012	Bug 31374: regression test made by Brion...	hashar	11:16, 13 December 2011

Revision	Commit summary	Author	Date
r87997	* (bug 15461) Make IE8 turn off content sniffing. Everbody else should ignore...	brion	15:52, 13 May 2011
r99062	Fix for bug 31374: reintroduce recursive unstrip as in r27667, somehow omitte...	tstarling	00:07, 6 October 2011

#Comment by Brion VIBBER (talk | contribs) 01:15, 6 October 2011

Needs merge to 1.18wmf1 & deployment to fix [1].

#Comment by Tim Starling (talk | contribs) 01:21, 6 October 2011

Bug 31374 does not look related.

#Comment by Catrope (talk | contribs) 11:54, 6 October 2011

#Comment by Catrope (talk | contribs) 11:55, 6 October 2011

Ahm, I meant bug 31400 of course.

#Comment by G.Hagedorn (talk | contribs) 10:41, 6 October 2011

delete tag 1.18wmf1, is already applied

11:54, 6 October 2011 Catrope (talk | contribs) changed the tags for r99067 [removed: 1.18wmf1]
01:16, 6 October 2011 Aaron Schulz (talk | contribs) changed the status of r99067 [removed: new added: ok]
01:15, 6 October 2011 Brion VIBBER (talk | contribs) changed the tags for r99067 [added: 1.18wmf1]