diff options
author | Tim Starling <tstarling@users.mediawiki.org> | 2011-04-14 07:14:34 +0000 |
---|---|---|
committer | Tim Starling <tstarling@users.mediawiki.org> | 2011-04-14 07:14:34 +0000 |
commit | c4a6c2b05003d25cf865c86d7253aa56758613bc (patch) | |
tree | 151f28027c63b31cbfd2109d0b8058a71698709d | |
parent | 75d90d86cab4da68c32b81bd47b5471bb791ec23 (diff) |
* MFT r86027: fix IE6 XSS again1.16.4
* Updates for release of 1.16.4
Notes
http://mediawiki.org/wiki/Special:Code/MediaWiki/86030
-rw-r--r-- | RELEASE-NOTES | 10 | ||||
-rw-r--r-- | images/.htaccess | 2 | ||||
-rw-r--r-- | img_auth.php | 2 | ||||
-rw-r--r-- | includes/DefaultSettings.php | 2 | ||||
-rw-r--r-- | includes/WebRequest.php | 2 |
5 files changed, 12 insertions, 6 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index cf3f3a77efa5..1a863b9fa9b4 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,8 +1,8 @@ = MediaWiki release notes = -== MediaWiki 1.16.3 == +== MediaWiki 1.16.4 == -2011-04-12 +2011-04-14 This is a security and maintenance release of the MediaWiki 1.16 branch. @@ -44,6 +44,12 @@ set $wgCacheDirectory to a writable path on the local filesystem. Make sure you have the DBA extension for PHP installed, this will improve performance further. +== Changes since 1.16.3 == + +* (bug 28507) The change we made in 1.16.3 to fix bug 28235 (XSS for IE 6 + clients) was not actually sufficient to fix that bug. This release contains + a second attempt, hopefully we have fixed it this time. + == Changes since 1.16.2 == * (bug 28449) Fixed permissions checks in Special:Import which allowed users diff --git a/images/.htaccess b/images/.htaccess index e84a09522ad9..2aea33e06270 100644 --- a/images/.htaccess +++ b/images/.htaccess @@ -1,6 +1,6 @@ # Protect against bug 28235 <IfModule rewrite_module> RewriteEngine On - RewriteCond %{QUERY_STRING} \.[a-z]{1,4}$ [nocase] + RewriteCond %{QUERY_STRING} \.[a-z0-9]{1,4}(#|\?|$) [nocase] RewriteRule . - [forbidden] </IfModule> diff --git a/img_auth.php b/img_auth.php index 534d1fd2ec01..26ba9413c81a 100644 --- a/img_auth.php +++ b/img_auth.php @@ -39,7 +39,7 @@ if ( $wgImgAuthPublicTest // Check for bug 28235: QUERY_STRING overriding the correct extension if ( isset( $_SERVER['QUERY_STRING'] ) - && preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) ) + && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) ) { wfForbidden( 'img-auth-accessdenied', 'img-auth-bad-query-string' ); } diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 7993d95cbe6a..e4864edb3ea4 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -33,7 +33,7 @@ if ( !defined( 'MW_PHP4' ) ) { } /** MediaWiki version number */ -$wgVersion = '1.16.3'; +$wgVersion = '1.16.4'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; diff --git a/includes/WebRequest.php b/includes/WebRequest.php index 8a0ef48bf51f..a1d02d9c81aa 100644 --- a/includes/WebRequest.php +++ b/includes/WebRequest.php @@ -697,7 +697,7 @@ class WebRequest { global $wgScriptExtension; if ( isset( $_SERVER['QUERY_STRING'] ) - && preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) ) + && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) ) { // Bug 28235 // Block only Internet Explorer, and requests with missing UA |