summaryrefslogtreecommitdiff
path: root/img_auth.php
diff options
context:
space:
mode:
Diffstat (limited to 'img_auth.php')
-rw-r--r--img_auth.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/img_auth.php b/img_auth.php
index 26ba9413..0fe239ba 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -39,7 +39,7 @@ if ( $wgImgAuthPublicTest
// Check for bug 28235: QUERY_STRING overriding the correct extension
if ( isset( $_SERVER['QUERY_STRING'] )
- && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
+ && preg_match( '/\.[^\\/:*?"<>|%]+(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
{
wfForbidden( 'img-auth-accessdenied', 'img-auth-bad-query-string' );
}