1 files changed, 31 insertions, 27 deletions
diff --git a/includes/libs/IEUrlExtension.php b/includes/libs/IEUrlExtension.php
index 100454d4..e00e6663 100644
--- a/includes/libs/IEUrlExtension.php
+++ b/includes/libs/IEUrlExtension.php
@@ -1,31 +1,31 @@
 <?php
 
 /**
- * Internet Explorer derives a cache filename from a URL, and then in certain 
- * circumstances, uses the extension of the resulting file to determine the 
- * content type of the data, ignoring the Content-Type header. 
+ * Internet Explorer derives a cache filename from a URL, and then in certain
+ * circumstances, uses the extension of the resulting file to determine the
+ * content type of the data, ignoring the Content-Type header.
  *
  * This can be a problem, especially when non-HTML content is sent by MediaWiki,
  * and Internet Explorer interprets it as HTML, exposing an XSS vulnerability.
  *
- * Usually the script filename (e.g. api.php) is present in the URL, and this 
+ * Usually the script filename (e.g. api.php) is present in the URL, and this
  * makes Internet Explorer think the extension is a harmless script extension.
- * But Internet Explorer 6 and earlier allows the script extension to be 
- * obscured by encoding the dot as "%2E". 
+ * But Internet Explorer 6 and earlier allows the script extension to be
+ * obscured by encoding the dot as "%2E".
  *
- * This class contains functions which help in detecting and dealing with this 
+ * This class contains functions which help in detecting and dealing with this
  * situation.
  *
- * Checking the URL for a bad extension is somewhat complicated due to the fact 
+ * Checking the URL for a bad extension is somewhat complicated due to the fact
  * that CGI doesn't provide a standard method to determine the URL. Instead it
- * is necessary to pass a subset of $_SERVER variables, which we then attempt 
+ * is necessary to pass a subset of $_SERVER variables, which we then attempt
  * to use to guess parts of the URL.
  */
 class IEUrlExtension {
 	/**
 	 * Check a subset of $_SERVER (or the whole of $_SERVER if you like)
-	 * to see if it indicates that the request was sent with a bad file 
-	 * extension. Returns true if the request should be denied or modified, 
+	 * to see if it indicates that the request was sent with a bad file
+	 * extension. Returns true if the request should be denied or modified,
 	 * false otherwise. The relevant $_SERVER elements are:
 	 *
 	 *   - SERVER_SOFTWARE
@@ -37,6 +37,7 @@ class IEUrlExtension {
 	 *
 	 * @param $vars A subset of $_SERVER.
 	 * @param $extWhitelist Extensions which are allowed, assumed harmless.
+	 * @return bool
 	 */
 	public static function areServerVarsBad( $vars, $extWhitelist = array() ) {
 		// Check QUERY_STRING or REQUEST_URI
@@ -55,7 +56,7 @@ class IEUrlExtension {
 			return true;
 		}
 
-		// Some servers have PATH_INFO but not REQUEST_URI, so we check both 
+		// Some servers have PATH_INFO but not REQUEST_URI, so we check both
 		// to be on the safe side.
 		if ( isset( $vars['PATH_INFO'] )
 			&& self::isUrlExtensionBad( $vars['PATH_INFO'], $extWhitelist ) )
@@ -71,7 +72,7 @@ class IEUrlExtension {
 	 * Given a right-hand portion of a URL, determine whether IE would detect
 	 * a potentially harmful file extension.
 	 *
-	 * @param $urlPart The right-hand portion of a URL
+	 * @param $urlPart string The right-hand portion of a URL
 	 * @param $extWhitelist An array of file extensions which may occur in this
 	 *    URL, and which should be allowed.
 	 * @return bool
@@ -97,10 +98,10 @@ class IEUrlExtension {
 		}
 
 		if ( !preg_match( '/^[a-zA-Z0-9_-]+$/', $extension ) ) {
-			// Non-alphanumeric extension, unlikely to be registered. 
+			// Non-alphanumeric extension, unlikely to be registered.
 			//
 			// The regex above is known to match all registered file extensions
-			// in a default Windows XP installation. It's important to allow 
+			// in a default Windows XP installation. It's important to allow
 			// extensions with ampersands and percent signs, since that reduces
 			// the number of false positives substantially.
 			return false;
@@ -111,8 +112,11 @@ class IEUrlExtension {
 	}
 
 	/**
-	 * Returns a variant of $url which will pass isUrlExtensionBad() but has the 
+	 * Returns a variant of $url which will pass isUrlExtensionBad() but has the
 	 * same GET parameters, or false if it can't figure one out.
+	 * @param $url
+	 * @param $extWhitelist array
+	 * @return bool|string
 	 */
 	public static function fixUrlForIE6( $url, $extWhitelist = array() ) {
 		$questionPos = strpos( $url, '?' );
@@ -127,7 +131,7 @@ class IEUrlExtension {
 			$query = substr( $url, $questionPos + 1 );
 		}
 
-		// Multiple question marks cause problems. Encode the second and 
+		// Multiple question marks cause problems. Encode the second and
 		// subsequent question mark.
 		$query = str_replace( '?', '%3E', $query );
 		// Append an invalid path character so that IE6 won't see the end of the
@@ -153,16 +157,16 @@ class IEUrlExtension {
 	 * insecure.
 	 *
 	 * The criteria for finding an extension are as follows:
-	 * - a possible extension is a dot followed by one or more characters not 
+	 * - a possible extension is a dot followed by one or more characters not
 	 *   in <>\"/:|?.#
-	 * - if we find a possible extension followed by the end of the string or 
+	 * - if we find a possible extension followed by the end of the string or
 	 *   a #, that's our extension
 	 * - if we find a possible extension followed by a ?, that's our extension
-	 *    - UNLESS it's exe, dll or cgi, in which case we ignore it and continue 
+	 *    - UNLESS it's exe, dll or cgi, in which case we ignore it and continue
 	 *      searching for another possible extension
-	 * - if we find a possible extension followed by a dot or another illegal 
+	 * - if we find a possible extension followed by a dot or another illegal
 	 *   character, we ignore it and continue searching
-	 * 
+	 *
 	 * @param $url string URL
 	 * @return mixed Detected extension (string), or false if none found
 	 */
@@ -182,7 +186,7 @@ class IEUrlExtension {
 				// End of string, we're done
 				return false;
 			}
-			
+
 			// We found a dot. Skip past it
 			$pos++;
 			$remainingLength = $urlLength - $pos;
@@ -220,12 +224,12 @@ class IEUrlExtension {
 	 * with %2E not decoded to ".". On such a server, it is possible to detect
 	 * whether the script filename has been obscured.
 	 *
-	 * The function returns false if the server is not known to have this 
+	 * The function returns false if the server is not known to have this
 	 * behaviour. Microsoft IIS in particular is known to decode escaped script
 	 * filenames.
 	 *
 	 * SERVER_SOFTWARE typically contains either a plain string such as "Zeus",
-	 * or a specification in the style of a User-Agent header, such as 
+	 * or a specification in the style of a User-Agent header, such as
 	 * "Apache/1.3.34 (Unix) mod_ssl/2.8.25 OpenSSL/0.9.8a PHP/4.4.2"
 	 *
 	 * @param $serverSoftware
@@ -234,8 +238,8 @@ class IEUrlExtension {
 	 */
 	public static function haveUndecodedRequestUri( $serverSoftware ) {
 		static $whitelist = array(
-			'Apache', 
-			'Zeus', 
+			'Apache',
+			'Zeus',
 			'LiteSpeed' );
 		if ( preg_match( '/^(.*?)($|\/| )/', $serverSoftware, $m ) ) {
 			return in_array( $m[1], $whitelist );