diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/DefaultSettings.php | 2 | ||||
| -rw-r--r-- | includes/Sanitizer.php | 39 | ||||
| -rw-r--r-- | includes/actions/RawAction.php | 3 | ||||
| -rw-r--r-- | includes/installer/OracleUpdater.php | 7 | ||||
| -rw-r--r-- | includes/specials/SpecialUploadStash.php | 2 | ||||
| -rw-r--r-- | includes/upload/UploadBase.php | 6 |
6 files changed, 53 insertions, 6 deletions
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 0e493eb0..a56ef849 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -63,7 +63,7 @@ $wgConf = new SiteConfiguration; * MediaWiki version number * @since 1.2 */ -$wgVersion = '1.21.2'; +$wgVersion = '1.21.3'; /** * Name of the site. It must be changed in LocalSettings.php diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index 2dff081d..849e4d66 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -854,6 +854,27 @@ class Sanitizer { $value = preg_replace_callback( $decodeRegex, array( __CLASS__, 'cssDecodeCallback' ), $value ); + // Normalize Halfwidth and Fullwidth Unicode block that IE6 might treat as ascii + $value = preg_replace_callback( + '/[!-z]/u', // U+FF01 to U+FF5A + function ( $matches ) { + $cp = utf8ToCodepoint( $matches[0] ); + if ( $cp === false ) { + return ''; + } + return chr( $cp - 65248 ); // ASCII range \x21-\x7A + }, + $value + ); + + // Convert more characters IE6 might treat as ascii + // U+0280, U+0274, U+207F, U+029F, U+026A, U+207D, U+208D + $value = str_replace( + array( 'ʀ', 'ɴ', 'ⁿ', 'ʟ', 'ɪ', '⁽', '₍' ), + array( 'r', 'n', 'n', 'l', 'i', '(', '(' ), + $value + ); + // Remove any comments; IE gets token splitting wrong // This must be done AFTER decoding character references and // escape sequences, because those steps can introduce comments @@ -869,8 +890,24 @@ class Sanitizer { $value = substr( $value, 0, $commentPos ); } + // S followed by repeat, iteration, or prolonged sound marks, + // which IE will treat as "ss" + $value = preg_replace( + '/s(?: + \xE3\x80\xB1 | # U+3031 + \xE3\x82\x9D | # U+309D + \xE3\x83\xBC | # U+30FC + \xE3\x83\xBD | # U+30FD + \xEF\xB9\xBC | # U+FE7C + \xEF\xB9\xBD | # U+FE7D + \xEF\xBD\xB0 # U+FF70 + )/ix', + 'ss', + $value + ); + // Reject problematic keywords and control characters - if ( preg_match( '/[\000-\010\016-\037\177]/', $value ) ) { + if ( preg_match( '/[\000-\010\013\016-\037\177]/', $value ) ) { return '/* invalid control char */'; } elseif ( preg_match( '! expression | filter\s*: | accelerator\s*: | url\s*\( | image\s*\( | image-set\s*\( !ix', $value ) ) { return '/* insecure input */'; diff --git a/includes/actions/RawAction.php b/includes/actions/RawAction.php index d1d457c0..12ce9f98 100644 --- a/includes/actions/RawAction.php +++ b/includes/actions/RawAction.php @@ -94,6 +94,9 @@ class RawAction extends FormlessAction { # Output may contain user-specific data; # vary generated content for open sessions on private wikis $privateCache = !User::groupHasPermission( '*', 'read' ) && ( $smaxage == 0 || session_id() != '' ); + // Bug 53032 - make this private if user is logged in, + // so we don't accidentally cache cookies + $privateCache = $privateCache ?: $this->getUser()->isLoggedIn(); # allow the client to cache this for 24 hours $mode = $privateCache ? 'private' : 'public'; $response->header( 'Cache-Control: ' . $mode . ', s-maxage=' . $smaxage . ', max-age=' . $maxage ); diff --git a/includes/installer/OracleUpdater.php b/includes/installer/OracleUpdater.php index b416f4b6..90b4c877 100644 --- a/includes/installer/OracleUpdater.php +++ b/includes/installer/OracleUpdater.php @@ -202,7 +202,12 @@ class OracleUpdater extends DatabaseUpdater { protected function doPageRestrictionsPKUKFix() { $this->output( "Altering PAGE_RESTRICTIONS keys ... " ); - $meta = $this->db->query( 'SELECT column_name FROM all_cons_columns WHERE owner = \''.strtoupper($this->db->getDBname()).'\' AND constraint_name = \'MW_PAGE_RESTRICTIONS_PK\' AND rownum = 1' ); + $meta = $this->db->query( 'SELECT column_name FROM all_cons_columns WHERE owner = \'' . + strtoupper( $this->db->getDBname() ) . + '\' AND constraint_name = \'' . + $this->db->tablePrefix() . + 'PAGE_RESTRICTIONS_PK\' AND rownum = 1' + ); $row = $meta->fetchRow(); if ( $row['column_name'] == 'PR_ID' ) { $this->output( "seems to be up to date.\n" ); diff --git a/includes/specials/SpecialUploadStash.php b/includes/specials/SpecialUploadStash.php index ddf0c6da..066dcfc9 100644 --- a/includes/specials/SpecialUploadStash.php +++ b/includes/specials/SpecialUploadStash.php @@ -303,6 +303,8 @@ class SpecialUploadStash extends UnlistedSpecialPage { header( "Content-Type: $contentType", true ); header( 'Content-Transfer-Encoding: binary', true ); header( 'Expires: Sun, 17-Jan-2038 19:14:07 GMT', true ); + // Bug 53032 - It shouldn't be a problem here, but let's be safe and not cache + header( 'Cache-Control: private' ); header( "Content-Length: $size", true ); } diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index 5a823622..e72669d4 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -406,10 +406,10 @@ abstract class UploadBase { return $status; } - if ( $wgVerifyMimeType ) { - $this->mFileProps = FSFile::getPropsFromPath( $this->mTempPath, $this->mFinalExtension ); - $mime = $this->mFileProps['file-mime']; + $this->mFileProps = FSFile::getPropsFromPath( $this->mTempPath, $this->mFinalExtension ); + $mime = $this->mFileProps['file-mime']; + if ( $wgVerifyMimeType ) { # XXX: Missing extension will be caught by validateName() via getTitle() if ( $this->mFinalExtension != '' && !$this->verifyExtension( $mime, $this->mFinalExtension ) ) { wfProfileOut( __METHOD__ ); |