summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2011-04-17 11:49:55 +0200
committerPierre Schmitz <pierre@archlinux.de>2011-04-17 11:49:55 +0200
commit75abb5292328bdb07a91ad7229a121ab3446569d (patch)
tree8eb38499cf9dc3a3a413c44ebad4463099f59e54
parent124299758ca7454561118f466a0470905758924f (diff)
update to MediaWiki 1.16.4
-rw-r--r--RELEASE-NOTES10
-rw-r--r--images/.htaccess6
-rw-r--r--img_auth.php2
-rw-r--r--includes/DefaultSettings.php2
-rw-r--r--includes/WebRequest.php2
-rw-r--r--maintenance/language/messages.inc1
6 files changed, 18 insertions, 5 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index cf3f3a77..1a863b9f 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,8 +1,8 @@
= MediaWiki release notes =
-== MediaWiki 1.16.3 ==
+== MediaWiki 1.16.4 ==
-2011-04-12
+2011-04-14
This is a security and maintenance release of the MediaWiki 1.16 branch.
@@ -44,6 +44,12 @@ set $wgCacheDirectory to a writable path on the local filesystem. Make sure
you have the DBA extension for PHP installed, this will improve performance
further.
+== Changes since 1.16.3 ==
+
+* (bug 28507) The change we made in 1.16.3 to fix bug 28235 (XSS for IE 6
+ clients) was not actually sufficient to fix that bug. This release contains
+ a second attempt, hopefully we have fixed it this time.
+
== Changes since 1.16.2 ==
* (bug 28449) Fixed permissions checks in Special:Import which allowed users
diff --git a/images/.htaccess b/images/.htaccess
new file mode 100644
index 00000000..2aea33e0
--- /dev/null
+++ b/images/.htaccess
@@ -0,0 +1,6 @@
+# Protect against bug 28235
+<IfModule rewrite_module>
+ RewriteEngine On
+ RewriteCond %{QUERY_STRING} \.[a-z0-9]{1,4}(#|\?|$) [nocase]
+ RewriteRule . - [forbidden]
+</IfModule>
diff --git a/img_auth.php b/img_auth.php
index 534d1fd2..26ba9413 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -39,7 +39,7 @@ if ( $wgImgAuthPublicTest
// Check for bug 28235: QUERY_STRING overriding the correct extension
if ( isset( $_SERVER['QUERY_STRING'] )
- && preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) )
+ && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
{
wfForbidden( 'img-auth-accessdenied', 'img-auth-bad-query-string' );
}
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 7993d95c..e4864edb 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -33,7 +33,7 @@ if ( !defined( 'MW_PHP4' ) ) {
}
/** MediaWiki version number */
-$wgVersion = '1.16.3';
+$wgVersion = '1.16.4';
/** Name of the site. It must be changed in LocalSettings.php */
$wgSitename = 'MediaWiki';
diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index 8a0ef48b..a1d02d9c 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -697,7 +697,7 @@ class WebRequest {
global $wgScriptExtension;
if ( isset( $_SERVER['QUERY_STRING'] )
- && preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) )
+ && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
{
// Bug 28235
// Block only Internet Explorer, and requests with missing UA
diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc
index 25bc8fd0..4c907a16 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -1272,6 +1272,7 @@ $wgMessageStructure = array(
'img-auth-streaming',
'img-auth-public',
'img-auth-noread',
+ 'img-auth-bad-query-string',
),
'http-errors' => array(