diff options
| -rw-r--r-- | RELEASE-NOTES | 10 | ||||
| -rw-r--r-- | images/.htaccess | 6 | ||||
| -rw-r--r-- | img_auth.php | 2 | ||||
| -rw-r--r-- | includes/DefaultSettings.php | 2 | ||||
| -rw-r--r-- | includes/WebRequest.php | 2 | ||||
| -rw-r--r-- | maintenance/language/messages.inc | 1 |
6 files changed, 18 insertions, 5 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index cf3f3a77..1a863b9f 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,8 +1,8 @@ = MediaWiki release notes = -== MediaWiki 1.16.3 == +== MediaWiki 1.16.4 == -2011-04-12 +2011-04-14 This is a security and maintenance release of the MediaWiki 1.16 branch. @@ -44,6 +44,12 @@ set $wgCacheDirectory to a writable path on the local filesystem. Make sure you have the DBA extension for PHP installed, this will improve performance further. +== Changes since 1.16.3 == + +* (bug 28507) The change we made in 1.16.3 to fix bug 28235 (XSS for IE 6 + clients) was not actually sufficient to fix that bug. This release contains + a second attempt, hopefully we have fixed it this time. + == Changes since 1.16.2 == * (bug 28449) Fixed permissions checks in Special:Import which allowed users diff --git a/images/.htaccess b/images/.htaccess new file mode 100644 index 00000000..2aea33e0 --- /dev/null +++ b/images/.htaccess @@ -0,0 +1,6 @@ +# Protect against bug 28235 +<IfModule rewrite_module> + RewriteEngine On + RewriteCond %{QUERY_STRING} \.[a-z0-9]{1,4}(#|\?|$) [nocase] + RewriteRule . - [forbidden] +</IfModule> diff --git a/img_auth.php b/img_auth.php index 534d1fd2..26ba9413 100644 --- a/img_auth.php +++ b/img_auth.php @@ -39,7 +39,7 @@ if ( $wgImgAuthPublicTest // Check for bug 28235: QUERY_STRING overriding the correct extension if ( isset( $_SERVER['QUERY_STRING'] ) - && preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) ) + && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) ) { wfForbidden( 'img-auth-accessdenied', 'img-auth-bad-query-string' ); } diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 7993d95c..e4864edb 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -33,7 +33,7 @@ if ( !defined( 'MW_PHP4' ) ) { } /** MediaWiki version number */ -$wgVersion = '1.16.3'; +$wgVersion = '1.16.4'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; diff --git a/includes/WebRequest.php b/includes/WebRequest.php index 8a0ef48b..a1d02d9c 100644 --- a/includes/WebRequest.php +++ b/includes/WebRequest.php @@ -697,7 +697,7 @@ class WebRequest { global $wgScriptExtension; if ( isset( $_SERVER['QUERY_STRING'] ) - && preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) ) + && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) ) { // Bug 28235 // Block only Internet Explorer, and requests with missing UA diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc index 25bc8fd0..4c907a16 100644 --- a/maintenance/language/messages.inc +++ b/maintenance/language/messages.inc @@ -1272,6 +1272,7 @@ $wgMessageStructure = array( 'img-auth-streaming', 'img-auth-public', 'img-auth-noread', + 'img-auth-bad-query-string', ), 'http-errors' => array( |