summaryrefslogtreecommitdiff
path: root/includes/Wiki.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/Wiki.php')
-rw-r--r--includes/Wiki.php20
1 files changed, 17 insertions, 3 deletions
diff --git a/includes/Wiki.php b/includes/Wiki.php
index 173fcd94..f535b981 100644
--- a/includes/Wiki.php
+++ b/includes/Wiki.php
@@ -78,7 +78,12 @@ class MediaWiki {
$ret = Title::newMainPage();
} else {
$ret = Title::newFromURL( $title );
- // check variant links so that interwiki links don't have to worry
+ // Alias NS_MEDIA page URLs to NS_FILE...we only use NS_MEDIA
+ // in wikitext links to tell Parser to make a direct file link
+ if ( !is_null( $ret ) && $ret->getNamespace() == NS_MEDIA ) {
+ $ret = Title::makeTitle( NS_FILE, $ret->getDBkey() );
+ }
+ // Check variant links so that interwiki links don't have to worry
// about the possible different language variants
if ( count( $wgContLang->getVariants() ) > 1
&& !is_null( $ret ) && $ret->getArticleID() == 0 )
@@ -128,7 +133,7 @@ class MediaWiki {
* @return void
*/
private function performRequest() {
- global $wgServer, $wgUsePathInfo;
+ global $wgServer, $wgUsePathInfo, $wgTitle;
wfProfileIn( __METHOD__ );
@@ -145,7 +150,6 @@ class MediaWiki {
wfRunHooks( 'BeforeInitialize',
array( &$title, null, &$output, &$user, $request, $this ) );
-
// Invalid titles. Bug 21776: The interwikis must redirect even if the page name is empty.
if ( is_null( $title ) || ( $title->getDBkey() == '' && $title->getInterwiki() == '' ) ||
$title->isSpecial( 'Badtitle' ) )
@@ -157,6 +161,16 @@ class MediaWiki {
// the Read array in order for the user to see it. (We have to check here to
// catch special pages etc. We check again in Article::view())
} elseif ( !$title->userCanRead() ) {
+ // Bug 32276: allowing the skin to generate output with $wgTitle
+ // set to the input title would allow anonymous users to
+ // determine whether a page exists, potentially leaking private data. In fact, the
+ // curid and oldid request parameters would allow page titles to be enumerated even
+ // when they are not guessable. So we reset the title to Special:Badtitle before the
+ // permissions error is displayed.
+ $badtitle = SpecialPage::getTitleFor( 'Badtitle' );
+ $output->setTitle( $badtitle );
+ $wgTitle = $badtitle;
+
$output->loginToUse();
// Interwiki redirects
} elseif ( $title->getInterwiki() != '' ) {
generated by cgit v1.2.2 (git 2.25.0) at 2024-04-23 18:48:52 +0000