/** * Check if Internet Explorer will detect an incorrect cache extension in * PATH_INFO or QUERY_STRING. If the request can't be allowed, show an error * message or redirect to a safer URL. Returns true if the URL is OK, and * false if an error message has been shown and the request should be aborted. * * @param $extWhitelist array * @throws HttpError * @return bool */ public function checkUrlExtension($extWhitelist = array()) { global $wgScriptExtension; $extWhitelist[] = ltrim($wgScriptExtension, '.'); if (IEUrlExtension::areServerVarsBad($_SERVER, $extWhitelist)) { if (!$this->wasPosted()) { $newUrl = IEUrlExtension::fixUrlForIE6($this->getFullRequestURL(), $extWhitelist); if ($newUrl !== false) { $this->doSecurityRedirect($newUrl); return false; } } throw new HttpError(403, 'Invalid file extension found in the path info or query string.'); } return true; }
/** * Check if Internet Explorer will detect an incorrect cache extension in * PATH_INFO or QUERY_STRING. If the request can't be allowed, show an error * message or redirect to a safer URL. Returns true if the URL is OK, and * false if an error message has been shown and the request should be aborted. * * @param $extWhitelist array * @return bool */ public function checkUrlExtension($extWhitelist = array()) { global $wgScriptExtension; $extWhitelist[] = ltrim($wgScriptExtension, '.'); /* Wikia change begin BugId: 34550 * Allow /wiki/ urls to serve user javascript/css */ $extWhitelist[] = 'js'; $extWhitelist[] = 'css'; /* Wikia change end */ if (IEUrlExtension::areServerVarsBad($_SERVER, $extWhitelist)) { if (!$this->wasPosted()) { $newUrl = IEUrlExtension::fixUrlForIE6($this->getFullRequestURL(), $extWhitelist); if ($newUrl !== false) { $this->doSecurityRedirect($newUrl); return false; } } throw new HttpError(403, 'Invalid file extension found in the path info or query string.'); } return true; }