From 7aeb423a6e1b0548a433ad0c2205563464f3f0c8 Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@users.mediawiki.org>
Date: Thu, 14 Apr 2011 07:10:59 +0000
Subject: [PATCH] (bug 28507) Fix for r85844: that revision was not actually
 sufficient to fix bug 28235, since URLs can have more than one question mark
 in them.

---
 images/.htaccess        | 2 +-
 img_auth.php            | 2 +-
 includes/WebRequest.php | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/images/.htaccess b/images/.htaccess
index e84a09522a..2aea33e062 100644
--- a/images/.htaccess
+++ b/images/.htaccess
@@ -1,6 +1,6 @@
 # Protect against bug 28235
 <IfModule rewrite_module>
 	RewriteEngine On
-	RewriteCond %{QUERY_STRING} \.[a-z]{1,4}$ [nocase]
+	RewriteCond %{QUERY_STRING} \.[a-z0-9]{1,4}(#|\?|$) [nocase]
 	RewriteRule . - [forbidden]
 </IfModule>
diff --git a/img_auth.php b/img_auth.php
index c9a2242059..7b7bbda2e4 100644
--- a/img_auth.php
+++ b/img_auth.php
@@ -40,7 +40,7 @@ if ( $wgImgAuthPublicTest
 
 // Check for bug 28235: QUERY_STRING overriding the correct extension
 if ( isset( $_SERVER['QUERY_STRING'] )
-	&& preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) )
+	&& preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
 {
 	wfForbidden( 'img-auth-accessdenied', 'img-auth-bad-query-string' );
 }	
diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index d5ec821704..78667b18cd 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -785,7 +785,7 @@ class WebRequest {
 		global $wgScriptExtension;
 
 		if ( isset( $_SERVER['QUERY_STRING'] ) 
-			&& preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) )
+			&& preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
 		{
 			// Bug 28235
 			// Block only Internet Explorer, and requests with missing UA 
-- 
2.20.1