From: Brion Vibber <brion@users.mediawiki.org>
Date: Tue, 12 Feb 2008 22:45:10 +0000 (+0000)
Subject: * (bug 3269) Inaccessible titles ending in '/.' or '/..' now forbidden.
X-Git-Tag: 1.31.0-rc.0~49505
X-Git-Url: http://git.cyclocoop.org/%22.%24h.%22?a=commitdiff_plain;h=08176de1e188b9a59e705c62a7bb63dcef63219d;p=lhc%2Fweb%2Fwiklou.git

* (bug 3269) Inaccessible titles ending in '/.' or '/..' now forbidden.
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 18d6e33cd0..bfbd4affc0 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -385,6 +385,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 12301) Allow maintenance/findhooks.php to search hooks in multiple directories.
 * (bug 7681, 11559) Cookie values no longer override GET and POST variables.
 * (bug 5262) Fully-qualified $wgStylePath no longer corrupted on XML feeds
+* (bug 3269) Inaccessible titles ending in '/.' or '/..' now forbidden.
 
 
 == Parser changes in 1.12 ==
diff --git a/includes/Title.php b/includes/Title.php
index ad7cc54300..4c08f85549 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -2032,7 +2032,9 @@ class Title {
 		       strpos( $dbkey, './' ) === 0  ||
 		       strpos( $dbkey, '../' ) === 0 ||
 		       strpos( $dbkey, '/./' ) !== false ||
-		       strpos( $dbkey, '/../' ) !== false ) )
+		       strpos( $dbkey, '/../' ) !== false  ||
+		       substr( $dbkey, -2 ) == '/.' ||
+		       substr( $dbkey, -3 ) == '/..' ) )
 		{
 			return false;
 		}