From da6377abb198b21f4241236c3420e9a4a21ccb53 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Sat, 19 Jan 2008 01:18:23 +0000
Subject: [PATCH] Restore the complete prohibition on action=raw with arbitrary
 script entry points. While only MSIE is known to let the URL's "extension"
 override the allowed mime types, other browsers will still happily download a
 file with the name from the URL. That seems unwise as the content may be
 arbitrary (and perhaps executable).

---
 includes/RawPage.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/includes/RawPage.php b/includes/RawPage.php
index f96c8b91b0..8b10693889 100644
--- a/includes/RawPage.php
+++ b/includes/RawPage.php
@@ -126,8 +126,7 @@ class RawPage {
 			$url = $_SERVER['PHP_SELF'];
 		}
 		
-		$ua = @$_SERVER['HTTP_USER_AGENT'];
-		if( strcmp( $wgScript, $url ) && strpos( $ua, 'MSIE' ) !== false ) {
+		if( strcmp( $wgScript, $url ) ) {
 			# Internet Explorer will ignore the Content-Type header if it
 			# thinks it sees a file extension it recognizes. Make sure that
 			# all raw requests are done through the script node, which will
-- 
2.20.1