While only MSIE is known to let the URL's "extension" override the allowed mime types, other browsers will still happily download a file with the name from the URL. That seems unwise as the content may be arbitrary (and perhaps executable).
$url = $_SERVER['PHP_SELF'];
}
- $ua = @$_SERVER['HTTP_USER_AGENT'];
- if( strcmp( $wgScript, $url ) && strpos( $ua, 'MSIE' ) !== false ) {
+ if( strcmp( $wgScript, $url ) ) {
# Internet Explorer will ignore the Content-Type header if it
# thinks it sees a file extension it recognizes. Make sure that
# all raw requests are done through the script node, which will