* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
'trace'.
* (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
+* (T212067) Work around PHP bug in parse_url.
== MediaWiki 1.31.5 ==
Wikimedia\suppressWarnings();
$bits = parse_url( $url );
Wikimedia\restoreWarnings();
+
+ // T212067: PHP < 5.6.28, 7.0.0–7.0.12, and HHVM (all relevant versions) screw up parsing
+ // the query part of pathless URLs
+ if ( isset( $bits['host'] ) && strpos( $bits['host'], '?' ) !== false ) {
+ list( $host, $query ) = explode( '?', $bits['host'], 2 );
+ $bits['host'] = $host;
+ $bits['query'] = $query
+ . ( $bits['path'] ?? '' )
+ . ( isset( $bits['query'] ) ? '?' . $bits['query'] : '' );
+ unset( $bits['path'] );
+ }
+
// parse_url() returns an array without scheme for some invalid URLs, e.g.
// parse_url("%0Ahttp://example.com") == [ 'host' => '%0Ahttp', 'path' => 'example.com' ]
if ( !$bits || !isset( $bits['scheme'] ) ) {
'invalid://test/',
false
],
+ // T212067
+ [
+ '//evil.com?example.org/foo/bar',
+ [
+ 'scheme' => '',
+ 'delimiter' => '//',
+ 'host' => 'evil.com',
+ 'query' => 'example.org/foo/bar',
+ ]
+ ],
+ [
+ '//evil.com?example.org/foo/bar?baz#quux',
+ [
+ 'scheme' => '',
+ 'delimiter' => '//',
+ 'host' => 'evil.com',
+ 'query' => 'example.org/foo/bar?baz',
+ 'fragment' => 'quux',
+ ]
+ ],
+ [
+ '//evil.com?example.org?baz#quux',
+ [
+ 'scheme' => '',
+ 'delimiter' => '//',
+ 'host' => 'evil.com',
+ 'query' => 'example.org?baz',
+ 'fragment' => 'quux',
+ ]
+ ],
+ [
+ '//evil.com?example.org#quux',
+ [
+ 'scheme' => '',
+ 'delimiter' => '//',
+ 'host' => 'evil.com',
+ 'query' => 'example.org',
+ 'fragment' => 'quux',
+ ]
+ ],
];
}
}