From: Antoine Musso <hashar@users.mediawiki.org>
Date: Thu, 3 Nov 2011 15:06:52 +0000 (+0000)
Subject: comment that isValidURI must reject file:// URI
X-Git-Tag: 1.31.0-rc.0~26737
X-Git-Url: http://git.cyclocoop.org/%28%5B%5E//%22%22?a=commitdiff_plain;h=57faa0c7945c5a19a07e3917b73d9c2d1786dcf5;p=lhc%2Fweb%2Fwiklou.git

comment that isValidURI must reject file:// URI
---

diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php
index 6968c612df..949cfcbb6d 100644
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -129,6 +129,8 @@ class Http {
 	 * protocols, because we only want protocols that both cURL
 	 * and php support.
 	 *
+	 * file:// should not be allowed there for security purpose (r67684)
+	 *
 	 * @fixme this is wildly inaccurate and fails to actually check most stuff
 	 *
 	 * @param $uri Mixed: URI to check for validity