From: Brion Vibber <brion@users.mediawiki.org>
Date: Sat, 9 Oct 2004 21:24:52 +0000 (+0000)
Subject: More paranoia checks for Internet Explorer
X-Git-Tag: 1.5.0alpha1~1619
X-Git-Url: http://git.cyclocoop.org/%28?a=commitdiff_plain;h=7e5316bb4c3eb0152d4db8aa39ba7c3737a5b2b7;p=lhc%2Fweb%2Fwiklou.git

More paranoia checks for Internet Explorer
---

diff --git a/includes/RawPage.php b/includes/RawPage.php
index 2a806d8886..562dccc2e9 100644
--- a/includes/RawPage.php
+++ b/includes/RawPage.php
@@ -50,7 +50,25 @@ class RawPage {
 	}
 	
 	function view() {
-		global $wgUser, $wgOut;
+		global $wgUser, $wgOut, $wgScript;
+
+		if( strncmp( $wgScript . '?', $_SERVER['REQUEST_URI'], strlen( $wgScript ) + 1 ) ) {
+			# Internet Explorer will ignore the Content-Type header if it
+			# thinks it sees a file extension it recognizes. Make sure that
+			# all raw requests are done through the script node, which will
+			# have eg '.php' and should remain safe.
+			
+			$destUrl = $this->mTitle->getFullUrl(
+				'action=raw' .
+				'&ctype=' . urlencode( $this->mContentType ) .
+				'&smaxage=' . urlencode( $this->mSmaxage ) .
+				'&maxage=' . urlencode( $this->mMaxage ) .
+				'&oldid=' . urlencode( $this->mOldId ) );
+			header( 'Location: ' . $destUrl );
+			$wgOut->disable();
+			return;
+		}
+		
 		header( "Content-type: ".$this->mContentType.'; charset='.$this->mCharset );
 		# allow the client to cache this for 24 hours
 		header( 'Cache-Control: s-maxage='.$this->mSmaxage.', max-age='.$this->mMaxage );