Revert r24105, r24106, r24107 'security fix' forbidden text/css and text/javascript...

This doesn't actually do the job; browsers aren't this picky about their JavaScript, and many aren't picky about CSS either. Further, this actually breaks internal JS such as the gen=js mode.

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index d2a4a49..9c189a7 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -305,8 +305,6 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * Don't show non-functional toolbar buttons on Opera 7 anymore
 * (bug 9151) Fix relative subpage links with section fragments
 * (bug 10560) Adding a space between category letter heading and "continues"
-* Don't allow retrieving non-JavaScript/CSS pages with "text/css" or "text/javascript"
-  MIME types
 * (bug 1629) Stop section edit links from being shoved down by other floats
 * (bug 4650) Keep impossibly large/small counts off Special:Statistics
 * (bug 10608) PHP notice when installing with PostgreSQL

diff --git a/includes/RawPage.php b/includes/RawPage.php
index f81349a..9df94e5 100644 (file)
--- a/includes/RawPage.php
+++ b/includes/RawPage.php
@@ -145,14 +145,7 @@ class RawPage {
        }
 
        function getRawText() {
-               global $wgUser, $wgOut, $wgRequest, $wgJsMimeType;
-
-               /* Disable retrieving content pages as raw js/css */
-               $dangerousTypes = array( $wgJsMimeType, 'text/css' );
-               if ( in_array( $this->mContentType, $dangerousTypes ) && 
-                               !($this->mTitle->isCssOrJsPage() || $this->mTitle->isCssJsSubpage() ) )
-                       return '/* Page type not compatible with requested MIME type. */';
-       
+               global $wgUser, $wgOut, $wgRequest;
                if($this->mGen) {
                        $sk = $wgUser->getSkin();
                        $sk->initPage($wgOut);