security_fix

diff --git a/includes/Title.php b/includes/Title.php
index 3924085..dd2fd81 100644 (file)
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -770,7 +770,7 @@ class Title {
                if( Namespace::getUser() == $this->mNamespace
                        and preg_match("/\\.(css|js)$/", $this->mTextform )
                        and !$wgUser->isSysop()
-                       and !preg_match('/^'.preg_quote($wgUser->getName(), '/').'/', $this->mTextform) )
+                       and !preg_match('/^'.preg_quote($wgUser->getName(), '/').'\//', $this->mTextform) )
                { return false; }
                $ur = $wgUser->getRights();
                foreach ( $this->getRestrictions() as $r ) {
@@ -837,7 +837,7 @@ class Title {
         */
        function userCanEditCssJsSubpage() {
                global $wgUser;
-               return ( $wgUser->isSysop() or preg_match('/^'.preg_quote($wgUser->getName()).'/', $this->mTextform) );
+               return ( $wgUser->isSysop() or preg_match('/^'.preg_quote($wgUser->getName(), '/').'\//', $this->mTextform) );
        }
 
        /**