From: Rob Church Date: Sun, 15 Jul 2007 05:08:06 +0000 (+0000) Subject: MIME is an acronym... X-Git-Tag: 1.31.0-rc.0~52089 X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/membres/fiche.php?a=commitdiff_plain;h=d4b6572b83934b0dbcf5346dec647c77bb457cf6;p=lhc%2Fweb%2Fwiklou.git MIME is an acronym... --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 40ba59a21a..c81da17fdc 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -293,8 +293,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * Don't show non-functional toolbar buttons on Opera 7 anymore * (bug 9151) Fix relative subpage links with section fragments * (bug 10560) Adding a space between category letter heading and "continues" -* Security fix: Disable retrieving pages as raw js/css that should not contain - such content. +* Don't allow retrieving non-JavaScript/CSS pages with "text/css" or "text/javascript" + MIME types == API changes since 1.10 == diff --git a/includes/RawPage.php b/includes/RawPage.php index 96f3848cf2..f81349a27a 100644 --- a/includes/RawPage.php +++ b/includes/RawPage.php @@ -151,7 +151,7 @@ class RawPage { $dangerousTypes = array( $wgJsMimeType, 'text/css' ); if ( in_array( $this->mContentType, $dangerousTypes ) && !($this->mTitle->isCssOrJsPage() || $this->mTitle->isCssJsSubpage() ) ) - return '/* Page type not compatible with requested mime type. */'; + return '/* Page type not compatible with requested MIME type. */'; if($this->mGen) { $sk = $wgUser->getSkin();