Conducting a conversation by means of comments

author Tim Starling <tstarling@users.mediawiki.org>

Thu, 1 Jul 2004 12:59:09 +0000 (12:59 +0000)

committer Tim Starling <tstarling@users.mediawiki.org>

Thu, 1 Jul 2004 12:59:09 +0000 (12:59 +0000)
author Tim Starling <tstarling@users.mediawiki.org>
Thu, 1 Jul 2004 12:59:09 +0000 (12:59 +0000)
committer Tim Starling <tstarling@users.mediawiki.org>
Thu, 1 Jul 2004 12:59:09 +0000 (12:59 +0000)
diff --git a/includes/Title.php b/includes/Title.php

index 35ae3e8..87d7e96 100644 (file)
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -188,8 +188,16 @@ class Title {
                 # Missing characters:
                 #  * []|# Needed for link syntax
                 #  * % and + are corrupted by Apache when they appear in the path
-               #  * % seems to work though
-               # 
+               #
+               # % seems to work though
+               #
+               # The problem with % is that URLs are double-unescaped: once by Apache's 
+               # path conversion code, and again by PHP. So %253F, for example, becomes "?".
+               # Our code does not double-escape to compensate for this, indeed double escaping
+               # would break if the double-escaped title was passed in the query string
+               # rather than the path. This is a minor security issue because articles can be
+               # created such that they are hard to view or edit. -- TS
+               #
                 # Theoretically 0x80-0x9F of ISO 8859-1 should be disallowed, but
                 # this breaks interlanguage links
author	Tim Starling <tstarling@users.mediawiki.org>
	Thu, 1 Jul 2004 12:59:09 +0000 (12:59 +0000)
committer	Tim Starling <tstarling@users.mediawiki.org>
	Thu, 1 Jul 2004 12:59:09 +0000 (12:59 +0000)