From 2406b511a66f44ad13967e3f252e295d52796991 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Fri, 3 Sep 2004 06:12:57 +0000
Subject: [PATCH] Start cracking down on illegal titles: in UTF-8 mode reject
 titles which have had the 'replacement character' inserted, representing
 illegal UTF-8 sequences or non-legal Unicode characters. Moved the PATH_INFO
 check from index.php into WebRequest; it now just shoves the param into
 $_REQUEST['title'].

---
 includes/Title.php      |  9 +++++++++
 includes/WebRequest.php |  7 ++++++-
 index.php               | 11 +----------
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/includes/Title.php b/includes/Title.php
index 22c18702d7..e262c5a437 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -4,6 +4,8 @@
  *
  */
 
+require_once( 'normal/UtfNormal.php' );
+
 /**
  *
  */
@@ -709,6 +711,13 @@ class Title {
 			wfProfileOut( $fname );
 			return false;
 		}
+		
+		global $wgUseLatin1;
+		if( !$wgUseLatin1 &&  false !== strpos( $t, UTF8_REPLACEMENT, $t ) ) {
+			# Contained illegal UTF-8 sequences or forbidden Unicode chars.
+			wfProfileOut( $fname );
+			return false;
+		}
 
 		$this->mDbkeyform = $t;
 		$done = false;
diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index 20f2c3ec27..1cf69280e1 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -28,6 +28,11 @@
 class WebRequest {
 	function WebRequest() {
 		$this->checkMagicQuotes();
+		global $wgUsePathInfo;
+		if( isset( $_SERVER['PATH_INFO'] ) && $wgUsePathInfo ) {
+			# Stuff it!
+			$_REQUEST['title'] = substr( $_SERVER['PATH_INFO'], 1 );
+		}
 		global $wgUseLatin1;
 		if( !$wgUseLatin1 ) {
 			require_once( 'normal/UtfNormal.php' );
@@ -64,7 +69,7 @@ class WebRequest {
 			if( is_array( $val ) ) {
 				$this->normalizeUnicode( $arr[$key ] );
 			} else {
-				$arr[$key] = UtfNormal::toNFC( $val );
+				$arr[$key] = UtfNormal::cleanUp( $val );
 			}
 		}
 	}
diff --git a/index.php b/index.php
index 8f60e00da8..411fec21f3 100644
--- a/index.php
+++ b/index.php
@@ -25,16 +25,7 @@ OutputPage::setEncodings(); # Not really used yet
 
 # Query string fields
 $action = $wgRequest->getVal( "action", "view" );
-
-if( isset( $_SERVER['PATH_INFO'] ) && $wgUsePathInfo ) {
-	$title = substr( $_SERVER['PATH_INFO'], 1 );
-	if( !$wgUseLatin1 ) {
-		require_once( 'includes/normal/UtfNormal.php' );
-		$title = UtfNormal::toNFC( $title );
-	}
-} else {
-	$title = $wgRequest->getVal( "title" );
-}
+$title = $wgRequest->getVal( "title" );
 
 # Placeholders in case of DB error
 $wgTitle = Title::newFromText( wfMsg( "badtitle" ) );
-- 
2.20.1