- global $wgOut, $wgScript;
-
- if( isset( $_SERVER['SCRIPT_URL'] ) ) {
- # Normally we use PHP_SELF to get the URL to the script
- # as it was called, minus the query string.
- #
- # Some sites use Apache rewrite rules to handle subdomains,
- # and have PHP set up in a weird way that causes PHP_SELF
- # to contain the rewritten URL instead of the one that the
- # outside world sees.
- #
- # If in this mode, use SCRIPT_URL instead, which mod_rewrite
- # provides containing the "before" URL.
- $url = $_SERVER['SCRIPT_URL'];
- } else {
- $url = $_SERVER['PHP_SELF'];
- }
-
- $ua = @$_SERVER['HTTP_USER_AGENT'];
- if( strcmp( $wgScript, $url ) && strpos( $ua, 'MSIE' ) !== false ) {
- # Internet Explorer will ignore the Content-Type header if it
- # thinks it sees a file extension it recognizes. Make sure that
- # all raw requests are done through the script node, which will
- # have eg '.php' and should remain safe.
- #
- # We used to redirect to a canonical-form URL as a general
- # backwards-compatibility / good-citizen nice thing. However
- # a lot of servers are set up in buggy ways, resulting in
- # redirect loops which hang the browser until the CSS load
- # times out.
- #
- # Just return a 403 Forbidden and get it over with.
- wfHttpError( 403, 'Forbidden',
- 'Raw pages must be accessed through the primary script entry point.' );