(bug 28507) Fix for r85844: that revision was not actually sufficient to fix bug...

diff --git a/images/.htaccess b/images/.htaccess
index e84a095..2aea33e 100644 (file)
--- a/images/.htaccess
+++ b/images/.htaccess
@@ -1,6 +1,6 @@
 # Protect against bug 28235
 <IfModule rewrite_module>
        RewriteEngine On
-       RewriteCond %{QUERY_STRING} \.[a-z]{1,4}$ [nocase]
+       RewriteCond %{QUERY_STRING} \.[a-z0-9]{1,4}(#|\?|$) [nocase]
        RewriteRule . - [forbidden]
 </IfModule>

diff --git a/img_auth.php b/img_auth.php
index c9a2242..7b7bbda 100644 (file)
--- a/img_auth.php
+++ b/img_auth.php
@@ -40,7 +40,7 @@ if ( $wgImgAuthPublicTest
 
 // Check for bug 28235: QUERY_STRING overriding the correct extension
 if ( isset( $_SERVER['QUERY_STRING'] )
-       && preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) )
+       && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
 {
        wfForbidden( 'img-auth-accessdenied', 'img-auth-bad-query-string' );
 }      

diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index d5ec821..78667b1 100644 (file)
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -785,7 +785,7 @@ class WebRequest {
                global $wgScriptExtension;
 
                if ( isset( $_SERVER['QUERY_STRING'] ) 
-                       && preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) )
+                       && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
                {
                        // Bug 28235
                        // Block only Internet Explorer, and requests with missing UA