From d740bd3bb6897ae8d7cb147a56a5b4105c581a8d Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 17 Jul 2007 15:50:50 +0000 Subject: [PATCH] Revert r24105, r24106, r24107 'security fix' forbidden text/css and text/javascript for pages not matching some particular formats. This doesn't actually do the job; browsers aren't this picky about their JavaScript, and many aren't picky about CSS either. Further, this actually breaks internal JS such as the gen=js mode. --- RELEASE-NOTES | 2 -- includes/RawPage.php | 9 +-------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index d2a4a494c6..9c189a7ee9 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -305,8 +305,6 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * Don't show non-functional toolbar buttons on Opera 7 anymore * (bug 9151) Fix relative subpage links with section fragments * (bug 10560) Adding a space between category letter heading and "continues" -* Don't allow retrieving non-JavaScript/CSS pages with "text/css" or "text/javascript" - MIME types * (bug 1629) Stop section edit links from being shoved down by other floats * (bug 4650) Keep impossibly large/small counts off Special:Statistics * (bug 10608) PHP notice when installing with PostgreSQL diff --git a/includes/RawPage.php b/includes/RawPage.php index f81349a27a..9df94e50af 100644 --- a/includes/RawPage.php +++ b/includes/RawPage.php @@ -145,14 +145,7 @@ class RawPage { } function getRawText() { - global $wgUser, $wgOut, $wgRequest, $wgJsMimeType; - - /* Disable retrieving content pages as raw js/css */ - $dangerousTypes = array( $wgJsMimeType, 'text/css' ); - if ( in_array( $this->mContentType, $dangerousTypes ) && - !($this->mTitle->isCssOrJsPage() || $this->mTitle->isCssJsSubpage() ) ) - return '/* Page type not compatible with requested MIME type. */'; - + global $wgUser, $wgOut, $wgRequest; if($this->mGen) { $sk = $wgUser->getSkin(); $sk->initPage($wgOut); -- 2.20.1