From: Kevin Israel Date: Mon, 10 Jun 2013 02:04:24 +0000 (-0400) Subject: Make wfMatchesDomainList not match partial domains X-Git-Tag: 1.31.0-rc.0~19096 X-Git-Url: https://git.cyclocoop.org/%242?a=commitdiff_plain;h=c2d0b90633d083eb721ccffb437e1f5c98c580af;p=lhc%2Fweb%2Fwiklou.git Make wfMatchesDomainList not match partial domains Change-Id: I90e7af152fbd9bb8d84d5f2c54bd352b461c530d --- diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22 index 2658193461..e67bb00ea3 100644 --- a/RELEASE-NOTES-1.22 +++ b/RELEASE-NOTES-1.22 @@ -39,6 +39,8 @@ production. page protection levels. The rights 'editprotected' and 'editsemiprotected' are now used for this purpose instead. * (bug 40866) wgOldChangeTagsIndex removed. +* $wgNoFollowDomainExceptions now only matches entire domains. For example, + an entry for 'bar.com' will still match 'foo.bar.com' but not 'foobar.com'. === New features in 1.22 === * (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes. diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index 17835e4c3d..65b4c23746 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -879,10 +879,10 @@ function wfMakeUrlIndexes( $url ) { function wfMatchesDomainList( $url, $domains ) { $bits = wfParseUrl( $url ); if ( is_array( $bits ) && isset( $bits['host'] ) ) { + $host = '.' . $bits['host']; foreach ( (array)$domains as $domain ) { - // FIXME: This gives false positives. http://nds-nl.wikipedia.org will match nl.wikipedia.org - // We should use something that interprets dots instead - if ( substr( $bits['host'], -strlen( $domain ) ) === $domain ) { + $domain = '.' . $domain; + if ( substr( $host, -strlen( $domain ) ) === $domain ) { return true; } } diff --git a/tests/phpunit/includes/GlobalFunctions/GlobalTest.php b/tests/phpunit/includes/GlobalFunctions/GlobalTest.php index 408d44016e..57f8c19935 100644 --- a/tests/phpunit/includes/GlobalFunctions/GlobalTest.php +++ b/tests/phpunit/includes/GlobalFunctions/GlobalTest.php @@ -623,9 +623,7 @@ class GlobalTest extends MediaWikiTestCase { array( "$p//www.example2.com", array( 'www.example.com', 'www.example2.com', 'www.example3.com' ), true, "Exact match with other domains in array, $pDesc URL" ), array( "$p//www.example2.com", array( 'example.com', 'example2.com', 'example3,com' ), true, "Match without subdomain with other domains in array, $pDesc URL" ), array( "$p//www.example4.com", array( 'example.com', 'example2.com', 'example3,com' ), false, "Domain not in array, $pDesc URL" ), - - // FIXME: This is a bug in wfMatchesDomainList(). If and when this is fixed, update this test case - array( "$p//nds-nl.wikipedia.org", array( 'nl.wikipedia.org' ), true, "Substrings of domains match while they shouldn't, $pDesc URL" ), + array( "$p//nds-nl.wikipedia.org", array( 'nl.wikipedia.org' ), false, "Non-matching substring of domain, $pDesc URL" ), ) ); }