* Fix for bug 28534: IE 6 content type detection again

* Fix for bug 28639: user object instance cache pollution
* Release notes formatting tweak.

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 46dc3ba..4946115 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,7 +1,7 @@
 = MediaWiki release notes =
 
 Security reminder: MediaWiki does not require PHP's register_globals
-setting since version 1.2.0. If you have it on, turn it *off* if you can.
+setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
 
 == MediaWiki 1.18 ==
 

diff --git a/images/.htaccess b/images/.htaccess
index 2aea33e..1cc74f4 100644 (file)
--- a/images/.htaccess
+++ b/images/.htaccess
@@ -1,6 +1,6 @@
 # Protect against bug 28235
 <IfModule rewrite_module>
        RewriteEngine On
-       RewriteCond %{QUERY_STRING} \.[a-z0-9]{1,4}(#|\?|$) [nocase]
+       RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(#|\?|$) [nocase]
        RewriteRule . - [forbidden]
 </IfModule>

diff --git a/img_auth.php b/img_auth.php
index 7b7bbda..b059be3 100644 (file)
--- a/img_auth.php
+++ b/img_auth.php
@@ -40,7 +40,7 @@ if ( $wgImgAuthPublicTest
 
 // Check for bug 28235: QUERY_STRING overriding the correct extension
 if ( isset( $_SERVER['QUERY_STRING'] )
-       && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
+       && preg_match( '/\.[^\\/:*?"<>|%]+(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
 {
        wfForbidden( 'img-auth-accessdenied', 'img-auth-bad-query-string' );
 }      

diff --git a/includes/User.php b/includes/User.php
index 308b6e3..9ff846d 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -937,24 +937,25 @@ class User {
                        return false;
                }
 
-               $this->mId = $sId;
-               if ( !$this->loadFromId() ) {
-                       # Not a valid ID, loadFromId has switched the object to anon for us
+               $proposedUser = User::newFromId( $sId );
+               if ( !$proposedUser->isLoggedIn() ) {
+                       # Not a valid ID
+                       $this->loadDefaults();
                        return false;
                }
 
                global $wgBlockDisablesLogin;
-               if( $wgBlockDisablesLogin && $this->isBlocked() ) {
+               if( $wgBlockDisablesLogin && $proposedUser->isBlocked() ) {
                        # User blocked and we've disabled blocked user logins
                        $this->loadDefaults();
                        return false;
                }
 
                if ( $wgRequest->getSessionData( 'wsToken' ) !== null ) {
-                       $passwordCorrect = $this->mToken == $wgRequest->getSessionData( 'wsToken' );
+                       $passwordCorrect = $proposedUser->getToken() === $wgRequest->getSessionData( 'wsToken' );
                        $from = 'session';
                } else if ( $wgRequest->getCookie( 'Token' ) !== null ) {
-                       $passwordCorrect = $this->mToken == $wgRequest->getCookie( 'Token' );
+                       $passwordCorrect = $proposedUser->getToken() === $wgRequest->getCookie( 'Token' );
                        $from = 'cookie';
                } else {
                        # No session or persistent login cookie
@@ -962,7 +963,8 @@ class User {
                        return false;
                }
 
-               if ( ( $sName == $this->mName ) && $passwordCorrect ) {
+               if ( ( $sName === $proposedUser->getName() ) && $passwordCorrect ) {
+                       $this->loadFromUserObject( $proposedUser );
                        $wgRequest->setSessionData( 'wsToken', $this->mToken );
                        wfDebug( "User: logged in from $from\n" );
                        return true;
@@ -1063,6 +1065,18 @@ class User {
                }
        }
 
+       /**
+        * Load the data for this user object from another user object. 
+        */
+       protected function loadFromUserObject( $user ) {
+               $user->load();
+               $user->loadGroups();
+               $user->loadOptions();
+               foreach ( self::$mCacheVars as $var ) {
+                       $this->$var = $user->$var;
+               }
+       }
+
        /**
         * Load the groups from the database if they aren't already loaded.
         * @private

diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index 41077d3..f701095 100644 (file)
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -786,7 +786,7 @@ class WebRequest {
                global $wgScriptExtension;
 
                if ( isset( $_SERVER['QUERY_STRING'] ) 
-                       && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
+                       && preg_match( '/\.[^\\/:*?"<>|%]+(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
                {
                        // Bug 28235
                        // Block only Internet Explorer, and requests with missing UA