MediaWiki  1.23.0
IEUrlExtension.php
Go to the documentation of this file.
1 <?php
44 class IEUrlExtension {
62  public static function areServerVarsBad( $vars, $extWhitelist = array() ) {
63  // Check QUERY_STRING or REQUEST_URI
64  if ( isset( $vars['SERVER_SOFTWARE'] )
65  && isset( $vars['REQUEST_URI'] )
66  && self::haveUndecodedRequestUri( $vars['SERVER_SOFTWARE'] ) )
67  {
68  $urlPart = $vars['REQUEST_URI'];
69  } elseif ( isset( $vars['QUERY_STRING'] ) ) {
70  $urlPart = $vars['QUERY_STRING'];
71  } else {
72  $urlPart = '';
73  }
74 
75  if ( self::isUrlExtensionBad( $urlPart, $extWhitelist ) ) {
76  return true;
77  }
78 
79  // Some servers have PATH_INFO but not REQUEST_URI, so we check both
80  // to be on the safe side.
81  if ( isset( $vars['PATH_INFO'] )
82  && self::isUrlExtensionBad( $vars['PATH_INFO'], $extWhitelist ) )
83  {
84  return true;
85  }
86 
87  // All checks passed
88  return false;
89  }
90 
100  public static function isUrlExtensionBad( $urlPart, $extWhitelist = array() ) {
101  if ( strval( $urlPart ) === '' ) {
102  return false;
103  }
104 
105  $extension = self::findIE6Extension( $urlPart );
106  if ( strval( $extension ) === '' ) {
107  // No extension or empty extension
108  return false;
109  }
110 
111  if ( in_array( $extension, array( 'php', 'php5' ) ) ) {
112  // Script extension, OK
113  return false;
114  }
115  if ( in_array( $extension, $extWhitelist ) ) {
116  // Whitelisted extension
117  return false;
118  }
119 
120  if ( !preg_match( '/^[a-zA-Z0-9_-]+$/', $extension ) ) {
121  // Non-alphanumeric extension, unlikely to be registered.
122  //
123  // The regex above is known to match all registered file extensions
124  // in a default Windows XP installation. It's important to allow
125  // extensions with ampersands and percent signs, since that reduces
126  // the number of false positives substantially.
127  return false;
128  }
129 
130  // Possibly bad extension
131  return true;
132  }
133 
141  public static function fixUrlForIE6( $url, $extWhitelist = array() ) {
142  $questionPos = strpos( $url, '?' );
143  if ( $questionPos === false ) {
144  $beforeQuery = $url . '?';
145  $query = '';
146  } elseif ( $questionPos === strlen( $url ) - 1 ) {
147  $beforeQuery = $url;
148  $query = '';
149  } else {
150  $beforeQuery = substr( $url, 0, $questionPos + 1 );
151  $query = substr( $url, $questionPos + 1 );
152  }
153 
154  // Multiple question marks cause problems. Encode the second and
155  // subsequent question mark.
156  $query = str_replace( '?', '%3E', $query );
157  // Append an invalid path character so that IE6 won't see the end of the
158  // query string as an extension
159  $query .= '&*';
160  // Put the URL back together
161  $url = $beforeQuery . $query;
162  if ( self::isUrlExtensionBad( $url, $extWhitelist ) ) {
163  // Avoid a redirect loop
164  return false;
165  }
166  return $url;
167  }
168 
193  public static function findIE6Extension( $url ) {
194  $pos = 0;
195  $hashPos = strpos( $url, '#' );
196  if ( $hashPos !== false ) {
197  $urlLength = $hashPos;
198  } else {
199  $urlLength = strlen( $url );
200  }
201  $remainingLength = $urlLength;
202  while ( $remainingLength > 0 ) {
203  // Skip ahead to the next dot
204  $pos += strcspn( $url, '.', $pos, $remainingLength );
205  if ( $pos >= $urlLength ) {
206  // End of string, we're done
207  return false;
208  }
209 
210  // We found a dot. Skip past it
211  $pos++;
212  $remainingLength = $urlLength - $pos;
213 
214  // Check for illegal characters in our prospective extension,
215  // or for another dot
216  $nextPos = $pos + strcspn( $url, "<>\\\"/:|?*.", $pos, $remainingLength );
217  if ( $nextPos >= $urlLength ) {
218  // No illegal character or next dot
219  // We have our extension
220  return substr( $url, $pos, $urlLength - $pos );
221  }
222  if ( $url[$nextPos] === '?' ) {
223  // We've found a legal extension followed by a question mark
224  // If the extension is NOT exe, dll or cgi, return it
225  $extension = substr( $url, $pos, $nextPos - $pos );
226  if ( strcasecmp( $extension, 'exe' ) && strcasecmp( $extension, 'dll' ) &&
227  strcasecmp( $extension, 'cgi' ) )
228  {
229  return $extension;
230  }
231  // Else continue looking
232  }
233  // We found an illegal character or another dot
234  // Skip to that character and continue the loop
235  $pos = $nextPos;
236  $remainingLength = $urlLength - $pos;
237  }
238  return false;
239  }
240 
259  public static function haveUndecodedRequestUri( $serverSoftware ) {
260  static $whitelist = array(
261  'Apache',
262  'Zeus',
263  'LiteSpeed' );
264  if ( preg_match( '/^(.*?)($|\/| )/', $serverSoftware, $m ) ) {
265  return in_array( $m[1], $whitelist );
266  } else {
267  return false;
268  }
269  }
270 
271 }
php
skin txt MediaWiki includes four core it has been set as the default in MediaWiki since the replacing Monobook it had been been the default skin since before being replaced by Vector largely rewritten in while keeping its appearance Several legacy skins were removed in the as the burden of supporting them became too heavy to bear Those in etc for skin dependent CSS etc for skin dependent JavaScript These can also be customised on a per user by etc This feature has led to a wide variety of user styles becoming that gallery is a good place to ending in php
Definition: skin.txt:62
IEUrlExtension\areServerVarsBad
static areServerVarsBad( $vars, $extWhitelist=array())
Check a subset of $_SERVER (or the whole of $_SERVER if you like) to see if it indicates that the req...
Definition: IEUrlExtension.php:62
array
the array() calling protocol came about after MediaWiki 1.4rc1.
List of Api Query prop modules.
IEUrlExtension\fixUrlForIE6
static fixUrlForIE6( $url, $extWhitelist=array())
Returns a variant of $url which will pass isUrlExtensionBad() but has the same GET parameters,...
Definition: IEUrlExtension.php:141
IEUrlExtension\haveUndecodedRequestUri
static haveUndecodedRequestUri( $serverSoftware)
When passed the value of $_SERVER['SERVER_SOFTWARE'], this function returns true if that server is kn...
Definition: IEUrlExtension.php:259
IEUrlExtension
Internet Explorer derives a cache filename from a URL, and then in certain circumstances,...
Definition: IEUrlExtension.php:44
$vars
static configuration should be added through ResourceLoaderGetConfigVars instead & $vars
Definition: hooks.txt:1679
$query
return true to allow those checks to and false if checking is done use this to change the tables headers temp or archived zone change it to an object instance and return false override the list derivative used the name of the old file when set the default code will be skipped add a value to it if you want to add a cookie that have to vary cache options can modify $query
Definition: hooks.txt:1105
IEUrlExtension\findIE6Extension
static findIE6Extension( $url)
Determine what extension IE6 will infer from a certain query string.
Definition: IEUrlExtension.php:193
IEUrlExtension\isUrlExtensionBad
static isUrlExtensionBad( $urlPart, $extWhitelist=array())
Given a right-hand portion of a URL, determine whether IE would detect a potentially harmful file ext...
Definition: IEUrlExtension.php:100