REL1_33/php/IEUrlExtension_8php_source.html

<?php


class IEUrlExtension {


    public static function areServerVarsBad( $vars, $extWhitelist = [] ) {

        // Check QUERY_STRING or REQUEST_URI

        if ( isset( $vars['SERVER_SOFTWARE'] )

            && isset( $vars['REQUEST_URI'] )

            && self::haveUndecodedRequestUri( $vars['SERVER_SOFTWARE'] )

        ) {

            $urlPart = $vars['REQUEST_URI'];

        } elseif ( isset( $vars['QUERY_STRING'] ) ) {

            $urlPart = $vars['QUERY_STRING'];

        } else {

            $urlPart = '';

        }


        if ( self::isUrlExtensionBad( $urlPart, $extWhitelist ) ) {

            return true;

        }


        // Some servers have PATH_INFO but not REQUEST_URI, so we check both

        // to be on the safe side.

        if ( isset( $vars['PATH_INFO'] )

            && self::isUrlExtensionBad( $vars['PATH_INFO'], $extWhitelist )

        ) {

            return true;

        }


        // All checks passed

        return false;

    }


    public static function isUrlExtensionBad( $urlPart, $extWhitelist = [] ) {

        if ( strval( $urlPart ) === '' ) {

            return false;

        }


        $extension = self::findIE6Extension( $urlPart );

        if ( strval( $extension ) === '' ) {

            // No extension or empty extension

            return false;

        }


        if ( in_array( $extension, [ 'php', 'php5' ] ) ) {

            // Script extension, OK

            return false;

        }

        if ( in_array( $extension, $extWhitelist ) ) {

            // Whitelisted extension

            return false;

        }


        if ( !preg_match( '/^[a-zA-Z0-9_-]+$/', $extension ) ) {

            // Non-alphanumeric extension, unlikely to be registered.

            // The regex above is known to match all registered file extensions

            // in a default Windows XP installation. It's important to allow

            // extensions with ampersands and percent signs, since that reduces

            // the number of false positives substantially.

            return false;

        }


        // Possibly bad extension

        return true;

    }


    public static function fixUrlForIE6( $url, $extWhitelist = [] ) {

        $questionPos = strpos( $url, '?' );

        if ( $questionPos === false ) {

            $beforeQuery = $url . '?';

            $query = '';

        } elseif ( $questionPos === strlen( $url ) - 1 ) {

            $beforeQuery = $url;

            $query = '';

        } else {

            $beforeQuery = substr( $url, 0, $questionPos + 1 );

            $query = substr( $url, $questionPos + 1 );

        }


        // Multiple question marks cause problems. Encode the second and

        // subsequent question mark.

        $query = str_replace( '?', '%3E', $query );

        // Append an invalid path character so that IE6 won't see the end of the

        // query string as an extension

        $query .= '&*';

        // Put the URL back together

        $url = $beforeQuery . $query;

        if ( self::isUrlExtensionBad( $url, $extWhitelist ) ) {

            // Avoid a redirect loop

            return false;

        }

        return $url;

    }


    public static function findIE6Extension( $url ) {

        $pos = 0;

        $hashPos = strpos( $url, '#' );

        if ( $hashPos !== false ) {

            $urlLength = $hashPos;

        } else {

            $urlLength = strlen( $url );

        }

        $remainingLength = $urlLength;

        while ( $remainingLength > 0 ) {

            // Skip ahead to the next dot

            $pos += strcspn( $url, '.', $pos, $remainingLength );

            if ( $pos >= $urlLength ) {

                // End of string, we're done

                return false;

            }


            // We found a dot. Skip past it

            $pos++;

            $remainingLength = $urlLength - $pos;


            // Check for illegal characters in our prospective extension,

            // or for another dot

            $nextPos = $pos + strcspn( $url, "<>\\\"/:|?*.", $pos, $remainingLength );

            if ( $nextPos >= $urlLength ) {

                // No illegal character or next dot

                // We have our extension

                return substr( $url, $pos, $urlLength - $pos );

            }

            if ( $url[$nextPos] === '?' ) {

                // We've found a legal extension followed by a question mark

                // If the extension is NOT exe, dll or cgi, return it

                $extension = substr( $url, $pos, $nextPos - $pos );

                if ( strcasecmp( $extension, 'exe' ) && strcasecmp( $extension, 'dll' ) &&

                    strcasecmp( $extension, 'cgi' )

                ) {

                    return $extension;

                }

                // Else continue looking

            }

            // We found an illegal character or another dot

            // Skip to that character and continue the loop

            $pos = $nextPos;

            $remainingLength = $urlLength - $pos;

        }

        return false;

    }


    public static function haveUndecodedRequestUri( $serverSoftware ) {

        static $whitelist = [

            'Apache',

            'Zeus',

            'LiteSpeed' ];

        if ( preg_match( '/^(.*?)($|\/| )/', $serverSoftware, $m ) ) {

            return in_array( $m[1], $whitelist );

        } else {

            return false;

        }

    }


}


and
and that you know you can do these things To protect your we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the or if you modify it For if you distribute copies of such a whether gratis or for a you must give the recipients all the rights that you have You must make sure that receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two and(2) offer you this license which gives you legal permission to copy

IEUrlExtension
Internet Explorer derives a cache filename from a URL, and then in certain circumstances,...
Definition IEUrlExtension.php:44

IEUrlExtension\areServerVarsBad
static areServerVarsBad( $vars, $extWhitelist=[])
Check a subset of $_SERVER (or the whole of $_SERVER if you like) to see if it indicates that the req...
Definition IEUrlExtension.php:62

IEUrlExtension\haveUndecodedRequestUri
static haveUndecodedRequestUri( $serverSoftware)
When passed the value of $_SERVER['SERVER_SOFTWARE'], this function returns true if that server is kn...
Definition IEUrlExtension.php:257

IEUrlExtension\findIE6Extension
static findIE6Extension( $url)
Determine what extension IE6 will infer from a certain query string.
Definition IEUrlExtension.php:192

IEUrlExtension\isUrlExtensionBad
static isUrlExtensionBad( $urlPart, $extWhitelist=[])
Given a right-hand portion of a URL, determine whether IE would detect a potentially harmful file ext...
Definition IEUrlExtension.php:100

IEUrlExtension\fixUrlForIE6
static fixUrlForIE6( $url, $extWhitelist=[])
Returns a variant of $url which will pass isUrlExtensionBad() but has the same GET parameters,...
Definition IEUrlExtension.php:140

$vars
static configuration should be added through ResourceLoaderGetConfigVars instead & $vars
Definition hooks.txt:2228

$query
null for the local wiki Added should default to null in handler for backwards compatibility add a value to it if you want to add a cookie that have to vary cache options can modify $query
Definition hooks.txt:1617