dépôts
/
lhc
/
web
/
wiklou.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
SECURITY: API: Avoid some silliness with browser-guessed filenames
[lhc/web/wiklou.git]
/
includes
/
Feed.php
diff --git
a/includes/Feed.php
b/includes/Feed.php
index
2133dae
..
fd223e6
100644
(file)
--- a/
includes/Feed.php
+++ b/
includes/Feed.php
@@
-54,8
+54,6
@@
class FeedItem {
public $rssIsPermalink = false;
/**
public $rssIsPermalink = false;
/**
- * Constructor
- *
* @param string|Title $title Item's title
* @param string $description
* @param string $url URL uniquely designating the item.
* @param string|Title $title Item's title
* @param string $description
* @param string $url URL uniquely designating the item.
@@
-141,7
+139,7
@@
class FeedItem {
*/
public function getLanguage() {
global $wgLanguageCode;
*/
public function getLanguage() {
global $wgLanguageCode;
- return
wfBCP
47( $wgLanguageCode );
+ return
LanguageCode::bcp
47( $wgLanguageCode );
}
/**
}
/**
@@
-232,11
+230,16
@@
abstract class ChannelFeed extends FeedItem {
$wgOut->disable();
$mimetype = $this->contentType();
header( "Content-type: $mimetype; charset=UTF-8" );
$wgOut->disable();
$mimetype = $this->contentType();
header( "Content-type: $mimetype; charset=UTF-8" );
+
+ // Set a sane filename
+ $exts = MimeMagic::singleton()->getExtensionsForType( $mimetype );
+ $ext = $exts ? strtok( $exts, ' ' ) : 'xml';
+ header( "Content-Disposition: inline; filename=\"feed.{$ext}\"" );
+
if ( $wgVaryOnXFP ) {
$wgOut->addVaryHeader( 'X-Forwarded-Proto' );
}
$wgOut->sendCacheControl();
if ( $wgVaryOnXFP ) {
$wgOut->addVaryHeader( 'X-Forwarded-Proto' );
}
$wgOut->sendCacheControl();
-
}
/**
}
/**
@@
-248,12
+251,12
@@
abstract class ChannelFeed extends FeedItem {
global $wgRequest;
$ctype = $wgRequest->getVal( 'ctype', 'application/xml' );
global $wgRequest;
$ctype = $wgRequest->getVal( 'ctype', 'application/xml' );
- $allowedctypes =
array(
+ $allowedctypes =
[
'application/xml',
'text/xml',
'application/rss+xml',
'application/atom+xml'
'application/xml',
'text/xml',
'application/rss+xml',
'application/atom+xml'
-
)
;
+
]
;
return ( in_array( $ctype, $allowedctypes ) ? $ctype : 'application/xml' );
}
return ( in_array( $ctype, $allowedctypes ) ? $ctype : 'application/xml' );
}