X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=resources%2Fsrc%2Fmediawiki%2FForeignApi.js;h=899daa57a4ed001742c9a420abe2f852f6ab6787;hb=42b7a3bc8213ab219b47e24102d042b0c60c71e4;hp=b8cc05981951fadef77ec4bed7af6a29f513e4b4;hpb=2f885ee6b797e5a176ce7b270b674a04b5945b06;p=lhc%2Fweb%2Fwiklou.git

diff --git a/resources/src/mediawiki/ForeignApi.js b/resources/src/mediawiki/ForeignApi.js
index b8cc059819..899daa57a4 100644
--- a/resources/src/mediawiki/ForeignApi.js
+++ b/resources/src/mediawiki/ForeignApi.js
@@ -94,7 +94,9 @@
 			url = ( ajaxOptions && ajaxOptions.url ) || this.defaults.ajax.url;
 			origin = ( parameters && parameters.origin ) || this.defaults.parameters.origin;
 			url += ( url.indexOf( '?' ) !== -1 ? '&' : '?' ) +
-				'origin=' + encodeURIComponent( origin );
+				// Depending on server configuration, MediaWiki may forbid periods in URLs, due to an IE 6
+				// XSS bug. So let's escape them here. See WebRequest::checkUrlExtension() and T30235.
+				'origin=' + encodeURIComponent( origin ).replace( /\./g, '%2E' );
 			newAjaxOptions = $.extend( {}, ajaxOptions, { url: url } );
 		} else {
 			newAjaxOptions = ajaxOptions;