comment that isValidURI must reject file:// URI

author Antoine Musso <hashar@users.mediawiki.org>

Thu, 3 Nov 2011 15:06:52 +0000 (15:06 +0000)

committer Antoine Musso <hashar@users.mediawiki.org>

Thu, 3 Nov 2011 15:06:52 +0000 (15:06 +0000)
author Antoine Musso <hashar@users.mediawiki.org>
Thu, 3 Nov 2011 15:06:52 +0000 (15:06 +0000)
committer Antoine Musso <hashar@users.mediawiki.org>
Thu, 3 Nov 2011 15:06:52 +0000 (15:06 +0000)
diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php

index 6968c61..949cfcb 100644 (file)
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -129,6 +129,8 @@ class Http {
          * protocols, because we only want protocols that both cURL
          * and php support.
          *
+        * file:// should not be allowed there for security purpose (r67684)
+        *
          * @fixme this is wildly inaccurate and fails to actually check most stuff
          *
          * @param $uri Mixed: URI to check for validity
author	Antoine Musso <hashar@users.mediawiki.org>
	Thu, 3 Nov 2011 15:06:52 +0000 (15:06 +0000)
committer	Antoine Musso <hashar@users.mediawiki.org>
	Thu, 3 Nov 2011 15:06:52 +0000 (15:06 +0000)