dépôts
/
lhc
/
web
/
wiklou.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
SECURITY: API: Avoid some silliness with browser-guessed filenames
[lhc/web/wiklou.git]
/
includes
/
Feed.php
diff --git
a/includes/Feed.php
b/includes/Feed.php
index
189fd9f
..
fd223e6
100644
(file)
--- a/
includes/Feed.php
+++ b/
includes/Feed.php
@@
-54,8
+54,6
@@
class FeedItem {
public $rssIsPermalink = false;
/**
public $rssIsPermalink = false;
/**
- * Constructor
- *
* @param string|Title $title Item's title
* @param string $description
* @param string $url URL uniquely designating the item.
* @param string|Title $title Item's title
* @param string $description
* @param string $url URL uniquely designating the item.
@@
-141,7
+139,7
@@
class FeedItem {
*/
public function getLanguage() {
global $wgLanguageCode;
*/
public function getLanguage() {
global $wgLanguageCode;
- return
wfBCP
47( $wgLanguageCode );
+ return
LanguageCode::bcp
47( $wgLanguageCode );
}
/**
}
/**
@@
-232,6
+230,12
@@
abstract class ChannelFeed extends FeedItem {
$wgOut->disable();
$mimetype = $this->contentType();
header( "Content-type: $mimetype; charset=UTF-8" );
$wgOut->disable();
$mimetype = $this->contentType();
header( "Content-type: $mimetype; charset=UTF-8" );
+
+ // Set a sane filename
+ $exts = MimeMagic::singleton()->getExtensionsForType( $mimetype );
+ $ext = $exts ? strtok( $exts, ' ' ) : 'xml';
+ header( "Content-Disposition: inline; filename=\"feed.{$ext}\"" );
+
if ( $wgVaryOnXFP ) {
$wgOut->addVaryHeader( 'X-Forwarded-Proto' );
}
if ( $wgVaryOnXFP ) {
$wgOut->addVaryHeader( 'X-Forwarded-Proto' );
}