[MediaWiki-commits] [Gerrit] Do not encode "'" as %27 (redirect loop in Opera 12) - change (mediawiki/core)

Thu, 20 Aug 2015 09:51:21 -0700 

Bartosz Dziewoński has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/232758

Change subject: Do not encode "'" as %27 (redirect loop in Opera 12)
......................................................................

Do not encode "'" as %27 (redirect loop in Opera 12)

Similar to 7b4df0e12e36332fc2b303d7dac2295f8d36c888,
but for apostrophe instead of tilde and for Opera
instead of Chrome.

Bug: T106793
Change-Id: Ic54390434cebcc76a6c8ab49acc164d36e0cdff6
---
M includes/GlobalFunctions.php
M resources/src/mediawiki/mediawiki.util.js
M tests/phpunit/includes/GlobalFunctions/wfUrlencodeTest.php
M tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js
4 files changed, 11 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/58/232758/1

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index c3740a0..12e478b 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -404,14 +404,15 @@
  * RFC 1738 says ~ is unsafe, however RFC 3986 considers it an unreserved
  * character which should not be encoded. More importantly, google chrome
  * always converts %7E back to ~, and converting it in this function can
- * cause a redirect loop (T105265).
+ * cause a redirect loop (T105265). Similarly, encoding ' causes a
+ * redirect loop on Opera 12 (T106793).
  *
  * But + is not safe because it's used to indicate a space; &= are only safe in
- * paths and not in queries (and we don't distinguish here); ' seems kind of
- * scary; and urlencode() doesn't touch -_. to begin with.  Plus, although /
+ * paths and not in queries (and we don't distinguish here);
+ * and urlencode() doesn't touch -_. to begin with.  Plus, although /
  * is reserved, we don't care.  So the list we unescape is:
  *
- * ;:@$!*(),/~
+ * ;:@$!*'(),/~
  *
  * However, IIS7 redirects fail when the url contains a colon (Bug 22709),
  * so no fancy : for IIS7.
@@ -430,7 +431,7 @@
        }
 
        if ( is_null( $needle ) ) {
-               $needle = array( '%3B', '%40', '%24', '%21', '%2A', '%28', 
'%29', '%2C', '%2F', '%7E' );
+               $needle = array( '%3B', '%40', '%24', '%21', '%2A', '%27', 
'%28', '%29', '%2C', '%2F', '%7E' );
                if ( !isset( $_SERVER['SERVER_SOFTWARE'] ) ||
                        ( strpos( $_SERVER['SERVER_SOFTWARE'], 
'Microsoft-IIS/7' ) === false )
                ) {
@@ -441,7 +442,7 @@
        $s = urlencode( $s );
        $s = str_ireplace(
                $needle,
-               array( ';', '@', '$', '!', '*', '(', ')', ',', '/', '~', ':' ),
+               array( ';', '@', '$', '!', '*', '\'', '(', ')', ',', '/', '~', 
':' ),
                $s
        );
 
diff --git a/resources/src/mediawiki/mediawiki.util.js 
b/resources/src/mediawiki/mediawiki.util.js
index 93a1b3b..cbcfd65 100644
--- a/resources/src/mediawiki/mediawiki.util.js
+++ b/resources/src/mediawiki/mediawiki.util.js
@@ -78,6 +78,7 @@
                                .replace( /%24/g, '$' )
                                .replace( /%21/g, '!' )
                                .replace( /%2A/g, '*' )
+                               .replace( /%27/g, '\'' )
                                .replace( /%28/g, '(' )
                                .replace( /%29/g, ')' )
                                .replace( /%2C/g, ',' )
diff --git a/tests/phpunit/includes/GlobalFunctions/wfUrlencodeTest.php 
b/tests/phpunit/includes/GlobalFunctions/wfUrlencodeTest.php
index d4df7b0..77e1c55 100644
--- a/tests/phpunit/includes/GlobalFunctions/wfUrlencodeTest.php
+++ b/tests/phpunit/includes/GlobalFunctions/wfUrlencodeTest.php
@@ -105,8 +105,8 @@
 
                        // remaining chars do not need encoding
                        array(
-                               ';@$-_.!*',
-                               ';@$-_.!*',
+                               ';@$-_.!*\'',
+                               ';@$-_.!*\'',
                        ),
 
                        ### Other tests
diff --git a/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js 
b/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js
index b73d2e3..727f4f4 100644
--- a/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js
+++ b/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js
@@ -100,7 +100,7 @@
                        '&': '%26',
                        '=': '%3D',
                        ':': ':',
-                       ';@$-_.!*': ';@$-_.!*',
+                       ';@$-_.!*\'': ';@$-_.!*\'',
                        '/': '/',
                        '~': '~',
                        '[]': '%5B%5D',

-- 
To view, visit https://gerrit.wikimedia.org/r/232758
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic54390434cebcc76a6c8ab49acc164d36e0cdff6
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Bartosz Dziewoński <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to