http://www.mediawiki.org/wiki/Special:Code/MediaWiki/89621
Revision: 89621
Author: tstarling
Date: 2011-06-07 03:31:09 +0000 (Tue, 07 Jun 2011)
Log Message:
-----------
When detecting $wgServer, do not fall back to $_SERVER['HTTP_HOST']. It's
unlikely that this is used by anything, since SERVER_NAME takes precedence, and
SERVER_NAME is required by CGI 1.1 and appears to always be set by the major
web servers. If it were ever used, it would open up a cache-poisoning
vulnerability. Partially reverts r8010.
Modified Paths:
--------------
trunk/phase3/includes/DefaultSettings.php
Modified: trunk/phase3/includes/DefaultSettings.php
===================================================================
--- trunk/phase3/includes/DefaultSettings.php 2011-06-07 00:26:49 UTC (rev
89620)
+++ trunk/phase3/includes/DefaultSettings.php 2011-06-07 03:31:09 UTC (rev
89621)
@@ -63,8 +63,6 @@
$serverName = $_SERVER['SERVER_NAME'];
} elseif( isset( $_SERVER['HOSTNAME'] ) ) {
$serverName = $_SERVER['HOSTNAME'];
-} elseif( isset( $_SERVER['HTTP_HOST'] ) ) {
- $serverName = $_SERVER['HTTP_HOST'];
} elseif( isset( $_SERVER['SERVER_ADDR'] ) ) {
$serverName = $_SERVER['SERVER_ADDR'];
} else {
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
