User "Tim Starling" posted a comment on MediaWiki.r88883.

Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/88883#c17334
Commit summary:

(bug 28840) URLs with dots break because of IE6 security check

* Replace the overly paranoid regex with a function that simulates IE6's 
behavior
* Remove the UA check in isPathInfoBad(), was causing more problems than it was 
worth
* Revert r87711, going back to using dots for dots in ResourceLoader URLs, 
instead of exclamation marks
* Append &* to ResourceLoader URLs. * is an illegal character in extensions, 
and putting it at the end of the URL ensures that both IE6 and our detection 
function will deem the URL to have no extension (unless something like .html? 
appears in the query string, but in that case we're screwed no matter what)

Comment:

It doesn't match IE when the URL has a hash character in it. An extension after 
a hash is meant to be ignored. I committed failing test cases in r89197.

Also, scanning a string by progressively taking right hand substrings is 
O(N^2). The reason is that substr() requires copying the substring, which is 
O(N). In the worst case, you copy N(N+1)/2 characters, where N is the string 
length.

<pre>
> $t = microtime(true); WebRequest::findIE6Extension(str_repeat('.',100000)); 
> print microtime(true)-$t;
2.7449851036072
> $t = microtime(true); WebRequest::findIE6Extension(str_repeat('.',200000)); 
> print microtime(true)-$t;
9.5464141368866
> $t = microtime(true); WebRequest::findIE6Extension(str_repeat('.',400000)); 
> print microtime(true)-$t;
35.981049060822
</pre>

I'm not sure if you can have a URL that's 100K characters, but even if you 
can't, this style of string processing is definitely a bad habit to get into. 
God gave us offset parameters for a reason.

_______________________________________________
MediaWiki-CodeReview mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview

Reply via email to