On 17/09/13 11:08, Gabriel Wicke wrote: > On 09/16/2013 04:34 PM, Brian Wolff wrote: >> Additionally there is some security issues in ie6 when doing foo?action=raw >> if I recall. > > Yes, IIRC some version of IE disregarded the Content-type header and > guessed the content type based on the URL and the content. If the URL > contained .php (only outside the query string?), it disabled this behavior. > > Tim mentions in > https://www.mediawiki.org/wiki/Special:Code/MediaWiki/49833#c3561 that > this only applied to IE3 and earlier, and IE4 respects the Content-type > header. As the market share of IE <= 3 is probably non-existent we could > probably blacklist it from logging in and content API access altogether.
This issue affects IE at least up to IE 6, possibly later, see bug 28235. -- Tim Starling _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
