Last modified: 2014-08-29 02:19:08 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T51592, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 49592 - ResourceLoader: Don't use asterisk at the end of a load.php url (can cause 403 Forbidden)
ResourceLoader: Don't use asterisk at the end of a load.php url (can cause 40...
Status: RESOLVED WONTFIX
Product: MediaWiki
Classification: Unclassified
ResourceLoader (Other open bugs)
1.21.x
All All
: Low normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-14 19:08 UTC by Mark A. Hershberger
Modified: 2014-08-29 02:19 UTC (History)
8 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Mark A. Hershberger 2013-06-14 19:08:42 UTC 
Asterisks should be avoided in the URL.  They can cause problems.  Compare  http://www.hizlog.com/wiki/load.php?debug=false&lang=en&modules=mediawiki.legacy.commonPrint%2Cshared%7Cskins.vector&only=styles&skin=vector&* (403 Forbidden) with http://www.hizlog.com/wiki/load.php?debug=false&lang=en&modules=mediawiki.legacy.commonPrint%2Cshared|skins.vector&only=styles&skin=vector& (CSS is served).

This is probably due to server configuration, but, if at all possible, MW should't trigger these sort of problems.

See also Bug #28588 and Bug #34853.
Comment 2 Jesús Martínez Novo (Ciencia Al Poder) 2013-06-14 19:17:35 UTC 
"It's a security fix for old versions of Internet Explorer to avoid security problems. Catrope and Tim_Starling can tell you more about that." [1]

----

[1] https://www.mediawiki.org/wiki/Thread:Project:Support_desk/Common.js_stopped_working_1.17
Comment 3 Bawolff (Brian Wolff) 2013-06-14 19:41:12 UTC 
(In reply to comment #2)
> "It's a security fix for old versions of Internet Explorer to avoid security
> problems. Catrope and Tim_Starling can tell you more about that." [1]
> 
> ----
> 
> [1]
> https://www.mediawiki.org/wiki/Thread:Project:Support_desk/Common.
> js_stopped_working_1.17

For reference, see bug 28840
Comment 4 Krinkle 2014-08-29 02:18:01 UTC 
We seem to be needing the * for the security patch in IE. And such character is valid URL.

If a this is failing, the user will likely experience other semi-random issues as well whenever the asterisk character comes into play (API queries, Article titles, etc.). Please fix your web server configuration or ask your web provider for support.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links