content-type restrictions

author: Gabriel Wicke <gwicke@users.mediawiki.org> 2004-04-28 20:29:47 +0000
committer: Gabriel Wicke <gwicke@users.mediawiki.org> 2004-04-28 20:29:47 +0000
commit: b68b3b1f71c436937fb0657d1ab982afd5cfd7c0 (patch)
tree: b939528abe35538b5177fb354cd25614b7f95e26 /includes/RawPage.php
parent: a60b918d633e9b1d750de471f9e6a9e776eb8b33 (diff)
download: mediawikicore-b68b3b1f71c436937fb0657d1ab982afd5cfd7c0.tar.gz
mediawikicore-b68b3b1f71c436937fb0657d1ab982afd5cfd7c0.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/includes/RawPage.php b/includes/RawPage.php
index 8ed7bcee0e48..7aaa9e837218 100644
--- a/includes/RawPage.php
+++ b/includes/RawPage.php
@@ -9,10 +9,16 @@ class RawPage {
 
 	function RawPage( $article ) {
 		global $wgRequest, $wgInputEncoding;
+		$allowedCTypes = array('text/plain', 'text/javascript', 'text/css');
 		$this->mArticle =& $article;
 		$this->mTitle =& $article->mTitle;
 		$ctype = $wgRequest->getText( 'ctype' );
-		$this->mContentType = !empty($ctype)?$ctype:'text/plain';
+		if(empty($ctype) or !in_array($ctype, $allowedCTypes)) {
+			$this->mContentType = 'text/plain';
+		} else {
+			$this->mContentType = $ctype;
+		}
+			
 		$charset = $wgRequest->getText( 'charset' );
 		$this->mCharset = !empty($charset) ? $charset : $wgInputEncoding;
 		$this->mOldId = $wgRequest->getInt( 'oldid' );
author	Gabriel Wicke <gwicke@users.mediawiki.org>	2004-04-28 20:29:47 +0000
committer	Gabriel Wicke <gwicke@users.mediawiki.org>	2004-04-28 20:29:47 +0000
commit	b68b3b1f71c436937fb0657d1ab982afd5cfd7c0 (patch)
tree	b939528abe35538b5177fb354cd25614b7f95e26 /includes/RawPage.php
parent	a60b918d633e9b1d750de471f9e6a9e776eb8b33 (diff)
download	mediawikicore-b68b3b1f71c436937fb0657d1ab982afd5cfd7c0.tar.gz mediawikicore-b68b3b1f71c436937fb0657d1ab982afd5cfd7c0.zip