Last modified: 2012-02-22 12:35:15 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T30962, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 28962 - ajax calls with '.' not working in IE
ajax calls with '.' not working in IE
Status: RESOLVED DUPLICATE of bug 28840
Product: MediaWiki
Classification: Unclassified
General/Unknown (Other open bugs)
1.20.x
All All
: Highest major (vote)
: ---
Assigned To: Tim Starling
:
Depends on: 28840
Blocks: 26676
  Show dependency treegraph
 
Reported: 2011-05-13 19:31 UTC by db [inactive,noenotif]
Modified: 2012-02-22 12:35 UTC (History)
4 users (show)

See Also:
Web browser: Internet Explorer
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description db [inactive,noenotif] 2011-05-13 19:31:05 UTC 
Due to the security fix (bug 28534, bug 28639) all ajax calls with a '.' have problems in IE:

- It is not possible to watch/unwatch a page with '.' (like skin.js/.css)
- Search suggestion shows no pages, if you search for a page with '.'
- the link insertion dialog (Extension WikiEditor) give no suggestion for links with a '.'

solution:
- Encode the '.' in ajax requests (%2E)
- allow at least one '&' behind the '.' That does not helps for all ajax calls, but some of them.

Thanks.

This is not bug 28840, because the bug tracks the problems with the ressource loader (stylesheets, scripts).
Comment 1 Mark A. Hershberger 2011-05-13 22:20:30 UTC 
Assigning this to Tim, making it 1.17 blocker, and adding to triage so I can make sure I am not insane.
Comment 2 Bawolff (Brian Wolff) 2011-05-14 03:19:50 UTC 
Perhaps someone with access to the logs could check to see how many 403 requests are returned due to the dot thing, just to see how widespread the problem is.
Comment 3 db [inactive,noenotif] 2011-05-20 20:46:43 UTC 
Increase severity after one week.
Comment 4 Krinkle 2011-05-21 16:13:23 UTC 
I think this was fixed by r87711 which was a fix for bug 28840.

CC-ing Roan/Catrope to confirm.
Comment 5 Bawolff (Brian Wolff) 2011-05-21 17:50:43 UTC 
(In reply to comment #4)
> I think this was fixed by r87711 which was a fix for bug 28840.
> 
> CC-ing Roan/Catrope to confirm.

No, it doesn't fix this.


I don't suppose there's some magic way to change how jQuery urlencodes ajax parameters to force dots to be urlencoded (per comment 0)? In my testing, that would fix much of these issues.

(btw, for reference the original security bug is bug 28235. I'm just writing that here because bugzilla search is a pain and I always have trouble finding it).

I'm also marking this depends on bug 28840, not sure if that's right, but the two issues are highly related.
Comment 6 Roan Kattouw 2011-05-21 19:17:06 UTC 
I have written a patch that will provide an easy workaround for these requests and sent it to Tim (by private e-mail, because it's about a security issue) for review.
Comment 7 Mark A. Hershberger 2011-05-26 18:54:42 UTC 

*** This bug has been marked as a duplicate of bug 28840 ***
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links