|
@@ 668-673 (lines=6) @@
|
| 665 |
|
|
| 666 |
|
// Origin: header is a space-separated list of origins, check all of them |
| 667 |
|
$originHeader = $request->getHeader( 'Origin' ); |
| 668 |
|
if ( $originHeader === false ) { |
| 669 |
|
$origins = []; |
| 670 |
|
} else { |
| 671 |
|
$originHeader = trim( $originHeader ); |
| 672 |
|
$origins = preg_split( '/\s+/', $originHeader ); |
| 673 |
|
} |
| 674 |
|
|
| 675 |
|
if ( !in_array( $originParam, $origins ) ) { |
| 676 |
|
// origin parameter set but incorrect |
|
@@ 194-199 (lines=6) @@
|
| 191 |
|
// Log if a request with a non-whitelisted Origin header is seen |
| 192 |
|
// with session cookies. |
| 193 |
|
$originHeader = $request->getHeader( 'Origin' ); |
| 194 |
|
if ( $originHeader === false ) { |
| 195 |
|
$origins = []; |
| 196 |
|
} else { |
| 197 |
|
$originHeader = trim( $originHeader ); |
| 198 |
|
$origins = preg_split( '/\s+/', $originHeader ); |
| 199 |
|
} |
| 200 |
|
$sessionCookies = array_intersect( |
| 201 |
|
array_keys( $_COOKIE ), |
| 202 |
|
MediaWiki\Session\SessionManager::singleton()->getVaryCookies() |
wikimedia /
mediawiki
