Ci-dessous, le code d'extractcode.php (fichier copié à la racine du répertoire mediawiki) == extractcode.php ==

$GLOBALS overwrite vulnerability';
	die( -1 );
}

require_once( './includes/Defines.php' );
require_once( './LocalSettings.php' );
require_once( './includes/Article.php' );
require_once( './includes/Title.php' );
require_once( './includes/RawPage.php' );
require_once( 'includes/Setup.php' );

$title = $wgRequest->getVal( 'title' );
$section = $wgRequest->getVal( 'section' );
$otitle = Title::newFromText($title);

$article = new Article( $otitle );
$rp = new RawPage( $article, $wgRequest );
$text = $rp->getRawText();

if ($section=="") 
{
  $section=$title;
} else {
  $patternReg= array ('/\//','/\./');
  $replaceReg= array ('\\\/','\\\.');

  $sectReg=preg_replace($patternReg,$replaceReg,$section);
  $pattern_sectionstart = '/==[\s]*'.$sectReg.'.*==(.*)$/siU';

  $result = preg_match( $pattern_sectionstart , $text,  $part );
  if ( $result <=0 )
  {
    $pattern_sectionstart = '/==[\s]*\{\{extractcode\|'.$sectReg.'\}\}.*==(.*)$/siU';
    $result = preg_match( $pattern_sectionstart , $text,  $part );
  }

  if ( $result >0 )
  {
    $section_start=$part[1];

    $pattern_sectionend = '/(.*)\n==/siU';

    $result = preg_match( $pattern_sectionend , $section_start,  $part );
    if ( $result >0 )
    {
      $section_text=$part[1];
    } else {
      $section_text=$section_start;
    }
  } else {
    $section_text=$text;
  }
  $text=$section_text;
}

$pattern_code = '/[\s]*(\S.*)<\/code>(.*)$/siU';
$code ="";

do {
  $result = preg_match( $pattern_code, $text,  $part );
  if ( $result >0 )
  {
    $codeparam=$part[1];
    $code=$code.$part[2];
    $text=$code.$part[3];
  }
} while ($result >0 );

header( "content-type: text/plain");
header( "Content-Disposition: inline ; filename=$section");

print $code;

?>