r105534 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r105533‎ \| r105534 \| r105535 >
Date:	10:34, 8 December 2011
Author:	tstarling
Status:	ok
Tags:
Comment:	Fixed register_globals vulnerabilities found during automated testing.
Modified paths:	/trunk/extensions/CreateAPage/templates/bigarea.tmpl.php (modified) (history) /trunk/extensions/CreateAPage/templates/categorypage.tmpl.php (modified) (history) /trunk/extensions/CreateAPage/templates/editimage-section.tmpl.php (modified) (history) /trunk/extensions/CreateAPage/templates/editimage.tmpl.php (modified) (history) /trunk/extensions/CreateAPage/templates/editpage.tmpl.php (modified) (history) /trunk/extensions/CreateAPage/templates/infobox.tmpl.php (modified) (history) /trunk/extensions/CreateAPage/templates/templates-list.tmpl.php (modified) (history) /trunk/extensions/DonationInterface/globalcollect_gateway/scripts/orphans.php (modified) (history) /trunk/extensions/ExtTab/languages/ET_LanguageEn.php (modified) (history) /trunk/extensions/ResumableUpload/tests/phpunit/ResumableUploadTest.php (modified) (history) /trunk/extensions/SemanticWebBrowser/specials/SearchTriple/SWB_SpecialBrowseWiki.php (modified) (history) /trunk/extensions/WikiObjectModel/includes/apis/WOM_OutputObjectModel.php (modified) (history)

Diff [purge]

Index: trunk/extensions/DonationInterface/globalcollect_gateway/scripts/orphans.php
—	—	@@ -1,4 +1,7 @@
2	2	<?php
	3	+if ( !defined( 'MEDIAWIKI' ) ) {
	4	+ exit( 1 );
	5	+}
3	6	//If you want to use this script, you will have to add the following line to LocalSettings.php:
4	7	//$wgAutoloadClasses['GlobalCollectOrphanAdapter'] = $IP . '/extensions/DonationInterface/globalcollect_gateway/scripts/orphan_adapter.php';
5	8
Index: trunk/extensions/WikiObjectModel/includes/apis/WOM_OutputObjectModel.php
—	—	@@ -1,4 +1,7 @@
2	2	<?php
	3	+if ( !defined( 'MEDIAWIKI' ) ) {
	4	+ exit( 1 );
	5	+}
3	6
4	7	global $wgOMIP;
5	8	require_once( $wgOMIP . '/includes/apis/WOM_OutputProcessor.php' );
Index: trunk/extensions/ExtTab/languages/ET_LanguageEn.php
—	—	@@ -1,4 +1,7 @@
2	2	<?php
	3	+if ( !defined( 'MEDIAWIKI' ) ) {
	4	+ exit( 1 );
	5	+}
3	6
4	7	global $smwgExtTabIP;
5	8	include_once( $smwgExtTabIP . '/languages/ET_Language.php' );
Index: trunk/extensions/ResumableUpload/tests/phpunit/ResumableUploadTest.php
—	—	@@ -1,5 +1,9 @@
2	2	<?php
3	3
	4	+if ( !defined( 'MEDIAWIKI' ) ) {
	5	+ exit( 1 );
	6	+}
	7	+
4	8	global $IP;
5	9	require_once( "$IP/maintenance/tests/ApiSetup.php" );
6	10	require_once( "$IP/maintenance/deleteArchivedFiles.inc" );
Index: trunk/extensions/SemanticWebBrowser/specials/SearchTriple/SWB_SpecialBrowseWiki.php
—	—	@@ -16,6 +16,9 @@
17	17	*
18	18	* @ingroup SpecialPage
19	19	*/
	20	+if ( !defined( 'MEDIAWIKI' ) ) {
	21	+ exit( 1 );
	22	+}
20	23
21	24	global $swbgIP;
22	25
Index: trunk/extensions/CreateAPage/templates/editpage.tmpl.php
—	—	@@ -1,3 +1,8 @@
	2	+<?php
	3	+if ( !defined( 'MEDIAWIKI' ) ) {
	4	+ exit( 1 );
	5	+}
	6	+?>
2	7	<!-- s:<?php echo __FILE__ ?> -->
3	8	<!-- CSS part -->
4	9	<style type="text/css">
—	—	@@ -117,4 +122,4 @@
118	123
119	124
120	125	</div>
121		~~-<!-- e:<?php echo __FILE__ ?> -->~~
\ No newline at end of file
	126	+<!-- e:<?php echo __FILE__ ?> -->
Index: trunk/extensions/CreateAPage/templates/infobox.tmpl.php
—	—	@@ -1,3 +1,8 @@
	2	+<?php
	3	+if ( !defined( 'MEDIAWIKI' ) ) {
	4	+ exit( 1 );
	5	+}
	6	+?>
2	7	<!-- s:<?php echo __FILE__ ?> -->
3	8	<fieldset id="cp-infobox-fieldset">
4	9	<legend><?php echo wfMsg( 'createpage-infobox-legend' ) ?> <span style="font-size: small; font-weight: normal; margin-left: 5px">[<a id="cp-infobox-toggle" title="toggle" href="#"><?php echo wfMsg( 'createpage-hide' ) ?></a>]</span></legend>
—	—	@@ -53,4 +58,4 @@
54	59	?>
55	60	</div>
56	61	</fieldset>
57		~~-<!-- e:<?php echo __FILE__ ?> -->~~
\ No newline at end of file
	62	+<!-- e:<?php echo __FILE__ ?> -->
Index: trunk/extensions/CreateAPage/templates/templates-list.tmpl.php
—	—	@@ -1,3 +1,8 @@
	2	+<?php
	3	+if ( !defined( 'MEDIAWIKI' ) ) {
	4	+ exit( 1 );
	5	+}
	6	+?>
2	7	<!-- s:<?php echo __FILE__ ?> -->
3	8	<noscript>
4	9	<style type="text/css">
—	—	@@ -138,4 +143,4 @@
139	144	<div id="cp-title-check"> </div>
140	145	</div>
141	146	<br />
142		~~-<!-- e:<?php echo __FILE__ ?> -->~~
\ No newline at end of file
	147	+<!-- e:<?php echo __FILE__ ?> -->
Index: trunk/extensions/CreateAPage/templates/editimage.tmpl.php
—	—	@@ -1,3 +1,8 @@
	2	+<?php
	3	+if ( !defined( 'MEDIAWIKI' ) ) {
	4	+ exit( 1 );
	5	+}
	6	+?>
2	7	<!-- s:<?php echo __FILE__ ?> -->
3	8	<!-- JavaScript part -->
4	9	<script type="text/javascript">
—	—	@@ -32,4 +37,4 @@
33	38	<input type="submit" id="createpage_upload_submit<?php echo $image_num ?>" name="wpImageUpload" value="<?php echo wfMsg( 'createpage-upload' ) ?>" class="upload_submit" />
34	39	</noscript>
35	40	</div>
36		~~-<!-- e:<?php echo __FILE__ ?> -->~~
\ No newline at end of file
	41	+<!-- e:<?php echo __FILE__ ?> -->
Index: trunk/extensions/CreateAPage/templates/bigarea.tmpl.php
—	—	@@ -1,3 +1,8 @@
	2	+<?php
	3	+if ( !defined( 'MEDIAWIKI' ) ) {
	4	+ exit( 1 );
	5	+}
	6	+?>
2	7	<!-- s:<?php echo __FILE__ ?> -->
3	8	<div style="display:block;" id="wpTableMultiEdit" name="wpTableMultiEdit">
4	9	<?php
—	—	@@ -18,4 +23,4 @@
19	24	?>
20	25	<div class="display:<?php echo $display ?>"><?php echo $value ?></div>
21	26	</div>
22		~~-<!-- e:<?php echo __FILE__ ?> -->~~
\ No newline at end of file
	27	+<!-- e:<?php echo __FILE__ ?> -->
Index: trunk/extensions/CreateAPage/templates/categorypage.tmpl.php
—	—	@@ -1,3 +1,8 @@
	2	+<?php
	3	+if ( !defined( 'MEDIAWIKI' ) ) {
	4	+ exit( 1 );
	5	+}
	6	+?>
2	7	<!-- s:<?php echo __FILE__ ?> -->
3	8	<!-- CSS part -->
4	9	<style type="text/css">
—	—	@@ -65,4 +70,4 @@
66	71	<?php } // if ( $cloud->tags ) ?>
67	72	<textarea tabindex="<?php echo $num ?>" accesskey="," name="wpCategoryTextarea" id="wpCategoryTextarea" rows="3" cols="<?php echo $cols ?>"<?php echo $ew ?>><?php echo $text_category ?></textarea>
68	73	</noscript>
69		~~-<!-- e:<?php echo __FILE__ ?> -->~~
\ No newline at end of file
	74	+<!-- e:<?php echo __FILE__ ?> -->
Index: trunk/extensions/CreateAPage/templates/editimage-section.tmpl.php
—	—	@@ -1,3 +1,8 @@
	2	+<?php
	3	+if ( !defined( 'MEDIAWIKI' ) ) {
	4	+ exit( 1 );
	5	+}
	6	+?>
2	7	<!-- s:<?php echo __FILE__ ?> -->
3	8	<!-- JavaScript part -->
4	9	<script type="text/javascript">
—	—	@@ -29,4 +34,4 @@
30	35	<input type="submit" id="createpage_upload_submit_section<?php echo $imagenum ?>" name="wpImageUpload" value="<?php echo wfMsg( 'createpage-upload' ) ?>" class="upload_submit" />
31	36	</noscript>
32	37	</div>
33		~~-<!-- e:<?php echo __FILE__ ?> -->~~
\ No newline at end of file
	38	+<!-- e:<?php echo __FILE__ ?> -->

Follow-up revisions

Revision	Commit summary	Author	Date
r105620	MFT r104539, r105534, r105584, r105593, r105594, r105600, r105611	awjrichards	23:56, 8 December 2011

Status & tagging log

11:34, 16 December 2011 Nikerabbit (talk | contribs) changed the status of r105534 [removed: new added: ok]