r50062 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r50061‎ \| r50062 \| r50063 >
Date:	05:21, 30 April 2009
Author:	tstarling
Status:	deferred
Tags:
Comment:	Sanitize cleanCallback on wakeup. Extra security check for APIs like SecurePoll/auth-api.php.
Modified paths:	/trunk/phase3/includes/Status.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/Status.php
—	—	@@ -84,6 +84,13 @@
85	85	$this->ok = false;
86	86	}
87	87
	88	+ /**
	89	+ * Sanitize the callback parameter on wakeup, to avoid arbitrary execution.
	90	+ */
	91	+ function __wakeup() {
	92	+ $this->cleanCallback = false;
	93	+ }
	94	+
88	95	protected function cleanParams( $params ) {
89	96	if ( !$this->cleanCallback ) {
90	97	return $params;

18:03, 9 December 2011 Aaron Schulz (talk | contribs) changed the tags for r50062 [removed: ok]
07:09, 19 May 2009 Tim Starling (talk | contribs) changed the status of r50062 [removed: new added: deferred]
00:21, 6 May 2009 Brion VIBBER (talk | contribs) changed the status of r50062 [removed: new added: ok]
06:17, 30 April 2009 Aaron Schulz (talk | contribs) changed the tags for r50062 [added: ok]