r51680 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r51679‎ \| r51680 \| r51681 >
Date:	05:29, 10 June 2009
Author:	tstarling
Status:	deferred
Tags:
Comment:	Use require not include when sourcing commandLine.inc, to avoid possible web execution when the web server is configured strangely. Detected during automated security scanning. For backport to 1.15.
Modified paths:	/trunk/phase3/maintenance/dumpInterwiki.php (modified) (history) /trunk/phase3/maintenance/findhooks.php (modified) (history) /trunk/phase3/maintenance/fuzz-tester.php (modified) (history) /trunk/phase3/maintenance/rebuildInterwiki.php (modified) (history)

Diff [purge]

Index: trunk/phase3/maintenance/fuzz-tester.php
—	—	@@ -169,7 +169,7 @@
170	170	/////////////////////////// COMMAND LINE HELP ////////////////////////////////////
171	171
172	172	// This is a command line script, load MediaWiki env (gives command line options);
173		~~-include('commandLine.inc');~~
	173	+require('commandLine.inc');
174	174
175	175	// if the user asked for an explanation of command line options.
176	176	if ( isset( $options["help"] ) ) {
Index: trunk/phase3/maintenance/rebuildInterwiki.php
—	—	@@ -12,8 +12,8 @@
13	13	$oldCwd = getcwd();
14	14
15	15	$optionsWithArgs = array( "d" );
16		~~-include_once( "commandLine.inc" );~~
17		~~-include_once( "rebuildInterwiki.inc" );~~
	16	+require( "commandLine.inc" );
	17	+require( "rebuildInterwiki.inc" );
18	18	chdir( $oldCwd );
19	19
20	20	# Output
Index: trunk/phase3/maintenance/findhooks.php
—	—	@@ -21,8 +21,7 @@
22	22	*/
23	23
24	24	/** This is a command line script*/
25		~~-include('commandLine.inc');~~
26		-
	25	+require('commandLine.inc');
27	26	# GLOBALS
28	27
29	28	$doc = $IP . '/docs/hooks.txt';
—	—	@@ -156,4 +155,4 @@
157	156	printArray('unclear hook calls', $bad );
158	157
159	158	if ( count( $todo ) == 0 && count( $deprecated ) == 0 && count( $bad ) == 0 )
160		~~- echo "Looks good!\n";~~
\ No newline at end of file
	159	+ echo "Looks good!\n";
Index: trunk/phase3/maintenance/dumpInterwiki.php
—	—	@@ -12,8 +12,8 @@
13	13	$oldCwd = getcwd();
14	14
15	15	$optionsWithArgs = array( "o" );
16		~~-include_once( "commandLine.inc" );~~
17		~~-include_once( "dumpInterwiki.inc" );~~
	16	+require( "commandLine.inc" );
	17	+require( "dumpInterwiki.inc" );
18	18	chdir( $oldCwd );
19	19
20	20	# Output

Follow-up revisions

Revision	Commit summary	Author	Date
r51684	Backported r51680 (use require not include) and added release notes.	tstarling	05:53, 10 June 2009
r51779	Merging changes from r51680-r51775 from trunk.	demon	02:38, 12 June 2009

Status & tagging log

05:02, 15 June 2009 Tim Starling (talk | contribs) changed the status of r51680 [removed: new added: deferred]