r51684 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r51683‎ \| r51684 \| r51685 >
Date:	05:53, 10 June 2009
Author:	tstarling
Status:	deferred
Tags:
Comment:	Backported r51680 (use require not include) and added release notes.
Modified paths:	/branches/REL1_15/phase3/RELEASE-NOTES (modified) (history) /branches/REL1_15/phase3/maintenance (modified) (history) /branches/REL1_15/phase3/maintenance/dumpInterwiki.php (modified) (history) /branches/REL1_15/phase3/maintenance/findhooks.php (modified) (history) /branches/REL1_15/phase3/maintenance/fuzz-tester.php (modified) (history) /branches/REL1_15/phase3/maintenance/rebuildInterwiki.php (modified) (history)

Diff [purge]

Index: branches/REL1_15/phase3/maintenance/fuzz-tester.php
—	—	@@ -169,7 +169,7 @@
170	170	/////////////////////////// COMMAND LINE HELP ////////////////////////////////////
171	171
172	172	// This is a command line script, load MediaWiki env (gives command line options);
173		~~-include('commandLine.inc');~~
	173	+require('commandLine.inc');
174	174
175	175	// if the user asked for an explanation of command line options.
176	176	if ( isset( $options["help"] ) ) {
Index: branches/REL1_15/phase3/maintenance/rebuildInterwiki.php
—	—	@@ -12,8 +12,8 @@
13	13	$oldCwd = getcwd();
14	14
15	15	$optionsWithArgs = array( "d" );
16		~~-include_once( "commandLine.inc" );~~
17		~~-include_once( "rebuildInterwiki.inc" );~~
	16	+require( "commandLine.inc" );
	17	+require( "rebuildInterwiki.inc" );
18	18	chdir( $oldCwd );
19	19
20	20	# Output
Index: branches/REL1_15/phase3/maintenance/findhooks.php
—	—	@@ -21,8 +21,7 @@
22	22	*/
23	23
24	24	/** This is a command line script*/
25		~~-include('commandLine.inc');~~
26		-
	25	+require('commandLine.inc');
27	26	# GLOBALS
28	27
29	28	$doc = $IP . '/docs/hooks.txt';
—	—	@@ -156,4 +155,4 @@
157	156	printArray('unclear hook calls', $bad );
158	157
159	158	if ( count( $todo ) == 0 && count( $deprecated ) == 0 && count( $bad ) == 0 )
160		~~- echo "Looks good!\n";~~
\ No newline at end of file
	159	+ echo "Looks good!\n";
Index: branches/REL1_15/phase3/maintenance/dumpInterwiki.php
—	—	@@ -12,8 +12,8 @@
13	13	$oldCwd = getcwd();
14	14
15	15	$optionsWithArgs = array( "o" );
16		~~-include_once( "commandLine.inc" );~~
17		~~-include_once( "dumpInterwiki.inc" );~~
	16	+require( "commandLine.inc" );
	17	+require( "dumpInterwiki.inc" );
18	18	chdir( $oldCwd );
19	19
20	20	# Output
Property changes on: branches/REL1_15/phase3/maintenance
___________________________________________________________________
Name: svn:mergeinfo
21	21	+ /trunk/phase3/maintenance:48814,48836,48886,48892,48909,48989,48992,49002,49051,49068,49086,49191-49192,49212,49682,49685,49730,49775,49954,49956,49999,50041,50054,50070,50132,50134,50169,50215,50218,50328,50470,50580,51587,51680
Index: branches/REL1_15/phase3/RELEASE-NOTES
—	—	@@ -28,6 +28,9 @@
29	29	installer.
30	30	* (bug 19127) Documentation warning for PostgreSQL users who run update.php:
31	31	use the same user in AdminSettings.php as in LocalSettings.php.
	32	+* Fixed possible web invocation of some maintenance scripts, due to the use of
	33	+ include() instead of require(). A full exploit would require a very strange
	34	+ web server configuration.
32	35	* Localisation updates.
33	36
34	37	=== Configuration changes in 1.15 ===

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r51680	Use require not include when sourcing commandLine.inc, to avoid possible web ...	tstarling	05:29, 10 June 2009

Status & tagging log

05:02, 15 June 2009 Tim Starling (talk | contribs) changed the status of r51684 [removed: new added: deferred]