r55807 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r55806‎ \| r55807 \| r55808 >
Date:	06:51, 4 September 2009
Author:	tstarling
Status:	ok
Tags:
Comment:	Fix potential arbitrary script execution vulnerability. Doesn't seem to be exploitable with a default install of PHP, but it might be possible with third-party extensions enabled.
Modified paths:	/trunk/phase3/maintenance/Maintenance.php (modified) (history) /trunk/phase3/maintenance/doMaintenance.php (modified) (history)

Diff [purge]

Index: trunk/phase3/maintenance/doMaintenance.php
—	—	@@ -26,11 +26,16 @@
27	27	* @ingroup Maintenance
28	28	*/
29	29
	30	+if ( !defined( 'DO_MAINTENANCE' ) ) {
	31	+ echo "This file must be included after Maintenance.php\n";
	32	+ exit( 1 );
	33	+}
	34	+
30	35	error_reporting( E_ALL \| E_STRICT );
31	36
32		~~-if( !isset( $maintClass ) \|\| !class_exists( $maintClass ) ) {~~
	37	+if( !$maintClass \|\| !class_exists( $maintClass ) ) {
33	38	echo "\$maintClass is not set or is set to a non-existent class.";
34		~~- die();~~
	39	+ exit( 1 );
35	40	}
36	41
37	42	if( defined( 'MW_NO_SETUP' ) ) {
—	—	@@ -60,7 +65,7 @@
61	66	# Maybe a hook?
62	67	global $cluster;
63	68	$wgWikiFarm = true;
64		~~- $cluster = 'pmtma';~~
	69	+ $cluster = 'pmtpa';
65	70	require_once( "$IP/includes/AutoLoader.php" );
66	71	require_once( "$IP/includes/SiteConfiguration.php" );
67	72	require( "$IP/wgConf.php" );
Index: trunk/phase3/maintenance/Maintenance.php
—	—	@@ -1,6 +1,7 @@
2	2	<?php
3	3	// Define this so scripts can easily find doMaintenance.php
4	4	define( 'DO_MAINTENANCE', dirname( __FILE__ ) . '/doMaintenance.php' );
	5	+$maintClass = false;
5	6
6	7	// Make sure we're on PHP5 or better
7	8	if( version_compare( PHP_VERSION, '5.0.0' ) < 0 ) {

21:38, 8 September 2009 Brion VIBBER (talk | contribs) changed the status of r55807 [removed: new added: ok]