r67451 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r67450‎ | r67451 | r67452 >
Date:10:26, 6 June 2010
Author:jeroendedauw
Status:deferred (Comments)
Tags:
Comment:
Use of $wgExtensionAssetsPath
Modified paths:
  • /trunk/extensions/SemanticMediaWiki/SMW_Settings.php (modified) (history)

Diff [purge]

Index: trunk/extensions/SemanticMediaWiki/SMW_Settings.php
@@ -23,7 +23,7 @@
2424 # web. Change it if required ($wgScriptPath is the path to the base directory
2525 # of your wiki). No final slash.
2626 ##
27 -$smwgScriptPath = $wgScriptPath . '/extensions/SemanticMediaWiki';
 27+$smwgScriptPath = ( isset( $wgExtensionAssetsPath ) && $wgExtensionAssetsPath ? $wgExtensionAssetsPath : $wgScriptPath . '/extensions' ) . '/SemanticMediaWiki';
2828 ##
2929
3030 ###

Follow-up revisions

RevisionCommit summaryAuthorDate
r67495Follow up to r67451jeroendedauw00:52, 7 June 2010

Comments

#Comment by Nikerabbit (talk | contribs)   12:37, 6 June 2010

Shouldn't you use version_compare to prevent register_globals vulnerability?

#Comment by Jeroen De Dauw (talk | contribs)   22:29, 6 June 2010

I'm also using this in other extensions, and Tim seems to be fine with it, until a better solution is found. What would you do with version_compare exactly though?

#Comment by Platonides (talk | contribs)   22:42, 6 June 2010

Using $wgExtensionAssetsPath on a mediawiki version prior to r60885 is a register global vulnerability. Thus you can compare $wgVersion against 1.16alpha to define it if not used.

$wgExtensionAssetsPath should be generated into the LocalSettings.php by the installer imho, not just late loaded in Setup.php. Will SMW_Settings.php be called from LocalSettings.php?

#Comment by Jeroen De Dauw (talk | contribs)   23:06, 6 June 2010

SMW_Settings.php is called from LocalSettings.php yes (not directly, but via an includes in what's included via localsettings).

I'll add a check for that in then, thanks for the suggestion.

Status & tagging log