r80843 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r80842‎ \| r80843 \| r80844 >
Date:	05:58, 24 January 2011
Author:	brion
Status:	deferred
Tags:
Comment:	Remove a sloppy 'require blah blah' message with register_globals $IP (woops) [potential XSS on CreateRedirect.body.php with register_globals on] and a sloppy require before the MEDIAWIKI check (potential local-file include attack in RDFIO/stores/SMW_ARC2Store.php with register_globals on)
Modified paths:	/trunk/extensions/CreateRedirect/CreateRedirect.body.php (modified) (history) /trunk/extensions/CreateRedirect/CreateRedirect.php (modified) (history) /trunk/extensions/RDFIO/stores/SMW_ARC2Store.php (modified) (history)

Diff [purge]

Index: trunk/extensions/RDFIO/stores/SMW_ARC2Store.php
—	—	@@ -1,13 +1,13 @@
2	2	<?php
3	3
	4	+if ( !defined( 'MEDIAWIKI' ) ) {
	5	+ die( 'Not a valid entry point.' );
	6	+}
	7	+
4	8	global $IP;
5	9
6	10	require_once( "$IP/extensions/SemanticMediaWiki/includes/storage/SMW_SQLStore2.php" );
7	11
8		~~-if ( !defined( 'MEDIAWIKI' ) ) {~~
9		~~- die( 'Not a valid entry point.' );~~
10		-}
11		-
12	12	/**
13	13	* SMWARC2Store extends SMWSQLStore2 and forwards all update/delete to ARC2 via SPARQL+
14	14	* queries. The class was based on JosekiStore in the SparqlExtension, which in turn is
Index: trunk/extensions/CreateRedirect/CreateRedirect.body.php
—	—	@@ -23,14 +23,9 @@
24	24	* The bulk of the routines are stored here. This is where all the internal processing actually occurs.
25	25	*/
26	26
27		~~-// Alert the user that this is not a valid entry point to MediaWiki if they try~~
28		~~-// to access the file directly.~~
29		~~-if ( !defined( 'MEDIAWIKI' ) ) {~~
30		~~- echo <<<EOT~~
31		~~-To install the CreateRedirect extension, put the following line in LocalSettings.php:~~
32		~~-require_once( "$IP/extensions/CreateRedirect/CreateRedirect.php" );~~
33		~~-EOT;~~
34		~~- exit( 1 );~~
	27	+if( !defined( 'MEDIAWIKI' ) ) {
	28	+ echo( "This file is an extension to the MediaWiki software and cannot be used standalone.\n" );
	29	+ die( 1 );
35	30	}
36	31
37	32	class SpecialCreateRedirect extends SpecialPage {
Index: trunk/extensions/CreateRedirect/CreateRedirect.php
—	—	@@ -29,14 +29,9 @@
30	30	* along with CreateRedirect. If not, see <http://www.gnu.org/licenses/>.
31	31	*/
32	32
33		~~-// Alert the user that this is not a valid entry point to MediaWiki if they try~~
34		~~-// to access the file directly.~~
35		~~-if ( !defined( 'MEDIAWIKI' ) ) {~~
36		~~- echo <<<EOT~~
37		~~-To install the CreateRedirect extension, put the following line in LocalSettings.php:~~
38		~~-require_once( "\$IP/extensions/CreateRedirect/CreateRedirect.php" );~~
39		~~-EOT;~~
40		~~- exit( 1 );~~
	33	+if( !defined( 'MEDIAWIKI' ) ) {
	34	+ echo( "This file is an extension to the MediaWiki software and cannot be used standalone.\n" );
	35	+ die( 1 );
41	36	}
42	37
43	38	// Add this extension to Special:Credits.

Status & tagging log

13:11, 2 February 2011 Reedy (talk | contribs) changed the status of r80843 [removed: new added: deferred]