[MediaWiki-commits] [Gerrit] (Bug 45355) Read of arbitrary files through mwdoc-filter.php - change (mediawiki/core)

Mon, 04 Mar 2013 11:53:55 -0800 

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/50751


Change subject: (Bug 45355) Read of arbitrary files through mwdoc-filter.php
......................................................................

(Bug 45355) Read of arbitrary files through mwdoc-filter.php

The file maintenance/mwdoc-filter.php can be abused under certain server
configurations to read the contents of arbitrary files.

In case you
 - you have deleted the maintenance folder or
 - you have that folder denied in the server configuration or
 - the server is processing .htaccess overrides or
 - you are using PHP 5.4.0 (or later) or
 - you have register_globals disabled
it is believed that you are not vulnerable.

See https://bugzilla.wikimedia.org/45355 for details.

Change-Id: I3c49439b25896a6100ce415629353bccfc84490a
---
M maintenance/mwdoc-filter.php
1 file changed, 4 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/51/50751/1

diff --git a/maintenance/mwdoc-filter.php b/maintenance/mwdoc-filter.php
index ab05a3e..6eeb48d 100644
--- a/maintenance/mwdoc-filter.php
+++ b/maintenance/mwdoc-filter.php
@@ -11,6 +11,10 @@
  * @file
  */
 
+if ( PHP_SAPI != 'cli' ) {
+       die( "This filter can only be run from the command line.\n" );
+}
+
 $source = file_get_contents( $argv[1] );
 $regexp = 
'#\@var\s+([^\s]+)([^/]+)/\s+(var|public|protected|private)\s+(\$[^\s;=]+)#';
 $replac = '${2} */ ${3} ${1} ${4}';

-- 
To view, visit https://gerrit.wikimedia.org/r/50751
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I3c49439b25896a6100ce415629353bccfc84490a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_20
Gerrit-Owner: Platonides <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: MarkAHershberger <[email protected]>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to