jenkins-bot has submitted this change and it was merged. Change subject: (Bug 45355) Read of arbitrary files through mwdoc-filter.php ......................................................................
(Bug 45355) Read of arbitrary files through mwdoc-filter.php The file maintenance/mwdoc-filter.php can be abused under certain server configurations to read the contents of arbitrary files. In case you - you have deleted the maintenance folder or - you have that folder denied in the server configuration or - the server is processing .htaccess overrides or - you are using PHP 5.4.0 (or later) or - you have register_globals disabled it is believed that you are not vulnerable. See https://bugzilla.wikimedia.org/45355 for details. Change-Id: I3c49439b25896a6100ce415629353bccfc84490a --- M maintenance/mwdoc-filter.php 1 file changed, 4 insertions(+), 0 deletions(-) Approvals: CSteipp: Looks good to me, approved Reedy: Verified; Looks good to me, approved jenkins-bot: Verified diff --git a/maintenance/mwdoc-filter.php b/maintenance/mwdoc-filter.php index ab05a3e..6eeb48d 100644 --- a/maintenance/mwdoc-filter.php +++ b/maintenance/mwdoc-filter.php @@ -11,6 +11,10 @@ * @file */ +if ( PHP_SAPI != 'cli' ) { + die( "This filter can only be run from the command line.\n" ); +} + $source = file_get_contents( $argv[1] ); $regexp = '#\@var\s+([^\s]+)([^/]+)/\s+(var|public|protected|private)\s+(\$[^\s;=]+)#'; $replac = '${2} */ ${3} ${1} ${4}'; -- To view, visit https://gerrit.wikimedia.org/r/52094 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I3c49439b25896a6100ce415629353bccfc84490a Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/core Gerrit-Branch: wmf/1.21wmf11 Gerrit-Owner: CSteipp <[email protected]> Gerrit-Reviewer: CSteipp <[email protected]> Gerrit-Reviewer: Platonides <[email protected]> Gerrit-Reviewer: Reedy <[email protected]> Gerrit-Reviewer: jenkins-bot _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
