> What are the options for reverting this fix (while keeping security)?

Thanks for the help on this, Anatoliy and Chris.

In my opinion, it is too late to revert the new behaviour.

I currently have this in my codebase:

        if (version_compare(PHP_VERSION, '5.3.11') >= 0) {
                $magicfile = 'magic_php-gte-5_3_11.mgc';
        } else {
                $magicfile = 'magic_php-lt-5-3-11.mgc';
        $magicpath = __DIR__ . "/../../../config/{$magicfile}";
        $finfo = new finfo(FILEINFO_MIME_TYPE, $magicpath);

Adding additional ifelse clauses for (e.g.) 5.3.13 and 5.4.2, etc. sounds like 
a nightmare.
The only way I could see this working is if the magic db parser somehow tries 
*both* the old and new methods, and frankly, I don't think it's worth it at 
this point.

This really should never have gone into .11 in the first place. The damage is 
done; let's not make it worse.


Reply via email to