diff options
| author | Tim Starling <tstarling@users.mediawiki.org> | 2009-06-10 05:53:28 +0000 |
|---|---|---|
| committer | Tim Starling <tstarling@users.mediawiki.org> | 2009-06-10 05:53:28 +0000 |
| commit | 781e0c79ae6c950bb23f5795a4bde0d38ec46dd1 (patch) | |
| tree | 0b36431061857484f7f47f21534c154dacdeea79 | |
| parent | 6ac32f64bc12ed4763c4f1d37f71bc3d1945277e (diff) | |
Backported r51680 (use require not include) and added release notes.1.15.0
Notes
http://mediawiki.org/wiki/Special:Code/MediaWiki/51684
| -rw-r--r-- | RELEASE-NOTES | 3 | ||||
| -rw-r--r-- | maintenance/dumpInterwiki.php | 4 | ||||
| -rw-r--r-- | maintenance/findhooks.php | 5 | ||||
| -rw-r--r-- | maintenance/fuzz-tester.php | 2 | ||||
| -rw-r--r-- | maintenance/rebuildInterwiki.php | 4 |
5 files changed, 10 insertions, 8 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index f672cb31a354..f6d2523e396f 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -28,6 +28,9 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN installer. * (bug 19127) Documentation warning for PostgreSQL users who run update.php: use the same user in AdminSettings.php as in LocalSettings.php. +* Fixed possible web invocation of some maintenance scripts, due to the use of + include() instead of require(). A full exploit would require a very strange + web server configuration. * Localisation updates. === Configuration changes in 1.15 === diff --git a/maintenance/dumpInterwiki.php b/maintenance/dumpInterwiki.php index 91cdbe8a8cf0..f5f22f3cfea3 100644 --- a/maintenance/dumpInterwiki.php +++ b/maintenance/dumpInterwiki.php @@ -12,8 +12,8 @@ $oldCwd = getcwd(); $optionsWithArgs = array( "o" ); -include_once( "commandLine.inc" ); -include_once( "dumpInterwiki.inc" ); +require( "commandLine.inc" ); +require( "dumpInterwiki.inc" ); chdir( $oldCwd ); # Output diff --git a/maintenance/findhooks.php b/maintenance/findhooks.php index d7cad253c642..64fe9a549bba 100644 --- a/maintenance/findhooks.php +++ b/maintenance/findhooks.php @@ -21,8 +21,7 @@ */ /** This is a command line script*/ -include('commandLine.inc'); - +require('commandLine.inc'); # GLOBALS $doc = $IP . '/docs/hooks.txt'; @@ -156,4 +155,4 @@ printArray('not found', $deprecated ); printArray('unclear hook calls', $bad ); if ( count( $todo ) == 0 && count( $deprecated ) == 0 && count( $bad ) == 0 ) - echo "Looks good!\n";
\ No newline at end of file + echo "Looks good!\n"; diff --git a/maintenance/fuzz-tester.php b/maintenance/fuzz-tester.php index 1ca496aeb2fc..9c1ddaff294b 100644 --- a/maintenance/fuzz-tester.php +++ b/maintenance/fuzz-tester.php @@ -169,7 +169,7 @@ TODO: /////////////////////////// COMMAND LINE HELP //////////////////////////////////// // This is a command line script, load MediaWiki env (gives command line options); -include('commandLine.inc'); +require('commandLine.inc'); // if the user asked for an explanation of command line options. if ( isset( $options["help"] ) ) { diff --git a/maintenance/rebuildInterwiki.php b/maintenance/rebuildInterwiki.php index 9a3cfd98bb01..8a25ce3c1e65 100644 --- a/maintenance/rebuildInterwiki.php +++ b/maintenance/rebuildInterwiki.php @@ -12,8 +12,8 @@ $oldCwd = getcwd(); $optionsWithArgs = array( "d" ); -include_once( "commandLine.inc" ); -include_once( "rebuildInterwiki.inc" ); +require( "commandLine.inc" ); +require( "rebuildInterwiki.inc" ); chdir( $oldCwd ); # Output |