From 53856406a6bf2dc9fe01fdd3a47f2e428abb0671 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Thu, 14 Oct 2004 02:13:12 +0000 Subject: [PATCH] Clean up a few scriptlets --- img_auth.php | 18 +++++++++++++++--- includes/Database.php | 2 +- includes/killthread.php | 13 +++++++++---- includes/proxy_check.php | 4 ++++ index.php | 6 +++--- 5 files changed, 32 insertions(+), 11 deletions(-) diff --git a/img_auth.php b/img_auth.php index 803ec15e57..4ec68ea44b 100644 --- a/img_auth.php +++ b/img_auth.php @@ -8,9 +8,14 @@ # Valid web server entry point, enable includes define( "MEDIAWIKI", true ); +require_once( "includes/Defines.php" ); require_once( "./LocalSettings.php" ); require_once( "includes/Setup.php" ); +if( !isset( $_SERVER['PATH_INFO'] ) ) { + wfForbidden(); +} + # Get filenames/directories $filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] ); $realUploadDirectory = realpath( $wgUploadDirectory ); @@ -25,10 +30,19 @@ if ( is_array( $wgWhitelistRead ) && !in_array( $imageName, $wgWhitelistRead ) & wfForbidden(); } +if( !file_exists( $filename ) ) { + wfForbidden(); +} +if( is_dir( $filename ) ) { + wfForbidden(); +} + # Write file $type = wfGetType( $filename ); if ( $type ) { header("Content-type: $type"); +} else { + header("Content-type: application/x-wiki"); } readfile( $filename ); @@ -128,8 +142,6 @@ model/mesh msh mesh silo model/vrml wrl vrml text/calendar ics ifb text/css css -text/html html htm -text/plain asc txt text/richtext rtx text/rtf rtf text/sgml sgml sgm @@ -147,7 +159,7 @@ END_STRING; $endl = " "; $types = explode( $endl, $types ); - if ( !preg_match( "/\.(.*?)$/", $filename, $matches ) ) { + if ( !preg_match( "/\.([^.]*?)$/", $filename, $matches ) ) { return false; } diff --git a/includes/Database.php b/includes/Database.php index 2d6c87d0b0..982e81c3de 100644 --- a/includes/Database.php +++ b/includes/Database.php @@ -836,7 +836,7 @@ class Database { if( function_exists( 'mysql_thread_id' ) ) { # This will kill the query if it's still running after $timeout seconds. $tid = mysql_thread_id( $this->mConn ); - exec( "php $IP/killthread.php $timeout $tid &>/dev/null &" ); + exec( "php $IP/includes/killthread.php $timeout $tid &>/dev/null &" ); } } diff --git a/includes/killthread.php b/includes/killthread.php index ce7e4a92b2..669a7ce7d4 100644 --- a/includes/killthread.php +++ b/includes/killthread.php @@ -7,15 +7,20 @@ /** * */ +if( php_sapi_name() != 'cli' ) { + die(''); +} + +define( 'MEDIAWIKI', 1 ); $wgCommandLineMode = true; unset( $IP ); ini_set( 'allow_url_fopen', 0 ); # For security... -require_once( './LocalSettings.php' ); +require_once( '../LocalSettings.php' ); -# Windows requires ';' as separator, ':' for Unix -$sep = strchr( $include_path = ini_get( 'include_path' ), ';' ) ? ';' : ':'; -ini_set( 'include_path', "$IP$sep$include_path" ); +if( !$wgAllowSysopQueries ) { + die( "Queries disabled.\n" ); +} require_once( 'Setup.php' ); diff --git a/includes/proxy_check.php b/includes/proxy_check.php index b017f3211c..583e8fdb00 100644 --- a/includes/proxy_check.php +++ b/includes/proxy_check.php @@ -4,6 +4,10 @@ * @package MediaWiki */ +if( php_sapi_name() != 'cli' ) { + die(''); +} + /** * */ diff --git a/index.php b/index.php index 39c815a889..dec3d897a5 100644 --- a/index.php +++ b/index.php @@ -153,10 +153,10 @@ if( !is_null( $search ) && $search !== '' ) { wfCreativeCommonsRdf( $wgArticle ); } break; - case "credits": - require_once( "includes/Credits.php" ); + case "credits": + require_once( "includes/Credits.php" ); showCreditsPage( $wgArticle ); - break; + break; case "edit": case "submit": if( !$wgCommandLineMode && !$wgRequest->checkSessionCookie() ) { -- 2.20.1