Fix potential arbitrary script execution vulnerability. Doesn't seem to be exploitabl...

diff --git a/maintenance/Maintenance.php b/maintenance/Maintenance.php
index 394b0a4..5855011 100644 (file)
--- a/maintenance/Maintenance.php
+++ b/maintenance/Maintenance.php
@@ -1,6 +1,7 @@
 <?php
 // Define this so scripts can easily find doMaintenance.php
 define( 'DO_MAINTENANCE', dirname( __FILE__ ) . '/doMaintenance.php' );
+$maintClass = false;
 
 // Make sure we're on PHP5 or better
 if( version_compare( PHP_VERSION, '5.0.0' ) < 0 ) {

diff --git a/maintenance/doMaintenance.php b/maintenance/doMaintenance.php
index a4afe07..57e34fe 100644 (file)
--- a/maintenance/doMaintenance.php
+++ b/maintenance/doMaintenance.php
@@ -26,11 +26,16 @@
  * @ingroup Maintenance
  */
 
+if ( !defined( 'DO_MAINTENANCE' ) ) {
+       echo "This file must be included after Maintenance.php\n";
+       exit( 1 );
+}
+
 error_reporting( E_ALL | E_STRICT );
 
-if( !isset( $maintClass ) || !class_exists( $maintClass ) ) {
+if( !$maintClass || !class_exists( $maintClass ) ) {
        echo "\$maintClass is not set or is set to a non-existent class.";
-       die();
+       exit( 1 );
 }
 
 if( defined( 'MW_NO_SETUP' ) ) {
@@ -60,7 +65,7 @@ if( file_exists( dirname(__FILE__).'/wikimedia-mode' ) ) {
        # Maybe a hook?
        global $cluster;
        $wgWikiFarm = true;
-       $cluster = 'pmtma';
+       $cluster = 'pmtpa';
        require_once( "$IP/includes/AutoLoader.php" );
        require_once( "$IP/includes/SiteConfiguration.php" );
        require( "$IP/wgConf.php" );