dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eb01d8f)
workaround for any current or future exploit of the $GLOBALS overwrite vulnerability
authorTim Starling <tstarling@users.mediawiki.org>
Mon, 31 Oct 2005 21:14:07 +0000 (21:14 +0000)
committerTim Starling <tstarling@users.mediawiki.org>
Mon, 31 Oct 2005 21:14:07 +0000 (21:14 +0000)
img_auth.php patch | blob | history
index.php patch | blob | history
profileinfo.php patch | blob | history
redirect.php patch | blob | history
thumb.php patch | blob | history
trackback.php patch | blob | history

diff --git a/img_auth.php b/img_auth.php
index 6f6152e..341b7e2 100644 (file)
--- a/img_auth.php
+++ b/img_auth.php
@@ -10,6 +10,10 @@
 # Valid web server entry point, enable includes
 define( 'MEDIAWIKI', true );
 
+if ( isset( $_REQUEST['GLOBALS'] ) ) {
+       die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
+}
+
 require_once( 'includes/Defines.php' );
 require_once( './LocalSettings.php' );
 require_once( 'includes/Setup.php' );
diff --git a/index.php b/index.php
index d623ae2..478a0c6 100644 (file)
--- a/index.php
+++ b/index.php
@@ -9,6 +9,10 @@ $wgRequestTime = microtime();
 unset( $IP );
 @ini_set( 'allow_url_fopen', 0 ); # For security...
 
+if ( isset( $_REQUEST['GLOBALS'] ) ) {
+       die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
+}
+
 # Valid web server entry point, enable includes.
 # Please don't move this line to includes/Defines.php. This line essentially defines
 # a valid entry point. If you put it in includes/Defines.php, then any script that includes
diff --git a/profileinfo.php b/profileinfo.php
index 1c603b6..2f54fea 100644 (file)
--- a/profileinfo.php
+++ b/profileinfo.php
@@ -48,6 +48,10 @@
 $wgDBadminuser = $wgDBadminpassword = $wgDBserver = $wgDBname = $wgEnableProfileInfo = false;
 
 define("MEDIAWIKI", 1);
+if ( isset( $_REQUEST['GLOBALS'] ) ) {
+       print $GLOBALS;
+       die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
+}
 
 require_once("./includes/Defines.php");
 require_once("./LocalSettings.php");
diff --git a/redirect.php b/redirect.php
index 92a8890..7c7aa3b 100644 (file)
--- a/redirect.php
+++ b/redirect.php
@@ -3,6 +3,9 @@ unset( $DP );
 unset( $IP );
 $wgCommandLineMode = false;
 define( 'MEDIAWIKI', true );
+if ( isset( $_REQUEST['GLOBALS'] ) ) {
+       die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
+}
 
 require_once( './includes/Defines.php' );
 require_once( './LocalSettings.php' );
diff --git a/thumb.php b/thumb.php
index 0183c3f..439b5b5 100644 (file)
--- a/thumb.php
+++ b/thumb.php
@@ -7,6 +7,10 @@
 
 define( 'MEDIAWIKI', true );
 unset( $IP );
+if ( isset( $_REQUEST['GLOBALS'] ) ) {
+       die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
+}
+
 $wgNoOutputBuffer = true;
 
 require_once( './includes/Defines.php' );
diff --git a/trackback.php b/trackback.php
index a2c9d8d..64ca383 100644 (file)
--- a/trackback.php
+++ b/trackback.php
@@ -7,6 +7,10 @@
 
 unset($IP);
 define('MEDIAWIKI', true);
+if ( isset( $_REQUEST['GLOBALS'] ) ) {
+       die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
+}
+
 require_once('./includes/Defines.php');
 
 if (!file_exists('LocalSettings.php'))
Wiklou, le Wiki du Wiklou