From: Tim Starling <tstarling@users.mediawiki.org>
Date: Thu, 30 Apr 2009 05:21:27 +0000 (+0000)
Subject: Sanitize cleanCallback on wakeup. Extra security check for APIs like SecurePoll/auth... 
X-Git-Tag: 1.31.0-rc.0~41932
X-Git-Url: http://git.cyclocoop.org/%7B%7B%20url_for%28%27admin_vote_add%27%29%20%7D%7D?a=commitdiff_plain;h=cd367dabbd5b07f3d2d0e928a73fb15513b83c90;p=lhc%2Fweb%2Fwiklou.git

Sanitize cleanCallback on wakeup. Extra security check for APIs like SecurePoll/auth-api.php.
---

diff --git a/includes/Status.php b/includes/Status.php
index 1eb2b66a45..516ed95bcd 100644
--- a/includes/Status.php
+++ b/includes/Status.php
@@ -84,6 +84,13 @@ class Status {
 		$this->ok = false;
 	}
 
+	/**
+	 * Sanitize the callback parameter on wakeup, to avoid arbitrary execution.
+	 */
+	function __wakeup() {
+		$this->cleanCallback = false;
+	}
+
 	protected function cleanParams( $params ) {
 		if ( !$this->cleanCallback ) {
 			return $params;