The file maintenance/mwdoc-filter.php can be abused under certain server
configurations to read the contents of arbitrary files.
In case you
- you have deleted the maintenance folder or
- you have that folder denied in the server configuration or
- the server is processing .htaccess overrides or
- you are using PHP 5.4.0 (or later) or
- you have register_globals disabled
it is believed that you are not vulnerable.
See https://bugzilla.wikimedia.org/45355 for details.
Change-Id: I3c49439b25896a6100ce415629353bccfc84490a
* @file
*/
+if ( PHP_SAPI != 'cli' ) {
+ die( "This filter can only be run from the command line.\n" );
+}
+
$source = file_get_contents( $argv[1] );
$regexp = '#\@var\s+([^\s]+)([^/]+)/\s+(var|public|protected|private)\s+(\$[^\s;=]+)#';
$replac = '${2} */ ${3} ${1} ${4}';