From b2301ab354afb1688862a78cdcac76bee91fe81c Mon Sep 17 00:00:00 2001
From: Reedy <reedy@wikimedia.org>
Date: Tue, 28 Mar 2017 21:47:08 +0100
Subject: [PATCH] SECURITY: Don't write LocalisationCache to temporary
 directory

Bug: T161453
Change-Id: I51b375c63fcece908da921c465c861968c9eee1c
---
 RELEASE-NOTES-1.29                                |  4 ++++
 includes/cache/localisation/LocalisationCache.php | 14 ++++++--------
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 25f72a8c0e..8b099bd893 100644
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -35,6 +35,8 @@ production.
 * (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single IPs.
 * $wgDummyLanguageCodes is deprecated. Additional language code mappings may be
   added to $wgExtraLanguageCodes instead.
+* (T161453) LocalisationCache will no longer use the temporary directory in it's
+  fallback chain when trying to work out where to write the cache.
 
 === New features in 1.29 ===
 * (T5233) A cookie can now be set when a user is autoblocked, to track that user
@@ -97,6 +99,8 @@ production.
 * (T156184) SECURITY: Escape content model/format url parameter in message.
 * (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
   declaration.
+* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory
+  in it's fallback chain when trying to work out where to write the cache.
 
 === Action API changes in 1.29 ===
 * Submitting sensitive authentication request parameters to action=login,
diff --git a/includes/cache/localisation/LocalisationCache.php b/includes/cache/localisation/LocalisationCache.php
index cbff113761..d499340d0e 100644
--- a/includes/cache/localisation/LocalisationCache.php
+++ b/includes/cache/localisation/LocalisationCache.php
@@ -212,19 +212,17 @@ class LocalisationCache {
 				case 'detect':
 					if ( !empty( $conf['storeDirectory'] ) ) {
 						$storeClass = 'LCStoreCDB';
+					} elseif ( $wgCacheDirectory ) {
+						$storeConf['directory'] = $wgCacheDirectory;
+						$storeClass = 'LCStoreCDB';
 					} else {
-						$cacheDir = $wgCacheDirectory ?: wfTempDir();
-						if ( $cacheDir ) {
-							$storeConf['directory'] = $cacheDir;
-							$storeClass = 'LCStoreCDB';
-						} else {
-							$storeClass = 'LCStoreDB';
-						}
+						$storeClass = 'LCStoreDB';
 					}
 					break;
 				default:
 					throw new MWException(
-						'Please set $wgLocalisationCacheConf[\'store\'] to something sensible.' );
+						'Please set $wgLocalisationCacheConf[\'store\'] to something sensible.'
+					);
 			}
 		}
 
-- 
2.20.1