From: Tim Starling Date: Wed, 10 Jun 2009 05:29:40 +0000 (+0000) Subject: Use require not include when sourcing commandLine.inc, to avoid possible web executio... X-Git-Tag: 1.31.0-rc.0~41427 X-Git-Url: http://git.cyclocoop.org/ecrire?a=commitdiff_plain;h=6071253b634e7ea58d6aa655edbfb167fc136846;p=lhc%2Fweb%2Fwiklou.git Use require not include when sourcing commandLine.inc, to avoid possible web execution when the web server is configured strangely. Detected during automated security scanning. For backport to 1.15. --- diff --git a/maintenance/dumpInterwiki.php b/maintenance/dumpInterwiki.php index 91cdbe8a8c..f5f22f3cfe 100644 --- a/maintenance/dumpInterwiki.php +++ b/maintenance/dumpInterwiki.php @@ -12,8 +12,8 @@ $oldCwd = getcwd(); $optionsWithArgs = array( "o" ); -include_once( "commandLine.inc" ); -include_once( "dumpInterwiki.inc" ); +require( "commandLine.inc" ); +require( "dumpInterwiki.inc" ); chdir( $oldCwd ); # Output diff --git a/maintenance/findhooks.php b/maintenance/findhooks.php index d7cad253c6..64fe9a549b 100644 --- a/maintenance/findhooks.php +++ b/maintenance/findhooks.php @@ -21,8 +21,7 @@ */ /** This is a command line script*/ -include('commandLine.inc'); - +require('commandLine.inc'); # GLOBALS $doc = $IP . '/docs/hooks.txt'; @@ -156,4 +155,4 @@ printArray('not found', $deprecated ); printArray('unclear hook calls', $bad ); if ( count( $todo ) == 0 && count( $deprecated ) == 0 && count( $bad ) == 0 ) - echo "Looks good!\n"; \ No newline at end of file + echo "Looks good!\n"; diff --git a/maintenance/fuzz-tester.php b/maintenance/fuzz-tester.php index f401215c86..124857020b 100644 --- a/maintenance/fuzz-tester.php +++ b/maintenance/fuzz-tester.php @@ -169,7 +169,7 @@ TODO: /////////////////////////// COMMAND LINE HELP //////////////////////////////////// // This is a command line script, load MediaWiki env (gives command line options); -include('commandLine.inc'); +require('commandLine.inc'); // if the user asked for an explanation of command line options. if ( isset( $options["help"] ) ) { diff --git a/maintenance/rebuildInterwiki.php b/maintenance/rebuildInterwiki.php index 9a3cfd98bb..8a25ce3c1e 100644 --- a/maintenance/rebuildInterwiki.php +++ b/maintenance/rebuildInterwiki.php @@ -12,8 +12,8 @@ $oldCwd = getcwd(); $optionsWithArgs = array( "d" ); -include_once( "commandLine.inc" ); -include_once( "rebuildInterwiki.inc" ); +require( "commandLine.inc" ); +require( "rebuildInterwiki.inc" ); chdir( $oldCwd ); # Output