dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
a250e5d
)
Sanitize cleanCallback on wakeup. Extra security check for APIs like SecurePoll/auth...
author
Tim Starling
<tstarling@users.mediawiki.org>
Thu, 30 Apr 2009 05:21:27 +0000
(
05:21
+0000)
committer
Tim Starling
<tstarling@users.mediawiki.org>
Thu, 30 Apr 2009 05:21:27 +0000
(
05:21
+0000)
includes/Status.php
patch
|
blob
|
history
diff --git
a/includes/Status.php
b/includes/Status.php
index
1eb2b66
..
516ed95
100644
(file)
--- a/
includes/Status.php
+++ b/
includes/Status.php
@@
-84,6
+84,13
@@
class Status {
$this->ok = false;
}
+ /**
+ * Sanitize the callback parameter on wakeup, to avoid arbitrary execution.
+ */
+ function __wakeup() {
+ $this->cleanCallback = false;
+ }
+
protected function cleanParams( $params ) {
if ( !$this->cleanCallback ) {
return $params;