diff options
| author | Thiemo Kreuz <thiemo.kreuz@wikimedia.de> | 2019-02-28 09:55:50 +0100 |
|---|---|---|
| committer | Umherirrender <umherirrender_de.wp@web.de> | 2019-03-01 17:17:40 +0000 |
| commit | 007bfbf83578df5010415d5822c6aec057ffaa88 (patch) | |
| tree | e5f9cbdf3cf0571a6d34eacc0d4bfd00f7004a2c /maintenance | |
| parent | 9b4461c1b8027049d575bc66b45a1545bd506188 (diff) | |
| download | mediawikicore-007bfbf83578df5010415d5822c6aec057ffaa88.tar.gz mediawikicore-007bfbf83578df5010415d5822c6aec057ffaa88.zip | |
maintenance: Add missing limit parameters to some explode()
This is, in theory, a loophole that can not only cause such code to
consume suprising amounts of memory and runtime. It can also create
suprising results. For example, an input like
-param="might contain a = char"
might result in a cut-off value.
Not so much of a problem in a maintenance script. But still good
practice, I find.
Change-Id: I14fb278e6fdb61d0c486ca7e23229851ea479408
Diffstat (limited to 'maintenance')
| -rw-r--r-- | maintenance/Maintenance.php | 2 | ||||
| -rw-r--r-- | maintenance/includes/BackupDumper.php | 9 | ||||
| -rw-r--r-- | maintenance/purgeChangedFiles.php | 2 | ||||
| -rw-r--r-- | maintenance/purgeChangedPages.php | 2 | ||||
| -rw-r--r-- | maintenance/updateRestrictions.php | 2 |
5 files changed, 6 insertions, 11 deletions
diff --git a/maintenance/Maintenance.php b/maintenance/Maintenance.php index f3c2e12da22e..b638b42dff56 100644 --- a/maintenance/Maintenance.php +++ b/maintenance/Maintenance.php @@ -1251,7 +1251,7 @@ abstract class Maintenance { $settingsFile = "$IP/LocalSettings.php"; } if ( isset( $this->mOptions['wiki'] ) ) { - $bits = explode( '-', $this->mOptions['wiki'] ); + $bits = explode( '-', $this->mOptions['wiki'], 2 ); if ( count( $bits ) == 1 ) { $bits[] = ''; } diff --git a/maintenance/includes/BackupDumper.php b/maintenance/includes/BackupDumper.php index 31fe33fa9c6b..673ea7f86475 100644 --- a/maintenance/includes/BackupDumper.php +++ b/maintenance/includes/BackupDumper.php @@ -165,15 +165,12 @@ abstract class BackupDumper extends Maintenance { switch ( $opt ) { case 'plugin': - $val = explode( ':', $param ); + $val = explode( ':', $param, 2 ); if ( count( $val ) === 1 ) { $this->loadPlugin( $val[0], '' ); } elseif ( count( $val ) === 2 ) { $this->loadPlugin( $val[0], $val[1] ); - } else { - $this->fatalError( 'Invalid plugin parameter' ); - return; } break; @@ -202,7 +199,7 @@ abstract class BackupDumper extends Maintenance { $sink = new DumpOutput(); } - $split = explode( ':', $param ); + $split = explode( ':', $param, 2 ); $key = $split[0]; if ( !isset( $this->filterTypes[$key] ) ) { @@ -215,8 +212,6 @@ abstract class BackupDumper extends Maintenance { $filter = new $type( $sink ); } elseif ( count( $split ) === 2 ) { $filter = new $type( $sink, $split[1] ); - } else { - $this->fatalError( 'Invalid filter parameter' ); } // references are lame in php... diff --git a/maintenance/purgeChangedFiles.php b/maintenance/purgeChangedFiles.php index 7d5d40b361b4..29a36d552cff 100644 --- a/maintenance/purgeChangedFiles.php +++ b/maintenance/purgeChangedFiles.php @@ -77,7 +77,7 @@ class PurgeChangedFiles extends Maintenance { global $wgHTCPRouting; if ( $this->hasOption( 'htcp-dest' ) ) { - $parts = explode( ':', $this->getOption( 'htcp-dest' ) ); + $parts = explode( ':', $this->getOption( 'htcp-dest' ), 2 ); if ( count( $parts ) < 2 ) { // Add default htcp port $parts[] = '4827'; diff --git a/maintenance/purgeChangedPages.php b/maintenance/purgeChangedPages.php index 22020e7d0640..feeac92b0eaa 100644 --- a/maintenance/purgeChangedPages.php +++ b/maintenance/purgeChangedPages.php @@ -52,7 +52,7 @@ class PurgeChangedPages extends Maintenance { global $wgHTCPRouting; if ( $this->hasOption( 'htcp-dest' ) ) { - $parts = explode( ':', $this->getOption( 'htcp-dest' ) ); + $parts = explode( ':', $this->getOption( 'htcp-dest' ), 2 ); if ( count( $parts ) < 2 ) { // Add default htcp port $parts[] = '4827'; diff --git a/maintenance/updateRestrictions.php b/maintenance/updateRestrictions.php index 668ba790fa1d..dec0bb69142b 100644 --- a/maintenance/updateRestrictions.php +++ b/maintenance/updateRestrictions.php @@ -71,7 +71,7 @@ class UpdateRestrictions extends Maintenance { foreach ( $res as $row ) { $oldRestrictions = []; foreach ( explode( ':', trim( $row->page_restrictions ) ) as $restrict ) { - $temp = explode( '=', trim( $restrict ) ); + $temp = explode( '=', trim( $restrict ), 2 ); // Make sure we are not settings restrictions to "" if ( count( $temp ) == 1 && $temp[0] ) { // old old format should be treated as edit/move restriction |