From 007bfbf83578df5010415d5822c6aec057ffaa88 Mon Sep 17 00:00:00 2001 From: Thiemo Kreuz Date: Thu, 28 Feb 2019 09:55:50 +0100 Subject: [PATCH] maintenance: Add missing limit parameters to some explode() This is, in theory, a loophole that can not only cause such code to consume suprising amounts of memory and runtime. It can also create suprising results. For example, an input like -param="might contain a = char" might result in a cut-off value. Not so much of a problem in a maintenance script. But still good practice, I find. Change-Id: I14fb278e6fdb61d0c486ca7e23229851ea479408 --- maintenance/Maintenance.php | 2 +- maintenance/includes/BackupDumper.php | 9 ++------- maintenance/purgeChangedFiles.php | 2 +- maintenance/purgeChangedPages.php | 2 +- maintenance/updateRestrictions.php | 2 +- 5 files changed, 6 insertions(+), 11 deletions(-) diff --git a/maintenance/Maintenance.php b/maintenance/Maintenance.php index f3c2e12da2..b638b42dff 100644 --- a/maintenance/Maintenance.php +++ b/maintenance/Maintenance.php @@ -1251,7 +1251,7 @@ abstract class Maintenance { $settingsFile = "$IP/LocalSettings.php"; } if ( isset( $this->mOptions['wiki'] ) ) { - $bits = explode( '-', $this->mOptions['wiki'] ); + $bits = explode( '-', $this->mOptions['wiki'], 2 ); if ( count( $bits ) == 1 ) { $bits[] = ''; } diff --git a/maintenance/includes/BackupDumper.php b/maintenance/includes/BackupDumper.php index 31fe33fa9c..673ea7f864 100644 --- a/maintenance/includes/BackupDumper.php +++ b/maintenance/includes/BackupDumper.php @@ -165,15 +165,12 @@ abstract class BackupDumper extends Maintenance { switch ( $opt ) { case 'plugin': - $val = explode( ':', $param ); + $val = explode( ':', $param, 2 ); if ( count( $val ) === 1 ) { $this->loadPlugin( $val[0], '' ); } elseif ( count( $val ) === 2 ) { $this->loadPlugin( $val[0], $val[1] ); - } else { - $this->fatalError( 'Invalid plugin parameter' ); - return; } break; @@ -202,7 +199,7 @@ abstract class BackupDumper extends Maintenance { $sink = new DumpOutput(); } - $split = explode( ':', $param ); + $split = explode( ':', $param, 2 ); $key = $split[0]; if ( !isset( $this->filterTypes[$key] ) ) { @@ -215,8 +212,6 @@ abstract class BackupDumper extends Maintenance { $filter = new $type( $sink ); } elseif ( count( $split ) === 2 ) { $filter = new $type( $sink, $split[1] ); - } else { - $this->fatalError( 'Invalid filter parameter' ); } // references are lame in php... diff --git a/maintenance/purgeChangedFiles.php b/maintenance/purgeChangedFiles.php index 7d5d40b361..29a36d552c 100644 --- a/maintenance/purgeChangedFiles.php +++ b/maintenance/purgeChangedFiles.php @@ -77,7 +77,7 @@ class PurgeChangedFiles extends Maintenance { global $wgHTCPRouting; if ( $this->hasOption( 'htcp-dest' ) ) { - $parts = explode( ':', $this->getOption( 'htcp-dest' ) ); + $parts = explode( ':', $this->getOption( 'htcp-dest' ), 2 ); if ( count( $parts ) < 2 ) { // Add default htcp port $parts[] = '4827'; diff --git a/maintenance/purgeChangedPages.php b/maintenance/purgeChangedPages.php index 22020e7d06..feeac92b0e 100644 --- a/maintenance/purgeChangedPages.php +++ b/maintenance/purgeChangedPages.php @@ -52,7 +52,7 @@ class PurgeChangedPages extends Maintenance { global $wgHTCPRouting; if ( $this->hasOption( 'htcp-dest' ) ) { - $parts = explode( ':', $this->getOption( 'htcp-dest' ) ); + $parts = explode( ':', $this->getOption( 'htcp-dest' ), 2 ); if ( count( $parts ) < 2 ) { // Add default htcp port $parts[] = '4827'; diff --git a/maintenance/updateRestrictions.php b/maintenance/updateRestrictions.php index 668ba790fa..dec0bb6914 100644 --- a/maintenance/updateRestrictions.php +++ b/maintenance/updateRestrictions.php @@ -71,7 +71,7 @@ class UpdateRestrictions extends Maintenance { foreach ( $res as $row ) { $oldRestrictions = []; foreach ( explode( ':', trim( $row->page_restrictions ) ) as $restrict ) { - $temp = explode( '=', trim( $restrict ) ); + $temp = explode( '=', trim( $restrict ), 2 ); // Make sure we are not settings restrictions to "" if ( count( $temp ) == 1 && $temp[0] ) { // old old format should be treated as edit/move restriction -- 2.20.1