From 975acd11b2364215cc090ebabd31db17c651cce4 Mon Sep 17 00:00:00 2001
From: Daniel Friesen <dantman@users.mediawiki.org>
Date: Tue, 20 Mar 2012 22:58:34 +0000
Subject: [PATCH] Security paranoia, reject requests to router.php that aren't
 from the cli-server sapi.

---
 maintenance/dev/includes/router.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/maintenance/dev/includes/router.php b/maintenance/dev/includes/router.php
index 9067ba8fcf..95bb1faf6e 100644
--- a/maintenance/dev/includes/router.php
+++ b/maintenance/dev/includes/router.php
@@ -3,6 +3,10 @@
 # Router for the php cli-server built-in webserver
 # http://ca2.php.net/manual/en/features.commandline.webserver.php
 
+if ( php_sapi_name() != 'cli-server' ) {
+	die( "This script can only be run by php's cli-server sapi." );
+}
+
 ini_set('display_errors', 1);
 error_reporting(E_ALL);
 
-- 
2.20.1