Ignore long git hashes for eval-stdin.php

[lhc/web/wiklou.git] / maintenance / update.php

diff --git a/maintenance/update.php b/maintenance/update.php
index d96cecd..f8f5dcd 100755 (executable)
--- a/maintenance/update.php
+++ b/maintenance/update.php
@@ -27,6 +27,8 @@
 
 require_once __DIR__ . '/Maintenance.php';
 
+use Wikimedia\Rdbms\IMaintainableDatabase;
+
 /**
  * Maintenance script to run database schema updates.
  *
@@ -126,7 +128,7 @@ class UpdateMediaWiki extends Maintenance {
                        $this->compatChecks();
                } else {
                        $this->output( "Skipping compatibility checks, proceed at your own risk (Ctrl+C to abort)\n" );
-                       wfCountDown( 5 );
+                       $this->countDown( 5 );
                }
 
                // Check external dependencies are up to date
@@ -143,9 +145,19 @@ class UpdateMediaWiki extends Maintenance {
                # This will vomit up an error if there are permissions problems
                $db = $this->getDB( DB_MASTER );
 
+               # Check to see whether the database server meets the minimum requirements
+               /** @var DatabaseInstaller $dbInstallerClass */
+               $dbInstallerClass = Installer::getDBInstallerClass( $db->getType() );
+               $status = $dbInstallerClass::meetsMinimumRequirement( $db->getServerVersion() );
+               if ( !$status->isOK() ) {
+                       // This might output some wikitext like <strong> but it should be comprehensible
+                       $text = $status->getWikiText();
+                       $this->error( $text, 1 );
+               }
+
                $this->output( "Going to run database updates for " . wfWikiID() . "\n" );
                if ( $db->getType() === 'sqlite' ) {
-                       /** @var Database|DatabaseSqlite $db */
+                       /** @var IMaintainableDatabase|DatabaseSqlite $db */
                        $this->output( "Using SQLite file: '{$db->getDbFilePath()}'\n" );
                }
                $this->output( "Depending on the size of your database this may take a while!\n" );
@@ -153,11 +165,31 @@ class UpdateMediaWiki extends Maintenance {
                if ( !$this->hasOption( 'quick' ) ) {
                        $this->output( "Abort with control-c in the next five seconds "
                                . "(skip this countdown with --quick) ... " );
-                       wfCountDown( 5 );
+                       $this->countDown( 5 );
                }
 
                $time1 = microtime( true );
 
+               $badPhpUnit = dirname( __DIR__ ) . '/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php';
+               if ( file_exists( $badPhpUnit ) ) {
+                       // @codingStandardsIgnoreStart Generic.Files.LineLength.TooLong
+                       // Bad versions of the file are:
+                       // https://raw.githubusercontent.com/sebastianbergmann/phpunit/c820f915bfae34e5a836f94967a2a5ea5ef34f21/src/Util/PHP/eval-stdin.php
+                       // https://raw.githubusercontent.com/sebastianbergmann/phpunit/3aaddb1c5bd9b9b8d070b4cf120e71c36fd08412/src/Util/PHP/eval-stdin.php
+                       // @codingStandardsIgnoreEnd
+                       $md5 = md5_file( $badPhpUnit );
+                       if ( $md5 === '120ac49800671dc383b6f3709c25c099'
+                               || $md5 === '28af792cb38fc9a1b236b91c1aad2876'
+                       ) {
+                               $success = unlink( $badPhpUnit );
+                               if ( $success ) {
+                                       $this->output( "Removed PHPUnit eval-stdin.php to protect against CVE-2017-9841\n" );
+                               } else {
+                                       $this->error( "Unable to remove $badPhpUnit, you should manually. See CVE-2017-9841" );
+                               }
+                       }
+               }
+
                $shared = $this->hasOption( 'doshared' );
 
                $updates = [ 'core', 'extensions' ];