X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=maintenance%2Fupdate.php;h=f8f5dcdd0b5b491986ada83e091bcce37df5bc13;hp=ba66c766835f5bf4ce649ee30cf9cda2b0ca06c0;hb=417a83a1a3ddf374dff5a14d8a08cd4c6099d357;hpb=f12e22bb590e86bf2214319d98289e3b323f8ec6

diff --git a/maintenance/update.php b/maintenance/update.php
index ba66c76683..f8f5dcdd0b 100755
--- a/maintenance/update.php
+++ b/maintenance/update.php
@@ -170,6 +170,26 @@ class UpdateMediaWiki extends Maintenance {
 
 		$time1 = microtime( true );
 
+		$badPhpUnit = dirname( __DIR__ ) . '/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php';
+		if ( file_exists( $badPhpUnit ) ) {
+			// @codingStandardsIgnoreStart Generic.Files.LineLength.TooLong
+			// Bad versions of the file are:
+			// https://raw.githubusercontent.com/sebastianbergmann/phpunit/c820f915bfae34e5a836f94967a2a5ea5ef34f21/src/Util/PHP/eval-stdin.php
+			// https://raw.githubusercontent.com/sebastianbergmann/phpunit/3aaddb1c5bd9b9b8d070b4cf120e71c36fd08412/src/Util/PHP/eval-stdin.php
+			// @codingStandardsIgnoreEnd
+			$md5 = md5_file( $badPhpUnit );
+			if ( $md5 === '120ac49800671dc383b6f3709c25c099'
+				|| $md5 === '28af792cb38fc9a1b236b91c1aad2876'
+			) {
+				$success = unlink( $badPhpUnit );
+				if ( $success ) {
+					$this->output( "Removed PHPUnit eval-stdin.php to protect against CVE-2017-9841\n" );
+				} else {
+					$this->error( "Unable to remove $badPhpUnit, you should manually. See CVE-2017-9841" );
+				}
+			}
+		}
+
 		$shared = $this->hasOption( 'doshared' );
 
 		$updates = [ 'core', 'extensions' ];