maintenance: Add missing limit parameters to some explode()

This is, in theory, a loophole that can not only cause such code to
consume suprising amounts of memory and runtime. It can also create
suprising results. For example, an input like

 -param="might contain a = char"

might result in a cut-off value.

Not so much of a problem in a maintenance script. But still good
practice, I find.

Change-Id: I14fb278e6fdb61d0c486ca7e23229851ea479408

diff --git a/maintenance/Maintenance.php b/maintenance/Maintenance.php
index f3c2e12..b638b42 100644 (file)
--- a/maintenance/Maintenance.php
+++ b/maintenance/Maintenance.php
@@ -1251,7 +1251,7 @@ abstract class Maintenance {
                        $settingsFile = "$IP/LocalSettings.php";
                }
                if ( isset( $this->mOptions['wiki'] ) ) {
-                       $bits = explode( '-', $this->mOptions['wiki'] );
+                       $bits = explode( '-', $this->mOptions['wiki'], 2 );
                        if ( count( $bits ) == 1 ) {
                                $bits[] = '';
                        }

diff --git a/maintenance/includes/BackupDumper.php b/maintenance/includes/BackupDumper.php
index 31fe33f..673ea7f 100644 (file)
--- a/maintenance/includes/BackupDumper.php
+++ b/maintenance/includes/BackupDumper.php
@@ -165,15 +165,12 @@ abstract class BackupDumper extends Maintenance {
 
                        switch ( $opt ) {
                                case 'plugin':
-                                       $val = explode( ':', $param );
+                                       $val = explode( ':', $param, 2 );
 
                                        if ( count( $val ) === 1 ) {
                                                $this->loadPlugin( $val[0], '' );
                                        } elseif ( count( $val ) === 2 ) {
                                                $this->loadPlugin( $val[0], $val[1] );
-                                       } else {
-                                               $this->fatalError( 'Invalid plugin parameter' );
-                                               return;
                                        }
 
                                        break;
@@ -202,7 +199,7 @@ abstract class BackupDumper extends Maintenance {
                                                $sink = new DumpOutput();
                                        }
 
-                                       $split = explode( ':', $param );
+                                       $split = explode( ':', $param, 2 );
                                        $key = $split[0];
 
                                        if ( !isset( $this->filterTypes[$key] ) ) {
@@ -215,8 +212,6 @@ abstract class BackupDumper extends Maintenance {
                                                $filter = new $type( $sink );
                                        } elseif ( count( $split ) === 2 ) {
                                                $filter = new $type( $sink, $split[1] );
-                                       } else {
-                                               $this->fatalError( 'Invalid filter parameter' );
                                        }
 
                                        // references are lame in php...

diff --git a/maintenance/purgeChangedFiles.php b/maintenance/purgeChangedFiles.php
index 7d5d40b..29a36d5 100644 (file)
--- a/maintenance/purgeChangedFiles.php
+++ b/maintenance/purgeChangedFiles.php
@@ -77,7 +77,7 @@ class PurgeChangedFiles extends Maintenance {
                global $wgHTCPRouting;
 
                if ( $this->hasOption( 'htcp-dest' ) ) {
-                       $parts = explode( ':', $this->getOption( 'htcp-dest' ) );
+                       $parts = explode( ':', $this->getOption( 'htcp-dest' ), 2 );
                        if ( count( $parts ) < 2 ) {
                                // Add default htcp port
                                $parts[] = '4827';

diff --git a/maintenance/purgeChangedPages.php b/maintenance/purgeChangedPages.php
index 22020e7..feeac92 100644 (file)
--- a/maintenance/purgeChangedPages.php
+++ b/maintenance/purgeChangedPages.php
@@ -52,7 +52,7 @@ class PurgeChangedPages extends Maintenance {
                global $wgHTCPRouting;
 
                if ( $this->hasOption( 'htcp-dest' ) ) {
-                       $parts = explode( ':', $this->getOption( 'htcp-dest' ) );
+                       $parts = explode( ':', $this->getOption( 'htcp-dest' ), 2 );
                        if ( count( $parts ) < 2 ) {
                                // Add default htcp port
                                $parts[] = '4827';

diff --git a/maintenance/updateRestrictions.php b/maintenance/updateRestrictions.php
index 668ba79..dec0bb6 100644 (file)
--- a/maintenance/updateRestrictions.php
+++ b/maintenance/updateRestrictions.php
@@ -71,7 +71,7 @@ class UpdateRestrictions extends Maintenance {
                        foreach ( $res as $row ) {
                                $oldRestrictions = [];
                                foreach ( explode( ':', trim( $row->page_restrictions ) ) as $restrict ) {
-                                       $temp = explode( '=', trim( $restrict ) );
+                                       $temp = explode( '=', trim( $restrict ), 2 );
                                        // Make sure we are not settings restrictions to ""
                                        if ( count( $temp ) == 1 && $temp[0] ) {
                                                // old old format should be treated as edit/move restriction