dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d42c2f4)
Security paranoia, reject requests to router.php that aren't from the cli-server...
authorDaniel Friesen <dantman@users.mediawiki.org>
Tue, 20 Mar 2012 22:58:34 +0000 (22:58 +0000)
committerDaniel Friesen <dantman@users.mediawiki.org>
Tue, 20 Mar 2012 22:58:34 +0000 (22:58 +0000)
maintenance/dev/includes/router.php patch | blob | history

diff --git a/maintenance/dev/includes/router.php b/maintenance/dev/includes/router.php
index 9067ba8..95bb1fa 100644 (file)
--- a/maintenance/dev/includes/router.php
+++ b/maintenance/dev/includes/router.php
@@ -3,6 +3,10 @@
 # Router for the php cli-server built-in webserver
 # http://ca2.php.net/manual/en/features.commandline.webserver.php
 
+if ( php_sapi_name() != 'cli-server' ) {
+       die( "This script can only be run by php's cli-server sapi." );
+}
+
 ini_set('display_errors', 1);
 error_reporting(E_ALL);
 
Wiklou, le Wiki du Wiklou