Page MenuHomePhabricator

0001-SECURITY-Check-for-mbstring.func_overload-at-runtime.patch

Authored By
Anomie
Jan 4 2016, 7:16 PM
Size
1 KB
Referenced Files
None
Subscribers
None

0001-SECURITY-Check-for-mbstring.func_overload-at-runtime.patch

From 5e9823b2afd99b33da89f0fcd31ae48922f0cf4e Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Mon, 4 Jan 2016 11:14:28 -0800
Subject: [PATCH] SECURITY: Check for mbstring.func_overload at runtime
The installer already checks for this, let's also catch the case when
someone enables this after installation.
Bug: T122807
Change-Id: Ieddbc932f482d52da1688d472f494074c81124b2
---
includes/WebStart.php | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/includes/WebStart.php b/includes/WebStart.php
index fb6c3e6..ec96483 100644
--- a/includes/WebStart.php
+++ b/includes/WebStart.php
@@ -40,6 +40,10 @@ if ( function_exists( 'get_magic_quotes_gpc' ) && get_magic_quotes_gpc() ) {
. 'for help on how to disable magic quotes.' );
}
+if ( ini_get( 'mbstring.func_overload' ) ) {
+ die( 'MediaWiki does not support installations where mbstring.func_overload is non-zero.' );
+}
+
# bug 15461: Make IE8 turn off content sniffing. Everybody else should ignore this
# We're adding it here so that it's *always* set, even for alternate entry
# points and when $wgOut gets disabled or overridden.
--
2.6.4

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3209815
Default Alt Text
0001-SECURITY-Check-for-mbstring.func_overload-at-runtime.patch (1 KB)

Event Timeline