Page MenuHomePhabricator
Files F3201767

0001-SECURITY-Check-for-mbstring.func_overload-at-runtime.patch
No One
Actions

Authored By
Anomie
Jan 4 2016, 7:16 PM
Size
1 KB
Referenced Files
None
Subscribers
None

0001-SECURITY-Check-for-mbstring.func_overload-at-runtime.patch
View Options

From 5e9823b2afd99b33da89f0fcd31ae48922f0cf4e Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Mon, 4 Jan 2016 11:14:28 -0800
Subject: [PATCH] SECURITY: Check for mbstring.func_overload at runtime
The installer already checks for this, let's also catch the case when
someone enables this after installation.
Bug: T122807
Change-Id: Ieddbc932f482d52da1688d472f494074c81124b2
---
includes/WebStart.php | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/includes/WebStart.php b/includes/WebStart.php
index fb6c3e6..ec96483 100644
--- a/includes/WebStart.php
+++ b/includes/WebStart.php
@@ -40,6 +40,10 @@ if ( function_exists( 'get_magic_quotes_gpc' ) && get_magic_quotes_gpc() ) {
. 'for help on how to disable magic quotes.' );
}
+if ( ini_get( 'mbstring.func_overload' ) ) {
+ die( 'MediaWiki does not support installations where mbstring.func_overload is non-zero.' );
+}
+
# bug 15461: Make IE8 turn off content sniffing. Everybody else should ignore this
# We're adding it here so that it's *always* set, even for alternate entry
# points and when $wgOut gets disabled or overridden.
--
2.6.4

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3209815
Default Alt Text
0001-SECURITY-Check-for-mbstring.func_overload-at-runtime.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL