MediaWiki r44111 - Code Review

Jump to: navigation, search

Repository:	MediaWiki
Revision:	< r44110‎ \| r44111 (on ViewVC)‎ \| r44112 >
Date:	13:19, 1 December 2008
Author:	werdna
Status:	resolved (Comments)
Tags:
Comment:	Change file handler to use safer PHP files for storage instead of serialized files. This way, people can't read the contents on a default installation.
Modified paths:	/trunk/extensions/Configure/Configure.handler-files.php (modified) (history) (diff)

Diff [purge]

Index: trunk/extensions/Configure/Configure.handler-files.php
===================================================================
--- trunk/extensions/Configure/Configure.handler-files.php	(revision 44110)
+++ trunk/extensions/Configure/Configure.handler-files.php	(revision 44111)
@@ -33,15 +33,11 @@
 			# maybe the first time the user use this extensions, do not override
 			# anything
 			return array();
-		$cont = @file_get_contents( $file );
-		if ( empty( $cont ) )
-			# Weird, should not happen
-			return array();
-		$arr = unserialize( $cont );
-		if ( !is_array( $arr ) )
+		require($file);
+		if ( !is_array( $settings ) )
 			# Weird, should not happen too
 			return array();
-		return $arr;
+		return $settings;
 	}
 
 	/**
@@ -57,15 +53,11 @@
 			# maybe the time the user use this extensions, do not override
 			# anything
 			return array();
-		$cont = @file_get_contents( $file );
-		if ( empty( $cont ) )
-			# Weird, should not happen
-			return array();
-		$arr = unserialize( $cont );
-		if ( !is_array( $arr ) )
+		require($file);
+		if ( !is_array( $settings ) )
 			# Weird, should not happen too
 			return array();
-		return $arr;
+		return $settings;
 	}
 
 	/**
@@ -107,13 +99,13 @@
 			'reason' => $reason
 		);
 		
-		$cont = serialize( $settings );
+		$cont = '<?php $settings = '.var_export( $settings, true ).";";
 		@file_put_contents( $arch, $cont );
 		return ( @file_put_contents( $cur, $cont ) !== false );
 	}
 
 	/**
-	 * List all archived files that are like conf-{$ts}.ser
+	 * List all archived files that are like conf-{$ts}.php
 	 * @return array of timestamps
 	 */
 	public function getArchiveVersions() {
@@ -122,9 +114,9 @@
 		$files = array();
 		
 		while ( ( $file = readdir( $dir ) ) !== false ) {
-			if ( preg_match( '/^conf-(\d{14})\.ser$/', $file, $m ) ) {
+			if ( preg_match( '/^conf-(\d{14})\.php$/', $file, $m ) ) {
 				## Read the data.
-				$settings = unserialize( file_get_contents( $this->mDir."/$file" ) );
+				require( $this->mDir."/$file" );
 				
 				if (isset( $settings['__metadata'] )) {
 					$metadata = $settings['__metadata'];
@@ -168,7 +160,7 @@
 	 * @return String full path to the file
 	 */
 	protected function getFileName() {
-		return "{$this->mDir}conf-now.ser";
+		return "{$this->mDir}conf-now.php";
 	}
 
 	/**
@@ -181,7 +173,7 @@
 		if ( $ts === null )
 			$ts = wfTimestampNow();
 
-		$file = "{$this->mDir}conf-$ts.ser";
+		$file = "{$this->mDir}conf-$ts.php";
 		return $file;
 	}

Follow-up revisions

Rev.	Commit summary	Author	Date
r44140	Fix some E_NOTICE for r44111.	werdna	01:22, 2 December 2008

Comments

#Comment by Werdna (Talk | contribs) 13:25, 1 December 2008

On second thoughts, this could use some back-compat.

#Comment by IAlex (Talk | contribs) 18:52, 1 December 2008

Added maintenance script to update the files in r44124.

Status & tagging log

09:43, 8 December 2008 Werdna (Talk | contribs) changed the status of r44111 [removed: fixme added: resolved]
17:06, 1 December 2008 Aaron Schulz (Talk | contribs) changed the status of r44111 [removed: new added: fixme]

MediaWiki r44111 - Code Review

Diff [purge]

Follow-up revisions

Comments

Status & tagging log

Personal tools

Namespaces

Variants

Views

Actions

Search

Site

Support

Download

Development

Communication

Toolbox