Package: mediawiki-extensions Version: 1.3 Severity: important Severity: minor
*** Please type your report below this line *** According to /etc/mediawiki-extensions/extensions.php: $dir = "/etc/mediawiki-extensions/extensions-enabled"; // Including all enabled extensions. if ( is_dir( $dir ) && $dh = opendir( $dir ) ) { while ( ( $file = readdir( $dh ) ) !== false ) { if ( preg_match( "/.php$/",$file ) && is_readable($dir . DIRECTORY_SEPARATOR . $file) ) { include_once( $dir . DIRECTORY_SEPARATOR . $file ); } } closedir( $dh ); } 1. /etc/mediawiki-extensions/extensions.php use the variable $dir which will conflict with CategoryTree.php 2. In /etc/mediawiki-extensions/extensions.php, $dir is assigned with value "/etc/mediawiki-extensions/extensions-enabled". 3. When some extensions, NewestPages.php, CategoryTree.php, for example, has been included, it will assign $dir with value "/usr/share/mediawiki-extensions" 4. The subsequence call of is_readable($dir . DIRECTORY_SEPARATOR . $file) in /etc/mediawiki-extensions/extensions.php will be logically incorrect. Fortunately, the files in "/etc/mediawiki-extensions/extensions-enabled" will usually be the symlink to the files of the same name in "/usr/share/mediawiki-extensions". So, * "/etc/mediawiki-extensions/extensions-enabled/file1.php" and * "/usr/share/mediawiki-extensions/file1.php" is usually the same file. 5. Althouth this bug does not expose in this package, however, it is logically incorrect. Instead of using $dir, /etc/mediawiki-extensions/extensions.php should use other varialble name that is unlikely to conflict with any variables in the included extension. -- System Information: Debian Release: testing/unstable APT prefers warty-updates APT policy: (800, 'warty-updates'), (800, 'warty-security'), (800, 'warty-backports'), (800, 'warty'), (700, 'hoary-updates'), (700, 'hoary-security'), (700, 'hoary-backports'), (700, 'hoary'), (600, 'breezy-updates'), (600, 'breezy-security'), (600, 'breezy-backports'), (600, 'breezy'), (599, 'dapper-updates'), (599, 'dapper-security'), (599, 'dapper-backports'), (599, 'dapper'), (500, 'gutsy-backports'), (500, 'feisty-backports'), (500, 'edgy-backports') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-52-386 Locale: LANG=C, LC_CTYPE=thai (charmap=TIS-620) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]