[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)
jenkins-bot has submitted this change and it was merged.
Change subject: Escape all shell arguments & sanitize filenames
..
Escape all shell arguments & sanitize filenames
Code for the filename sanitization was stolen
from the HTMLets extension.
Cherry pick of: https://gerrit.wikimedia.org/r/#/c/192373/
and https://gerrit.wikimedia.org/r/#/c/237260/
Change-Id: I0418666d6fe4002843647c2103fcd1c1307e5777
(cherry picked from commit 7323ac79327d76f44c8c2455b7a894cd9a3b3bad)
---
M Git2Pages.php
M GitRepository.php
2 files changed, 17 insertions(+), 9 deletions(-)
Approvals:
Addshore: Looks good to me, approved
jenkins-bot: Verified
diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
'path' => __FILE__,
'name' => 'Git2Pages',
'descriptionmsg' => 'git2pages-desc',
-'version' => '1.1.0',
+'version' => '1.1.1',
'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
);
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..8e3d189 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
$sparseCheckoutFile = '.git/info/sparse-checkout';
if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR
. $sparseCheckoutFile ) ) {
if( strpos( $file, $checkoutItem ) === false ) {
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'echo ' . wfEscapeShellArg(
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
} else {
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
wfShellExec( 'git read-tree -mu HEAD' );
chdir( $oldDir );
@@ -64,11 +64,11 @@
chdir( $gitFolder );
$sparseCheckoutFile = '.git/info/sparse-checkout';
wfShellExec( 'git init' );
- wfShellExec( 'git remote add -f origin ' . $url );
+ wfShellExec( 'git remote add -f origin ' .
wfEscapeShellArg( $url ) );
wfShellExec( 'git config core.sparsecheckout true' );
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
- wfShellExec( 'git pull ' . $url . ' ' . $branch );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
+ wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . '
' . wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Sparse checkout subdirectory'
);
chdir( $oldDir );
} else {
@@ -84,7 +84,7 @@
* @param string $gitFolder is the Git repository in which the branch
will be checked in
*/
function GitCheckoutBranch( $branch, $gitFolder ) {
- wfShellExec( 'git --git-dir=' . $gitFolder . '/.git
--work-tree=' . $gitFolder . ' checkout ' . $branch );
+ wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder )
. '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' .
wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Changed to branch ' . $branch );
}
@@ -95,7 +95,15 @@
* @param array $options contains user inputs
*/
function FindAndReadFile( $filename, $gitFolder, $startLine = 1,
$endLine = -1 ) {
+ # Remove file separators (dots) and slashes to prevent
directory traversal attack
+ $filename = preg_replace( '@[/!]|^\.+?&#@', '', $filename );
$filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
+
+ # Throw an exception if $gitFolder doesn't look like a folder
+ if ( strcmp( $gitFolder, realpath( $gitFolder ) ) !== 0 ) {
+ throw new Exception( 'The parameter "$gitFolder" does
not seem to be a folder.' );
+ }
+
if( $fileArray = file( $filePath ) ) {
if( $endLine == -1 ) {
$lineBlock = array_slice( $fileArray,
$startLine - 1 );
--
[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)
jenkins-bot has submitted this change and it was merged.
Change subject: Escape all shell arguments & sanitize filenames
..
Escape all shell arguments & sanitize filenames
Code for the filename sanitization was stolen
from the HTMLets extension.
Cherry pick of: https://gerrit.wikimedia.org/r/#/c/192373/
and https://gerrit.wikimedia.org/r/#/c/237260/
Change-Id: I0418666d6fe4002843647c2103fcd1c1307e5777
(cherry picked from commit 7323ac79327d76f44c8c2455b7a894cd9a3b3bad)
---
M Git2Pages.php
M GitRepository.php
2 files changed, 17 insertions(+), 9 deletions(-)
Approvals:
Addshore: Looks good to me, approved
jenkins-bot: Verified
diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
'path' => __FILE__,
'name' => 'Git2Pages',
'descriptionmsg' => 'git2pages-desc',
-'version' => '1.1.0',
+'version' => '1.1.1',
'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
);
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..8e3d189 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
$sparseCheckoutFile = '.git/info/sparse-checkout';
if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR
. $sparseCheckoutFile ) ) {
if( strpos( $file, $checkoutItem ) === false ) {
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'echo ' . wfEscapeShellArg(
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
} else {
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
wfShellExec( 'git read-tree -mu HEAD' );
chdir( $oldDir );
@@ -64,11 +64,11 @@
chdir( $gitFolder );
$sparseCheckoutFile = '.git/info/sparse-checkout';
wfShellExec( 'git init' );
- wfShellExec( 'git remote add -f origin ' . $url );
+ wfShellExec( 'git remote add -f origin ' .
wfEscapeShellArg( $url ) );
wfShellExec( 'git config core.sparsecheckout true' );
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
- wfShellExec( 'git pull ' . $url . ' ' . $branch );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
+ wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . '
' . wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Sparse checkout subdirectory'
);
chdir( $oldDir );
} else {
@@ -84,7 +84,7 @@
* @param string $gitFolder is the Git repository in which the branch
will be checked in
*/
function GitCheckoutBranch( $branch, $gitFolder ) {
- wfShellExec( 'git --git-dir=' . $gitFolder . '/.git
--work-tree=' . $gitFolder . ' checkout ' . $branch );
+ wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder )
. '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' .
wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Changed to branch ' . $branch );
}
@@ -95,7 +95,15 @@
* @param array $options contains user inputs
*/
function FindAndReadFile( $filename, $gitFolder, $startLine = 1,
$endLine = -1 ) {
+ # Remove file separators (dots) and slashes to prevent
directory traversal attack
+ $filename = preg_replace( '@[/!]|^\.+?&#@', '', $filename );
$filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
+
+ # Throw an exception if $gitFolder doesn't look like a folder
+ if ( strcmp( $gitFolder, realpath( $gitFolder ) ) !== 0 ) {
+ throw new Exception( 'The parameter "$gitFolder" does
not seem to be a folder.' );
+ }
+
if( $fileArray = file( $filePath ) ) {
if( $endLine == -1 ) {
$lineBlock = array_slice( $fileArray,
$startLine - 1 );
--
[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)
Southparkfan has uploaded a new change for review.
https://gerrit.wikimedia.org/r/237407
Change subject: Escape all shell arguments & sanitize filenames
..
Escape all shell arguments & sanitize filenames
Code for the filename sanitization was stolen
from the HTMLets extension.
Cherry pick of: https://gerrit.wikimedia.org/r/#/c/192373/
and https://gerrit.wikimedia.org/r/#/c/237260/
Change-Id: I0418666d6fe4002843647c2103fcd1c1307e5777
(cherry picked from commit 7323ac79327d76f44c8c2455b7a894cd9a3b3bad)
---
M Git2Pages.php
M GitRepository.php
2 files changed, 17 insertions(+), 9 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Git2Pages
refs/changes/07/237407/1
diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
'path' => __FILE__,
'name' => 'Git2Pages',
'descriptionmsg' => 'git2pages-desc',
-'version' => '1.1.0',
+'version' => '1.1.1',
'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
);
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..8e3d189 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
$sparseCheckoutFile = '.git/info/sparse-checkout';
if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR
. $sparseCheckoutFile ) ) {
if( strpos( $file, $checkoutItem ) === false ) {
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'echo ' . wfEscapeShellArg(
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
} else {
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
wfShellExec( 'git read-tree -mu HEAD' );
chdir( $oldDir );
@@ -64,11 +64,11 @@
chdir( $gitFolder );
$sparseCheckoutFile = '.git/info/sparse-checkout';
wfShellExec( 'git init' );
- wfShellExec( 'git remote add -f origin ' . $url );
+ wfShellExec( 'git remote add -f origin ' .
wfEscapeShellArg( $url ) );
wfShellExec( 'git config core.sparsecheckout true' );
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
- wfShellExec( 'git pull ' . $url . ' ' . $branch );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
+ wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . '
' . wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Sparse checkout subdirectory'
);
chdir( $oldDir );
} else {
@@ -84,7 +84,7 @@
* @param string $gitFolder is the Git repository in which the branch
will be checked in
*/
function GitCheckoutBranch( $branch, $gitFolder ) {
- wfShellExec( 'git --git-dir=' . $gitFolder . '/.git
--work-tree=' . $gitFolder . ' checkout ' . $branch );
+ wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder )
. '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' .
wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Changed to branch ' . $branch );
}
@@ -95,7 +95,15 @@
* @param array $options contains user inputs
*/
function FindAndReadFile( $filename, $gitFolder, $startLine = 1,
$endLine = -1 ) {
+ # Remove file separators (dots) and slashes to prevent
directory traversal attack
+ $filename = preg_replace( '@[/!]|^\.+?&#@', '', $filename );
$filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
+
+ # Throw an exception if $gitFolder doesn't look like a folder
+ if ( strcmp( $gitFolder, realpath( $gitFolder ) ) !== 0 ) {
+ throw new Exception( 'The parameter "$gitFolder" does
not seem to be a folder.' );
+ }
+
if( $fileArray = file( $filePath ) ) {
if( $endLine == -1 ) {
$l
[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)
Southparkfan has uploaded a new change for review.
https://gerrit.wikimedia.org/r/237404
Change subject: Escape all shell arguments & sanitize filenames
..
Escape all shell arguments & sanitize filenames
Code for the filename sanitization was stolen from the HTMLets extension.
Cherry pick of: https://gerrit.wikimedia.org/r/#/c/192373/ and
https://gerrit.wikimedia.org/r/#/c/237260/
Change-Id: I0418666d6fe4002843647c2103fcd1c1307e5777
---
M Git2Pages.php
M GitRepository.php
2 files changed, 17 insertions(+), 9 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Git2Pages
refs/changes/04/237404/1
diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
'path' => __FILE__,
'name' => 'Git2Pages',
'descriptionmsg' => 'git2pages-desc',
-'version' => '1.1.0',
+'version' => '1.1.1',
'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
);
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..8e3d189 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
$sparseCheckoutFile = '.git/info/sparse-checkout';
if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR
. $sparseCheckoutFile ) ) {
if( strpos( $file, $checkoutItem ) === false ) {
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'echo ' . wfEscapeShellArg(
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
} else {
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
wfShellExec( 'git read-tree -mu HEAD' );
chdir( $oldDir );
@@ -64,11 +64,11 @@
chdir( $gitFolder );
$sparseCheckoutFile = '.git/info/sparse-checkout';
wfShellExec( 'git init' );
- wfShellExec( 'git remote add -f origin ' . $url );
+ wfShellExec( 'git remote add -f origin ' .
wfEscapeShellArg( $url ) );
wfShellExec( 'git config core.sparsecheckout true' );
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
- wfShellExec( 'git pull ' . $url . ' ' . $branch );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
+ wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . '
' . wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Sparse checkout subdirectory'
);
chdir( $oldDir );
} else {
@@ -84,7 +84,7 @@
* @param string $gitFolder is the Git repository in which the branch
will be checked in
*/
function GitCheckoutBranch( $branch, $gitFolder ) {
- wfShellExec( 'git --git-dir=' . $gitFolder . '/.git
--work-tree=' . $gitFolder . ' checkout ' . $branch );
+ wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder )
. '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' .
wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Changed to branch ' . $branch );
}
@@ -95,7 +95,15 @@
* @param array $options contains user inputs
*/
function FindAndReadFile( $filename, $gitFolder, $startLine = 1,
$endLine = -1 ) {
+ # Remove file separators (dots) and slashes to prevent
directory traversal attack
+ $filename = preg_replace( '@[/!]|^\.+?&#@', '', $filename );
$filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
+
+ # Throw an exception if $gitFolder doesn't look like a folder
+ if ( strcmp( $gitFolder, realpath( $gitFolder ) ) !== 0 ) {
+ throw new Exception( 'The parameter "$gitFolder" does
not seem to be a folder.' );
+ }
+
if( $fileArray = file( $filePath ) ) {
if( $endLine == -1 ) {
$lineBlock = array_slice( $fileArray,
$startLine - 1 );
--
To view,
[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)
Southparkfan has uploaded a new change for review.
https://gerrit.wikimedia.org/r/237406
Change subject: Escape all shell arguments & sanitize filenames
..
Escape all shell arguments & sanitize filenames
Code for the filename sanitization was stolen
from the HTMLets extension.
Cherry pick of: https://gerrit.wikimedia.org/r/#/c/192373/
and https://gerrit.wikimedia.org/r/#/c/237260/
Change-Id: I0418666d6fe4002843647c2103fcd1c1307e5777
(cherry picked from commit 7323ac79327d76f44c8c2455b7a894cd9a3b3bad)
---
M Git2Pages.php
M GitRepository.php
2 files changed, 17 insertions(+), 9 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Git2Pages
refs/changes/06/237406/1
diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
'path' => __FILE__,
'name' => 'Git2Pages',
'descriptionmsg' => 'git2pages-desc',
-'version' => '1.1.0',
+'version' => '1.1.1',
'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
);
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..8e3d189 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
$sparseCheckoutFile = '.git/info/sparse-checkout';
if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR
. $sparseCheckoutFile ) ) {
if( strpos( $file, $checkoutItem ) === false ) {
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'echo ' . wfEscapeShellArg(
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
} else {
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
wfShellExec( 'git read-tree -mu HEAD' );
chdir( $oldDir );
@@ -64,11 +64,11 @@
chdir( $gitFolder );
$sparseCheckoutFile = '.git/info/sparse-checkout';
wfShellExec( 'git init' );
- wfShellExec( 'git remote add -f origin ' . $url );
+ wfShellExec( 'git remote add -f origin ' .
wfEscapeShellArg( $url ) );
wfShellExec( 'git config core.sparsecheckout true' );
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
- wfShellExec( 'git pull ' . $url . ' ' . $branch );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
+ wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . '
' . wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Sparse checkout subdirectory'
);
chdir( $oldDir );
} else {
@@ -84,7 +84,7 @@
* @param string $gitFolder is the Git repository in which the branch
will be checked in
*/
function GitCheckoutBranch( $branch, $gitFolder ) {
- wfShellExec( 'git --git-dir=' . $gitFolder . '/.git
--work-tree=' . $gitFolder . ' checkout ' . $branch );
+ wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder )
. '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' .
wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Changed to branch ' . $branch );
}
@@ -95,7 +95,15 @@
* @param array $options contains user inputs
*/
function FindAndReadFile( $filename, $gitFolder, $startLine = 1,
$endLine = -1 ) {
+ # Remove file separators (dots) and slashes to prevent
directory traversal attack
+ $filename = preg_replace( '@[/!]|^\.+?&#@', '', $filename );
$filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
+
+ # Throw an exception if $gitFolder doesn't look like a folder
+ if ( strcmp( $gitFolder, realpath( $gitFolder ) ) !== 0 ) {
+ throw new Exception( 'The parameter "$gitFolder" does
not seem to be a folder.' );
+ }
+
if( $fileArray = file( $filePath ) ) {
if( $endLine == -1 ) {
$l
[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)
jenkins-bot has submitted this change and it was merged.
Change subject: Escape all shell arguments & sanitize filenames
..
Escape all shell arguments & sanitize filenames
Code for the filename sanitization was stolen
from the HTMLets extension.
Cherry pick of: https://gerrit.wikimedia.org/r/#/c/192373/
and https://gerrit.wikimedia.org/r/#/c/237260/
Change-Id: I0418666d6fe4002843647c2103fcd1c1307e5777
---
M Git2Pages.php
M GitRepository.php
2 files changed, 17 insertions(+), 9 deletions(-)
Approvals:
Addshore: Looks good to me, approved
jenkins-bot: Verified
diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
'path' => __FILE__,
'name' => 'Git2Pages',
'descriptionmsg' => 'git2pages-desc',
-'version' => '1.1.0',
+'version' => '1.1.1',
'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
);
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..8e3d189 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
$sparseCheckoutFile = '.git/info/sparse-checkout';
if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR
. $sparseCheckoutFile ) ) {
if( strpos( $file, $checkoutItem ) === false ) {
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'echo ' . wfEscapeShellArg(
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
} else {
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
wfShellExec( 'git read-tree -mu HEAD' );
chdir( $oldDir );
@@ -64,11 +64,11 @@
chdir( $gitFolder );
$sparseCheckoutFile = '.git/info/sparse-checkout';
wfShellExec( 'git init' );
- wfShellExec( 'git remote add -f origin ' . $url );
+ wfShellExec( 'git remote add -f origin ' .
wfEscapeShellArg( $url ) );
wfShellExec( 'git config core.sparsecheckout true' );
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
- wfShellExec( 'git pull ' . $url . ' ' . $branch );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
+ wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . '
' . wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Sparse checkout subdirectory'
);
chdir( $oldDir );
} else {
@@ -84,7 +84,7 @@
* @param string $gitFolder is the Git repository in which the branch
will be checked in
*/
function GitCheckoutBranch( $branch, $gitFolder ) {
- wfShellExec( 'git --git-dir=' . $gitFolder . '/.git
--work-tree=' . $gitFolder . ' checkout ' . $branch );
+ wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder )
. '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' .
wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Changed to branch ' . $branch );
}
@@ -95,7 +95,15 @@
* @param array $options contains user inputs
*/
function FindAndReadFile( $filename, $gitFolder, $startLine = 1,
$endLine = -1 ) {
+ # Remove file separators (dots) and slashes to prevent
directory traversal attack
+ $filename = preg_replace( '@[/!]|^\.+?&#@', '', $filename );
$filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
+
+ # Throw an exception if $gitFolder doesn't look like a folder
+ if ( strcmp( $gitFolder, realpath( $gitFolder ) ) !== 0 ) {
+ throw new Exception( 'The parameter "$gitFolder" does
not seem to be a folder.' );
+ }
+
if( $fileArray = file( $filePath ) ) {
if( $endLine == -1 ) {
$lineBlock = array_slice( $fileArray,
$startLine - 1 );
--
To view, visit https://gerrit.wikimedia.org/r/237404
To unsubscribe,
[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)
Southparkfan has uploaded a new change for review.
https://gerrit.wikimedia.org/r/237399
Change subject: Escape all shell arguments & sanitize filenames
..
Escape all shell arguments & sanitize filenames
Code for the filename sanitization was stolen from the HTMLets extension.
Cherry pick of: https://gerrit.wikimedia.org/r/#/c/192373/ and
https://gerrit.wikimedia.org/r/#/c/237260/
Change-Id: Icfe340d5718f115179ef75c3a87104c0fb7b9664
---
M Git2Pages.php
M GitRepository.php
2 files changed, 17 insertions(+), 9 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Git2Pages
refs/changes/99/237399/1
diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
'path' => __FILE__,
'name' => 'Git2Pages',
'descriptionmsg' => 'git2pages-desc',
-'version' => '1.1.0',
+'version' => '1.1.1',
'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
);
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..8e3d189 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
$sparseCheckoutFile = '.git/info/sparse-checkout';
if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR
. $sparseCheckoutFile ) ) {
if( strpos( $file, $checkoutItem ) === false ) {
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'echo ' . wfEscapeShellArg(
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
} else {
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
wfShellExec( 'git read-tree -mu HEAD' );
chdir( $oldDir );
@@ -64,11 +64,11 @@
chdir( $gitFolder );
$sparseCheckoutFile = '.git/info/sparse-checkout';
wfShellExec( 'git init' );
- wfShellExec( 'git remote add -f origin ' . $url );
+ wfShellExec( 'git remote add -f origin ' .
wfEscapeShellArg( $url ) );
wfShellExec( 'git config core.sparsecheckout true' );
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
- wfShellExec( 'git pull ' . $url . ' ' . $branch );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
+ wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . '
' . wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Sparse checkout subdirectory'
);
chdir( $oldDir );
} else {
@@ -84,7 +84,7 @@
* @param string $gitFolder is the Git repository in which the branch
will be checked in
*/
function GitCheckoutBranch( $branch, $gitFolder ) {
- wfShellExec( 'git --git-dir=' . $gitFolder . '/.git
--work-tree=' . $gitFolder . ' checkout ' . $branch );
+ wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder )
. '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' .
wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Changed to branch ' . $branch );
}
@@ -95,7 +95,15 @@
* @param array $options contains user inputs
*/
function FindAndReadFile( $filename, $gitFolder, $startLine = 1,
$endLine = -1 ) {
+ # Remove file separators (dots) and slashes to prevent
directory traversal attack
+ $filename = preg_replace( '@[/!]|^\.+?&#@', '', $filename );
$filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
+
+ # Throw an exception if $gitFolder doesn't look like a folder
+ if ( strcmp( $gitFolder, realpath( $gitFolder ) ) !== 0 ) {
+ throw new Exception( 'The parameter "$gitFolder" does
not seem to be a folder.' );
+ }
+
if( $fileArray = file( $filePath ) ) {
if( $endLine == -1 ) {
$lineBlock = array_slice( $fileArray,
$startLine - 1 );
--
To view,
[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)
Southparkfan has uploaded a new change for review.
https://gerrit.wikimedia.org/r/237250
Change subject: Escape all shell arguments & sanitize filenames
..
Escape all shell arguments & sanitize filenames
Code for the filename sanitization was stolen from the HTMLets extension.
Change-Id: I0195fb2266bf2bda5e80bd10d9a2862e226515a8
(cherry picked from commit a327c57ea0c0ada66c0d1b2124ac52351f5be361)
---
M Git2Pages.php
M GitRepository.php
2 files changed, 17 insertions(+), 9 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Git2Pages
refs/changes/50/237250/1
diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
'path' => __FILE__,
'name' => 'Git2Pages',
'descriptionmsg' => 'git2pages-desc',
-'version' => '1.1.0',
+'version' => '1.1.1',
'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
);
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..eb58b1d 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
$sparseCheckoutFile = '.git/info/sparse-checkout';
if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR
. $sparseCheckoutFile ) ) {
if( strpos( $file, $checkoutItem ) === false ) {
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'echo ' . wfEscapeShellArg(
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
} else {
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
wfShellExec( 'git read-tree -mu HEAD' );
chdir( $oldDir );
@@ -64,11 +64,11 @@
chdir( $gitFolder );
$sparseCheckoutFile = '.git/info/sparse-checkout';
wfShellExec( 'git init' );
- wfShellExec( 'git remote add -f origin ' . $url );
+ wfShellExec( 'git remote add -f origin ' .
wfEscapeShellArg( $url ) );
wfShellExec( 'git config core.sparsecheckout true' );
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
- wfShellExec( 'git pull ' . $url . ' ' . $branch );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( sparseCheckoutFile ) );
+ wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . '
' . wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Sparse checkout subdirectory'
);
chdir( $oldDir );
} else {
@@ -84,7 +84,7 @@
* @param string $gitFolder is the Git repository in which the branch
will be checked in
*/
function GitCheckoutBranch( $branch, $gitFolder ) {
- wfShellExec( 'git --git-dir=' . $gitFolder . '/.git
--work-tree=' . $gitFolder . ' checkout ' . $branch );
+ wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder )
. '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' .
wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Changed to branch ' . $branch );
}
@@ -95,7 +95,15 @@
* @param array $options contains user inputs
*/
function FindAndReadFile( $filename, $gitFolder, $startLine = 1,
$endLine = -1 ) {
+ # Remove file separators (dots) and slashes to prevent
directory traversal attack
+ $filename = preg_replace( '@[/!]|^\.+?&#@', '', $filename );
$filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
+
+ # Throw an exception if $gitFolder doesn't look like a folder
+ if ( strcmp( $gitFolder, realpath( $filePath ) ) !== 0 ) {
+ throw new Exception( 'The parameter "$gitFolder" does
not seem to be a folder.' );
+ }
+
if( $fileArray = file( $filePath ) ) {
if( $endLine == -1 ) {
$lineBlock = array_slice( $fileArray,
$startLine - 1 );
--
To view, visit https://gerrit.wikimedia.org/r/237
[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)
Southparkfan has uploaded a new change for review.
https://gerrit.wikimedia.org/r/237253
Change subject: Escape all shell arguments & sanitize filenames
..
Escape all shell arguments & sanitize filenames
Code for the filename sanitization was stolen from the HTMLets extension.
Change-Id: I0195fb2266bf2bda5e80bd10d9a2862e226515a8
(cherry picked from commit a327c57ea0c0ada66c0d1b2124ac52351f5be361)
---
M Git2Pages.php
M GitRepository.php
2 files changed, 17 insertions(+), 9 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Git2Pages
refs/changes/53/237253/1
diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
'path' => __FILE__,
'name' => 'Git2Pages',
'descriptionmsg' => 'git2pages-desc',
-'version' => '1.1.0',
+'version' => '1.1.1',
'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
);
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..eb58b1d 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
$sparseCheckoutFile = '.git/info/sparse-checkout';
if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR
. $sparseCheckoutFile ) ) {
if( strpos( $file, $checkoutItem ) === false ) {
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'echo ' . wfEscapeShellArg(
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
} else {
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
wfShellExec( 'git read-tree -mu HEAD' );
chdir( $oldDir );
@@ -64,11 +64,11 @@
chdir( $gitFolder );
$sparseCheckoutFile = '.git/info/sparse-checkout';
wfShellExec( 'git init' );
- wfShellExec( 'git remote add -f origin ' . $url );
+ wfShellExec( 'git remote add -f origin ' .
wfEscapeShellArg( $url ) );
wfShellExec( 'git config core.sparsecheckout true' );
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
- wfShellExec( 'git pull ' . $url . ' ' . $branch );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( sparseCheckoutFile ) );
+ wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . '
' . wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Sparse checkout subdirectory'
);
chdir( $oldDir );
} else {
@@ -84,7 +84,7 @@
* @param string $gitFolder is the Git repository in which the branch
will be checked in
*/
function GitCheckoutBranch( $branch, $gitFolder ) {
- wfShellExec( 'git --git-dir=' . $gitFolder . '/.git
--work-tree=' . $gitFolder . ' checkout ' . $branch );
+ wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder )
. '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' .
wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Changed to branch ' . $branch );
}
@@ -95,7 +95,15 @@
* @param array $options contains user inputs
*/
function FindAndReadFile( $filename, $gitFolder, $startLine = 1,
$endLine = -1 ) {
+ # Remove file separators (dots) and slashes to prevent
directory traversal attack
+ $filename = preg_replace( '@[/!]|^\.+?&#@', '', $filename );
$filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
+
+ # Throw an exception if $gitFolder doesn't look like a folder
+ if ( strcmp( $gitFolder, realpath( $filePath ) ) !== 0 ) {
+ throw new Exception( 'The parameter "$gitFolder" does
not seem to be a folder.' );
+ }
+
if( $fileArray = file( $filePath ) ) {
if( $endLine == -1 ) {
$lineBlock = array_slice( $fileArray,
$startLine - 1 );
--
To view, visit https://gerrit.wikimedia.org/r/237
[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)
Southparkfan has uploaded a new change for review.
https://gerrit.wikimedia.org/r/237252
Change subject: Escape all shell arguments & sanitize filenames
..
Escape all shell arguments & sanitize filenames
Code for the filename sanitization was stolen from the HTMLets extension.
Change-Id: I0195fb2266bf2bda5e80bd10d9a2862e226515a8
(cherry picked from commit a327c57ea0c0ada66c0d1b2124ac52351f5be361)
---
M Git2Pages.php
M GitRepository.php
2 files changed, 17 insertions(+), 9 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Git2Pages
refs/changes/52/237252/1
diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
'path' => __FILE__,
'name' => 'Git2Pages',
'descriptionmsg' => 'git2pages-desc',
-'version' => '1.1.0',
+'version' => '1.1.1',
'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
);
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..eb58b1d 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
$sparseCheckoutFile = '.git/info/sparse-checkout';
if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR
. $sparseCheckoutFile ) ) {
if( strpos( $file, $checkoutItem ) === false ) {
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'echo ' . wfEscapeShellArg(
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
} else {
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
wfShellExec( 'git read-tree -mu HEAD' );
chdir( $oldDir );
@@ -64,11 +64,11 @@
chdir( $gitFolder );
$sparseCheckoutFile = '.git/info/sparse-checkout';
wfShellExec( 'git init' );
- wfShellExec( 'git remote add -f origin ' . $url );
+ wfShellExec( 'git remote add -f origin ' .
wfEscapeShellArg( $url ) );
wfShellExec( 'git config core.sparsecheckout true' );
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
- wfShellExec( 'git pull ' . $url . ' ' . $branch );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( sparseCheckoutFile ) );
+ wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . '
' . wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Sparse checkout subdirectory'
);
chdir( $oldDir );
} else {
@@ -84,7 +84,7 @@
* @param string $gitFolder is the Git repository in which the branch
will be checked in
*/
function GitCheckoutBranch( $branch, $gitFolder ) {
- wfShellExec( 'git --git-dir=' . $gitFolder . '/.git
--work-tree=' . $gitFolder . ' checkout ' . $branch );
+ wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder )
. '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' .
wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Changed to branch ' . $branch );
}
@@ -95,7 +95,15 @@
* @param array $options contains user inputs
*/
function FindAndReadFile( $filename, $gitFolder, $startLine = 1,
$endLine = -1 ) {
+ # Remove file separators (dots) and slashes to prevent
directory traversal attack
+ $filename = preg_replace( '@[/!]|^\.+?&#@', '', $filename );
$filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
+
+ # Throw an exception if $gitFolder doesn't look like a folder
+ if ( strcmp( $gitFolder, realpath( $filePath ) ) !== 0 ) {
+ throw new Exception( 'The parameter "$gitFolder" does
not seem to be a folder.' );
+ }
+
if( $fileArray = file( $filePath ) ) {
if( $endLine == -1 ) {
$lineBlock = array_slice( $fileArray,
$startLine - 1 );
--
To view, visit https://gerrit.wikimedia.org/r/237
[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)
jenkins-bot has submitted this change and it was merged.
Change subject: Escape all shell arguments & sanitize filenames
..
Escape all shell arguments & sanitize filenames
Code for the filename sanitization was stolen from the HTMLets extension.
Change-Id: I0195fb2266bf2bda5e80bd10d9a2862e226515a8
---
M Git2Pages.php
M GitRepository.php
2 files changed, 17 insertions(+), 9 deletions(-)
Approvals:
Addshore: Looks good to me, approved
jenkins-bot: Verified
diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
'path' => __FILE__,
'name' => 'Git2Pages',
'descriptionmsg' => 'git2pages-desc',
-'version' => '1.1.0',
+'version' => '1.1.1',
'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
);
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..eb58b1d 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
$sparseCheckoutFile = '.git/info/sparse-checkout';
if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR
. $sparseCheckoutFile ) ) {
if( strpos( $file, $checkoutItem ) === false ) {
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'echo ' . wfEscapeShellArg(
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
} else {
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
wfShellExec( 'git read-tree -mu HEAD' );
chdir( $oldDir );
@@ -64,11 +64,11 @@
chdir( $gitFolder );
$sparseCheckoutFile = '.git/info/sparse-checkout';
wfShellExec( 'git init' );
- wfShellExec( 'git remote add -f origin ' . $url );
+ wfShellExec( 'git remote add -f origin ' .
wfEscapeShellArg( $url ) );
wfShellExec( 'git config core.sparsecheckout true' );
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
- wfShellExec( 'git pull ' . $url . ' ' . $branch );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( sparseCheckoutFile ) );
+ wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . '
' . wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Sparse checkout subdirectory'
);
chdir( $oldDir );
} else {
@@ -84,7 +84,7 @@
* @param string $gitFolder is the Git repository in which the branch
will be checked in
*/
function GitCheckoutBranch( $branch, $gitFolder ) {
- wfShellExec( 'git --git-dir=' . $gitFolder . '/.git
--work-tree=' . $gitFolder . ' checkout ' . $branch );
+ wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder )
. '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' .
wfEscapeShellArg( $branch ) );
wfDebug( 'GitRepository: Changed to branch ' . $branch );
}
@@ -95,7 +95,15 @@
* @param array $options contains user inputs
*/
function FindAndReadFile( $filename, $gitFolder, $startLine = 1,
$endLine = -1 ) {
+ # Remove file separators (dots) and slashes to prevent
directory traversal attack
+ $filename = preg_replace( '@[/!]|^\.+?&#@', '', $filename );
$filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
+
+ # Throw an exception if $gitFolder doesn't look like a folder
+ if ( strcmp( $gitFolder, realpath( $filePath ) ) !== 0 ) {
+ throw new Exception( 'The parameter "$gitFolder" does
not seem to be a folder.' );
+ }
+
if( $fileArray = file( $filePath ) ) {
if( $endLine == -1 ) {
$lineBlock = array_slice( $fileArray,
$startLine - 1 );
--
To view, visit https://gerrit.wikimedia.org/r/192373
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I0195fb2266bf2bda
[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)
Southparkfan has uploaded a new change for review.
https://gerrit.wikimedia.org/r/192373
Change subject: Escape all shell arguments & sanitize filenames
..
Escape all shell arguments & sanitize filenames
Code for the filename sanitization was stolen from the HTMLets extension.
Change-Id: I0195fb2266bf2bda5e80bd10d9a2862e226515a8
---
M Git2Pages.php
M GitRepository.php
2 files changed, 7 insertions(+), 4 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Git2Pages
refs/changes/73/192373/1
diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
'path' => __FILE__,
'name' => 'Git2Pages',
'descriptionmsg' => 'git2pages-desc',
-'version' => '1.1.0',
+'version' => '1.1.1',
'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
);
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..766cc7a 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
$sparseCheckoutFile = '.git/info/sparse-checkout';
if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR
. $sparseCheckoutFile ) ) {
if( strpos( $file, $checkoutItem ) === false ) {
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'echo ' . wfEscapeShellArg(
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
} else {
- wfShellExec( 'touch ' . $sparseCheckoutFile );
- wfShellExec( 'echo ' . $checkoutItem . ' >> ' .
$sparseCheckoutFile );
+ wfShellExec( 'touch ' . wfEscapeShellArg(
$sparseCheckoutFile ) );
+ wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
}
wfShellExec( 'git read-tree -mu HEAD' );
chdir( $oldDir );
@@ -95,6 +95,9 @@
* @param array $options contains user inputs
*/
function FindAndReadFile( $filename, $gitFolder, $startLine = 1,
$endLine = -1 ) {
+ # Remove file separators (dots) and slashes
+ $filename = preg_replace( '@[/!]|^\.+?&#@', '', $filename );
+
$filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
if( $fileArray = file( $filePath ) ) {
if( $endLine == -1 ) {
--
To view, visit https://gerrit.wikimedia.org/r/192373
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0195fb2266bf2bda5e80bd10d9a2862e226515a8
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Git2Pages
Gerrit-Branch: master
Gerrit-Owner: Southparkfan
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
