summaryrefslogtreecommitdiff
path: root/includes/libs
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2015-12-18 06:04:58 +0100
committerPierre Schmitz <pierre@archlinux.de>2015-12-18 06:04:58 +0100
commit257401d8b2cf661adf36c84b0e3fd1cf85e33c22 (patch)
treef8c25e7fa0c2ba18f27c52415c19cb579a316178 /includes/libs
parenta1789ddde42033f1b05cc4929491214ee6e79383 (diff)
Update to MediaWiki 1.26.1
Diffstat (limited to 'includes/libs')
-rw-r--r--includes/libs/MultiHttpClient.php13
-rw-r--r--includes/libs/objectcache/APCBagOStuff.php54
2 files changed, 65 insertions, 2 deletions
diff --git a/includes/libs/MultiHttpClient.php b/includes/libs/MultiHttpClient.php
index 6af3ed51..5555cbcb 100644
--- a/includes/libs/MultiHttpClient.php
+++ b/includes/libs/MultiHttpClient.php
@@ -335,6 +335,19 @@ class MultiHttpClient {
);
} elseif ( $req['method'] === 'POST' ) {
curl_setopt( $ch, CURLOPT_POST, 1 );
+ // Don't interpret POST parameters starting with '@' as file uploads, because this
+ // makes it impossible to POST plain values starting with '@' (and causes security
+ // issues potentially exposing the contents of local files).
+ // The PHP manual says this option was introduced in PHP 5.5 defaults to true in PHP 5.6,
+ // but we support lower versions, and the option doesn't exist in HHVM 5.6.99.
+ if ( defined( 'CURLOPT_SAFE_UPLOAD' ) ) {
+ curl_setopt( $ch, CURLOPT_SAFE_UPLOAD, true );
+ } else if ( is_array( $req['body'] ) ) {
+ // In PHP 5.2 and later, '@' is interpreted as a file upload if POSTFIELDS
+ // is an array, but not if it's a string. So convert $req['body'] to a string
+ // for safety.
+ $req['body'] = wfArrayToCgi( $req['body'] );
+ }
curl_setopt( $ch, CURLOPT_POSTFIELDS, $req['body'] );
} else {
if ( is_resource( $req['body'] ) || $req['body'] !== '' ) {
diff --git a/includes/libs/objectcache/APCBagOStuff.php b/includes/libs/objectcache/APCBagOStuff.php
index 0dbbaba9..35e05e80 100644
--- a/includes/libs/objectcache/APCBagOStuff.php
+++ b/includes/libs/objectcache/APCBagOStuff.php
@@ -27,22 +27,72 @@
* @ingroup Cache
*/
class APCBagOStuff extends BagOStuff {
+
+ /**
+ * @var bool If true, trust the APC implementation to serialize and
+ * deserialize objects correctly. If false, (de-)serialize in PHP.
+ */
+ protected $nativeSerialize;
+
/**
* @var string String to append to each APC key. This may be changed
* whenever the handling of values is changed, to prevent existing code
* from encountering older values which it cannot handle.
- **/
- const KEY_SUFFIX = ':1';
+ */
+ const KEY_SUFFIX = ':2';
+
+ /**
+ * Constructor
+ *
+ * Available parameters are:
+ * - nativeSerialize: If true, pass objects to apc_store(), and trust it
+ * to serialize them correctly. If false, serialize
+ * all values in PHP.
+ *
+ * @param array $params
+ */
+ public function __construct( array $params = array() ) {
+ parent::__construct( $params );
+
+ if ( isset( $params['nativeSerialize'] ) ) {
+ $this->nativeSerialize = $params['nativeSerialize'];
+ } elseif ( extension_loaded( 'apcu' ) && ini_get( 'apc.serializer' ) === 'default' ) {
+ // APCu has a memory corruption bug when the serializer is set to 'default'.
+ // See T120267, and upstream bug reports:
+ // - https://github.com/krakjoe/apcu/issues/38
+ // - https://github.com/krakjoe/apcu/issues/35
+ // - https://github.com/krakjoe/apcu/issues/111
+ $this->logger->warning(
+ 'The APCu extension is loaded and the apc.serializer INI setting ' .
+ 'is set to "default". This can cause memory corruption! ' .
+ 'You should change apc.serializer to "php" instead. ' .
+ 'See <https://github.com/krakjoe/apcu/issues/38>.'
+ );
+ $this->nativeSerialize = false;
+ } else {
+ $this->nativeSerialize = true;
+ }
+ }
public function get( $key, &$casToken = null, $flags = 0 ) {
$val = apc_fetch( $key . self::KEY_SUFFIX );
$casToken = $val;
+ if ( is_string( $val ) && !$this->nativeSerialize ) {
+ $val = $this->isInteger( $val )
+ ? intval( $val )
+ : unserialize( $val );
+ }
+
return $val;
}
public function set( $key, $value, $exptime = 0 ) {
+ if ( !$this->nativeSerialize && !$this->isInteger( $value ) ) {
+ $value = serialize( $value );
+ }
+
apc_store( $key . self::KEY_SUFFIX, $value, $exptime );
return true;