Defensive use of dynamic paths in maintenance script

Bug: T242134 Change-Id: I64fc136d3d19268008062dc8a2c655c8551244ea
2024-11-23 16:06:53 +00:00 · 2020-02-18 19:41:05 -06:00 · 2020-02-18 19:41:05 -06:00 · d543e7a4f9
parent 017245cb50
commit d543e7a4f9
1 changed files with 33 additions and 4 deletions
--- a/maintenance/manageForeignResources.php
+++ b/maintenance/manageForeignResources.php
@ -1,10 +1,32 @@
 <?php

-$IP = getenv( 'MW_INSTALL_PATH' );
-if ( $IP === false ) {
-	$IP = __DIR__ . '/../../..';
+namespace MediaWiki\Extension\DiscussionTools\Maintenance;
+
+use ForeignResourceManager;
+use Maintenance;
+
+// Security: Disable all stream wrappers and reenable individually as needed
+foreach ( stream_get_wrappers() as $wrapper ) {
+	stream_wrapper_unregister( $wrapper );
 }
-require_once "$IP/maintenance/Maintenance.php";
+// Needed by the Guzzle library for some reason
+stream_wrapper_restore( 'php' );
+// Needed by ForeignResourceManager to unpack TAR files
+stream_wrapper_restore( 'phar' );
+
+stream_wrapper_restore( 'file' );
+$basePath = getenv( 'MW_INSTALL_PATH' );
+if ( $basePath ) {
+	if ( !is_dir( $basePath )
+		|| strpos( $basePath, '.' ) !== false
+		|| strpos( $basePath, '~' ) !== false
+	) {
+		die( "Bad MediaWiki install path: $basePath\n" );
+	}
+} else {
+	$basePath = __DIR__ . '/../../..';
+}
+require_once "$basePath/maintenance/Maintenance.php";

 class ManageForeignResources extends Maintenance {

@ -23,4 +45,11 @@ class ManageForeignResources extends Maintenance {
 }

 $maintClass = ManageForeignResources::class;
+
+$doMaintenancePath = RUN_MAINTENANCE_IF_MAIN;
+if ( !( file_exists( $doMaintenancePath ) &&
+	realpath( $doMaintenancePath ) === realpath( "$basePath/maintenance/doMaintenance.php" ) ) ) {
+	die( "Bad maintenance script location: $basePath\n" );
+}
+
 require_once RUN_MAINTENANCE_IF_MAIN;