From 9de6b3acac8432e32e21d05c154e50904f88a393 Mon Sep 17 00:00:00 2001
From: Tyler Young <young@clearpath.org>
Date: Tue, 13 Feb 2018 19:57:22 -0500
Subject: [PATCH 1/3] mitigate CVE-2018-6389 for wp-admin/load-scripts.php
---
wp-admin/load-scripts.php | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/wp-admin/load-scripts.php b/wp-admin/load-scripts.php
index 8a0ee3c17fb..e93c7eee1a5 100644
a
|
b
|
|
5 | 5 | * |
6 | 6 | * Set this to error_reporting( -1 ) for debugging. |
7 | 7 | */ |
8 | | error_reporting( 0 ); |
| 8 | error_reporting(0); |
9 | 9 | |
10 | 10 | /** Set ABSPATH for execution */ |
11 | 11 | if ( ! defined( 'ABSPATH' ) ) { |
12 | 12 | define( 'ABSPATH', dirname( dirname( __FILE__ ) ) . '/' ); |
13 | 13 | } |
14 | 14 | |
15 | | define( 'WPINC', 'wp-includes' ); |
16 | | |
17 | 15 | $load = $_GET['load']; |
18 | | if ( is_array( $load ) ) { |
| 16 | if ( is_array( $load ) ) |
19 | 17 | $load = implode( '', $load ); |
20 | | } |
21 | 18 | |
22 | 19 | $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load ); |
23 | 20 | $load = array_unique( explode( ',', $load ) ); |
24 | 21 | |
25 | | if ( empty( $load ) ) { |
| 22 | if ( empty($load) ) |
26 | 23 | exit; |
| 24 | |
| 25 | function get_file($path) { |
| 26 | |
| 27 | if ( function_exists('realpath') ) |
| 28 | $path = realpath($path); |
| 29 | |
| 30 | if ( ! $path || ! @is_file($path) ) |
| 31 | return false; |
| 32 | |
| 33 | return @file_get_contents($path); |
27 | 34 | } |
28 | 35 | |
29 | | require( ABSPATH . 'wp-admin/includes/noop.php' ); |
30 | | require( ABSPATH . WPINC . '/script-loader.php' ); |
31 | | require( ABSPATH . WPINC . '/version.php' ); |
| 36 | require( ABSPATH . 'wp-admin/admin.php' ); |
32 | 37 | |
33 | 38 | $compress = ( isset( $_GET['c'] ) && $_GET['c'] ); |
34 | 39 | $force_gzip = ( $compress && 'gzip' == $_GET['c'] ); |
From 24f0d521eaf9572e61dfac750eeca88af0a1dd46 Mon Sep 17 00:00:00 2001
From: Tyler Young <young@clearpath.org>
Date: Tue, 13 Feb 2018 20:00:01 -0500
Subject: [PATCH 2/3] mitigate CVE-2018-6389 for wp-admin/load-styles.php
---
wp-admin/load-styles.php | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/wp-admin/load-styles.php b/wp-admin/load-styles.php
index 82dacef60a6..caebad90bec 100644
a
|
b
|
|
5 | 5 | * |
6 | 6 | * Set this to error_reporting( -1 ) for debugging |
7 | 7 | */ |
8 | | error_reporting( 0 ); |
| 8 | error_reporting(0); |
9 | 9 | |
10 | 10 | /** Set ABSPATH for execution */ |
11 | 11 | if ( ! defined( 'ABSPATH' ) ) { |
12 | 12 | define( 'ABSPATH', dirname( dirname( __FILE__ ) ) . '/' ); |
13 | 13 | } |
14 | 14 | |
15 | | define( 'WPINC', 'wp-includes' ); |
16 | | |
17 | | require( ABSPATH . 'wp-admin/includes/noop.php' ); |
18 | | require( ABSPATH . WPINC . '/script-loader.php' ); |
19 | | require( ABSPATH . WPINC . '/version.php' ); |
20 | | |
21 | 15 | $load = $_GET['load']; |
22 | 16 | if ( is_array( $load ) ) { |
23 | 17 | $load = implode( '', $load ); |
… |
… |
|
25 | 19 | $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load ); |
26 | 20 | $load = array_unique( explode( ',', $load ) ); |
27 | 21 | |
28 | | if ( empty( $load ) ) { |
| 22 | if ( empty($load) ) |
29 | 23 | exit; |
| 24 | |
| 25 | function get_file($path) { |
| 26 | |
| 27 | if ( function_exists('realpath') ) |
| 28 | $path = realpath($path); |
| 29 | |
| 30 | if ( ! $path || ! @is_file($path) ) |
| 31 | return false; |
| 32 | |
| 33 | return @file_get_contents($path); |
30 | 34 | } |
31 | 35 | |
| 36 | require( ABSPATH . 'wp-admin/admin.php' ); |
| 37 | |
32 | 38 | $compress = ( isset( $_GET['c'] ) && $_GET['c'] ); |
33 | 39 | $force_gzip = ( $compress && 'gzip' == $_GET['c'] ); |
34 | 40 | $rtl = ( isset( $_GET['dir'] ) && 'rtl' == $_GET['dir'] ); |
From 22f90ec750c2c6e1ff36f54ef40d99b3a662b31c Mon Sep 17 00:00:00 2001
From: Tyler Young <young@clearpath.org>
Date: Tue, 13 Feb 2018 20:02:50 -0500
Subject: [PATCH 3/3] Delete noop.php
---
wp-admin/includes/noop.php | 114 ---------------------------------------------
1 file changed, 114 deletions(-)
delete mode 100644 wp-admin/includes/noop.php
diff --git a/wp-admin/includes/noop.php b/wp-admin/includes/noop.php
deleted file mode 100644
index 134bef7efec..00000000000
+
|
-
|
|
1 | | <?php |
2 | | /** |
3 | | * Noop functions for load-scripts.php and load-styles.php. |
4 | | * |
5 | | * @package WordPress |
6 | | * @subpackage Administration |
7 | | * @since 4.4.0 |
8 | | */ |
9 | | |
10 | | /** |
11 | | * @ignore |
12 | | */ |
13 | | function __() {} |
14 | | |
15 | | /** |
16 | | * @ignore |
17 | | */ |
18 | | function _x() {} |
19 | | |
20 | | /** |
21 | | * @ignore |
22 | | */ |
23 | | function add_filter() {} |
24 | | |
25 | | /** |
26 | | * @ignore |
27 | | */ |
28 | | function esc_attr() {} |
29 | | |
30 | | /** |
31 | | * @ignore |
32 | | */ |
33 | | function apply_filters() {} |
34 | | |
35 | | /** |
36 | | * @ignore |
37 | | */ |
38 | | function get_option() {} |
39 | | |
40 | | /** |
41 | | * @ignore |
42 | | */ |
43 | | function is_lighttpd_before_150() {} |
44 | | |
45 | | /** |
46 | | * @ignore |
47 | | */ |
48 | | function add_action() {} |
49 | | |
50 | | /** |
51 | | * @ignore |
52 | | */ |
53 | | function did_action() {} |
54 | | |
55 | | /** |
56 | | * @ignore |
57 | | */ |
58 | | function do_action_ref_array() {} |
59 | | |
60 | | /** |
61 | | * @ignore |
62 | | */ |
63 | | function get_bloginfo() {} |
64 | | |
65 | | /** |
66 | | * @ignore |
67 | | */ |
68 | | function is_admin() { |
69 | | return true;} |
70 | | |
71 | | /** |
72 | | * @ignore |
73 | | */ |
74 | | function site_url() {} |
75 | | |
76 | | /** |
77 | | * @ignore |
78 | | */ |
79 | | function admin_url() {} |
80 | | |
81 | | /** |
82 | | * @ignore |
83 | | */ |
84 | | function home_url() {} |
85 | | |
86 | | /** |
87 | | * @ignore |
88 | | */ |
89 | | function includes_url() {} |
90 | | |
91 | | /** |
92 | | * @ignore |
93 | | */ |
94 | | function wp_guess_url() {} |
95 | | |
96 | | if ( ! function_exists( 'json_encode' ) ) : |
97 | | /** |
98 | | * @ignore |
99 | | */ |
100 | | function json_encode() {} |
101 | | endif; |
102 | | |
103 | | function get_file( $path ) { |
104 | | |
105 | | if ( function_exists( 'realpath' ) ) { |
106 | | $path = realpath( $path ); |
107 | | } |
108 | | |
109 | | if ( ! $path || ! @is_file( $path ) ) { |
110 | | return ''; |
111 | | } |
112 | | |
113 | | return @file_get_contents( $path ); |
114 | | } |