Make WordPress Core

Ticket #43308: wordpress-mitigate-cve-2018-6389.patch

File wordpress-mitigate-cve-2018-6389.patch, 5.0 KB (added by youngcp, 7 years ago)

Patch

  • wp-admin/load-scripts.php

    From 9de6b3acac8432e32e21d05c154e50904f88a393 Mon Sep 17 00:00:00 2001
    From: Tyler Young <young@clearpath.org>
    Date: Tue, 13 Feb 2018 19:57:22 -0500
    Subject: [PATCH 1/3] mitigate CVE-2018-6389 for wp-admin/load-scripts.php
    
    ---
     wp-admin/load-scripts.php | 23 ++++++++++++++---------
     1 file changed, 14 insertions(+), 9 deletions(-)
    
    diff --git a/wp-admin/load-scripts.php b/wp-admin/load-scripts.php
    index 8a0ee3c17fb..e93c7eee1a5 100644
    a b  
    55 *
    66 * Set this to error_reporting( -1 ) for debugging.
    77 */
    8 error_reporting( 0 );
     8error_reporting(0);
    99
    1010/** Set ABSPATH for execution */
    1111if ( ! defined( 'ABSPATH' ) ) {
    1212        define( 'ABSPATH', dirname( dirname( __FILE__ ) ) . '/' );
    1313}
    1414
    15 define( 'WPINC', 'wp-includes' );
    16 
    1715$load = $_GET['load'];
    18 if ( is_array( $load ) ) {
     16if ( is_array( $load ) )
    1917        $load = implode( '', $load );
    20 }
    2118
    2219$load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
    2320$load = array_unique( explode( ',', $load ) );
    2421
    25 if ( empty( $load ) ) {
     22if ( empty($load) )
    2623        exit;
     24
     25function get_file($path) {
     26
     27        if ( function_exists('realpath') )
     28                $path = realpath($path);
     29
     30        if ( ! $path || ! @is_file($path) )
     31                return false;
     32
     33        return @file_get_contents($path);
    2734}
    2835
    29 require( ABSPATH . 'wp-admin/includes/noop.php' );
    30 require( ABSPATH . WPINC . '/script-loader.php' );
    31 require( ABSPATH . WPINC . '/version.php' );
     36require( ABSPATH . 'wp-admin/admin.php' );
    3237
    3338$compress       = ( isset( $_GET['c'] ) && $_GET['c'] );
    3439$force_gzip     = ( $compress && 'gzip' == $_GET['c'] );
  • wp-admin/load-styles.php

    From 24f0d521eaf9572e61dfac750eeca88af0a1dd46 Mon Sep 17 00:00:00 2001
    From: Tyler Young <young@clearpath.org>
    Date: Tue, 13 Feb 2018 20:00:01 -0500
    Subject: [PATCH 2/3] mitigate CVE-2018-6389 for wp-admin/load-styles.php
    
    ---
     wp-admin/load-styles.php | 22 ++++++++++++++--------
     1 file changed, 14 insertions(+), 8 deletions(-)
    
    diff --git a/wp-admin/load-styles.php b/wp-admin/load-styles.php
    index 82dacef60a6..caebad90bec 100644
    a b  
    55 *
    66 * Set this to error_reporting( -1 ) for debugging
    77 */
    8 error_reporting( 0 );
     8error_reporting(0);
    99
    1010/** Set ABSPATH for execution */
    1111if ( ! defined( 'ABSPATH' ) ) {
    1212        define( 'ABSPATH', dirname( dirname( __FILE__ ) ) . '/' );
    1313}
    1414
    15 define( 'WPINC', 'wp-includes' );
    16 
    17 require( ABSPATH . 'wp-admin/includes/noop.php' );
    18 require( ABSPATH . WPINC . '/script-loader.php' );
    19 require( ABSPATH . WPINC . '/version.php' );
    20 
    2115$load = $_GET['load'];
    2216if ( is_array( $load ) ) {
    2317        $load = implode( '', $load );
     
    2519$load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
    2620$load = array_unique( explode( ',', $load ) );
    2721
    28 if ( empty( $load ) ) {
     22if ( empty($load) )
    2923        exit;
     24
     25function get_file($path) {
     26
     27        if ( function_exists('realpath') )
     28                $path = realpath($path);
     29
     30        if ( ! $path || ! @is_file($path) )
     31                return false;
     32
     33        return @file_get_contents($path);
    3034}
    3135
     36require( ABSPATH . 'wp-admin/admin.php' );
     37
    3238$compress       = ( isset( $_GET['c'] ) && $_GET['c'] );
    3339$force_gzip     = ( $compress && 'gzip' == $_GET['c'] );
    3440$rtl            = ( isset( $_GET['dir'] ) && 'rtl' == $_GET['dir'] );
  • deleted file wp-admin/includes/noop.php

    From 22f90ec750c2c6e1ff36f54ef40d99b3a662b31c Mon Sep 17 00:00:00 2001
    From: Tyler Young <young@clearpath.org>
    Date: Tue, 13 Feb 2018 20:02:50 -0500
    Subject: [PATCH 3/3] Delete noop.php
    
    ---
     wp-admin/includes/noop.php | 114 ---------------------------------------------
     1 file changed, 114 deletions(-)
     delete mode 100644 wp-admin/includes/noop.php
    
    diff --git a/wp-admin/includes/noop.php b/wp-admin/includes/noop.php
    deleted file mode 100644
    index 134bef7efec..00000000000
    + -  
    1 <?php
    2 /**
    3  * Noop functions for load-scripts.php and load-styles.php.
    4  *
    5  * @package WordPress
    6  * @subpackage Administration
    7  * @since 4.4.0
    8  */
    9 
    10 /**
    11  * @ignore
    12  */
    13 function __() {}
    14 
    15 /**
    16  * @ignore
    17  */
    18 function _x() {}
    19 
    20 /**
    21  * @ignore
    22  */
    23 function add_filter() {}
    24 
    25 /**
    26  * @ignore
    27  */
    28 function esc_attr() {}
    29 
    30 /**
    31  * @ignore
    32  */
    33 function apply_filters() {}
    34 
    35 /**
    36  * @ignore
    37  */
    38 function get_option() {}
    39 
    40 /**
    41  * @ignore
    42  */
    43 function is_lighttpd_before_150() {}
    44 
    45 /**
    46  * @ignore
    47  */
    48 function add_action() {}
    49 
    50 /**
    51  * @ignore
    52  */
    53 function did_action() {}
    54 
    55 /**
    56  * @ignore
    57  */
    58 function do_action_ref_array() {}
    59 
    60 /**
    61  * @ignore
    62  */
    63 function get_bloginfo() {}
    64 
    65 /**
    66  * @ignore
    67  */
    68 function is_admin() {
    69         return true;}
    70 
    71 /**
    72  * @ignore
    73  */
    74 function site_url() {}
    75 
    76 /**
    77  * @ignore
    78  */
    79 function admin_url() {}
    80 
    81 /**
    82  * @ignore
    83  */
    84 function home_url() {}
    85 
    86 /**
    87  * @ignore
    88  */
    89 function includes_url() {}
    90 
    91 /**
    92  * @ignore
    93  */
    94 function wp_guess_url() {}
    95 
    96 if ( ! function_exists( 'json_encode' ) ) :
    97         /**
    98          * @ignore
    99          */
    100         function json_encode() {}
    101 endif;
    102 
    103 function get_file( $path ) {
    104 
    105         if ( function_exists( 'realpath' ) ) {
    106                 $path = realpath( $path );
    107         }
    108 
    109         if ( ! $path || ! @is_file( $path ) ) {
    110                 return '';
    111         }
    112 
    113         return @file_get_contents( $path );
    114 }