From 9de6b3acac8432e32e21d05c154e50904f88a393 Mon Sep 17 00:00:00 2001
From: Tyler Young <young@clearpath.org>
Date: Tue, 13 Feb 2018 19:57:22 -0500
Subject: [PATCH 1/3] mitigate CVE-2018-6389 for wp-admin/load-scripts.php

---
 wp-admin/load-scripts.php | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/wp-admin/load-scripts.php b/wp-admin/load-scripts.php
index 8a0ee3c17fb..e93c7eee1a5 100644
--- a/wp-admin/load-scripts.php
+++ b/wp-admin/load-scripts.php
@@ -5,30 +5,35 @@
  *
  * Set this to error_reporting( -1 ) for debugging.
  */
-error_reporting( 0 );
+error_reporting(0);
 
 /** Set ABSPATH for execution */
 if ( ! defined( 'ABSPATH' ) ) {
 	define( 'ABSPATH', dirname( dirname( __FILE__ ) ) . '/' );
 }
 
-define( 'WPINC', 'wp-includes' );
-
 $load = $_GET['load'];
-if ( is_array( $load ) ) {
+if ( is_array( $load ) )
 	$load = implode( '', $load );
-}
 
 $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
 $load = array_unique( explode( ',', $load ) );
 
-if ( empty( $load ) ) {
+if ( empty($load) )
 	exit;
+
+function get_file($path) {
+
+	if ( function_exists('realpath') )
+		$path = realpath($path);
+
+	if ( ! $path || ! @is_file($path) )
+		return false;
+
+	return @file_get_contents($path);
 }
 
-require( ABSPATH . 'wp-admin/includes/noop.php' );
-require( ABSPATH . WPINC . '/script-loader.php' );
-require( ABSPATH . WPINC . '/version.php' );
+require( ABSPATH . 'wp-admin/admin.php' );
 
 $compress       = ( isset( $_GET['c'] ) && $_GET['c'] );
 $force_gzip     = ( $compress && 'gzip' == $_GET['c'] );

From 24f0d521eaf9572e61dfac750eeca88af0a1dd46 Mon Sep 17 00:00:00 2001
From: Tyler Young <young@clearpath.org>
Date: Tue, 13 Feb 2018 20:00:01 -0500
Subject: [PATCH 2/3] mitigate CVE-2018-6389 for wp-admin/load-styles.php

---
 wp-admin/load-styles.php | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/wp-admin/load-styles.php b/wp-admin/load-styles.php
index 82dacef60a6..caebad90bec 100644
--- a/wp-admin/load-styles.php
+++ b/wp-admin/load-styles.php
@@ -5,19 +5,13 @@
  *
  * Set this to error_reporting( -1 ) for debugging
  */
-error_reporting( 0 );
+error_reporting(0);
 
 /** Set ABSPATH for execution */
 if ( ! defined( 'ABSPATH' ) ) {
 	define( 'ABSPATH', dirname( dirname( __FILE__ ) ) . '/' );
 }
 
-define( 'WPINC', 'wp-includes' );
-
-require( ABSPATH . 'wp-admin/includes/noop.php' );
-require( ABSPATH . WPINC . '/script-loader.php' );
-require( ABSPATH . WPINC . '/version.php' );
-
 $load = $_GET['load'];
 if ( is_array( $load ) ) {
 	$load = implode( '', $load );
@@ -25,10 +19,22 @@
 $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
 $load = array_unique( explode( ',', $load ) );
 
-if ( empty( $load ) ) {
+if ( empty($load) )
 	exit;
+
+function get_file($path) {
+
+	if ( function_exists('realpath') )
+		$path = realpath($path);
+
+	if ( ! $path || ! @is_file($path) )
+		return false;
+
+	return @file_get_contents($path);
 }
 
+require( ABSPATH . 'wp-admin/admin.php' );
+
 $compress       = ( isset( $_GET['c'] ) && $_GET['c'] );
 $force_gzip     = ( $compress && 'gzip' == $_GET['c'] );
 $rtl            = ( isset( $_GET['dir'] ) && 'rtl' == $_GET['dir'] );

From 22f90ec750c2c6e1ff36f54ef40d99b3a662b31c Mon Sep 17 00:00:00 2001
From: Tyler Young <young@clearpath.org>
Date: Tue, 13 Feb 2018 20:02:50 -0500
Subject: [PATCH 3/3] Delete noop.php

---
 wp-admin/includes/noop.php | 114 ---------------------------------------------
 1 file changed, 114 deletions(-)
 delete mode 100644 wp-admin/includes/noop.php

diff --git a/wp-admin/includes/noop.php b/wp-admin/includes/noop.php
deleted file mode 100644
index 134bef7efec..00000000000
--- a/wp-admin/includes/noop.php
+++ /dev/null
@@ -1,114 +0,0 @@
-<?php
-/**
- * Noop functions for load-scripts.php and load-styles.php.
- *
- * @package WordPress
- * @subpackage Administration
- * @since 4.4.0
- */
-
-/**
- * @ignore
- */
-function __() {}
-
-/**
- * @ignore
- */
-function _x() {}
-
-/**
- * @ignore
- */
-function add_filter() {}
-
-/**
- * @ignore
- */
-function esc_attr() {}
-
-/**
- * @ignore
- */
-function apply_filters() {}
-
-/**
- * @ignore
- */
-function get_option() {}
-
-/**
- * @ignore
- */
-function is_lighttpd_before_150() {}
-
-/**
- * @ignore
- */
-function add_action() {}
-
-/**
- * @ignore
- */
-function did_action() {}
-
-/**
- * @ignore
- */
-function do_action_ref_array() {}
-
-/**
- * @ignore
- */
-function get_bloginfo() {}
-
-/**
- * @ignore
- */
-function is_admin() {
-	return true;}
-
-/**
- * @ignore
- */
-function site_url() {}
-
-/**
- * @ignore
- */
-function admin_url() {}
-
-/**
- * @ignore
- */
-function home_url() {}
-
-/**
- * @ignore
- */
-function includes_url() {}
-
-/**
- * @ignore
- */
-function wp_guess_url() {}
-
-if ( ! function_exists( 'json_encode' ) ) :
-	/**
-	 * @ignore
-	 */
-	function json_encode() {}
-endif;
-
-function get_file( $path ) {
-
-	if ( function_exists( 'realpath' ) ) {
-		$path = realpath( $path );
-	}
-
-	if ( ! $path || ! @is_file( $path ) ) {
-		return '';
-	}
-
-	return @file_get_contents( $path );
-}