summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsolotandem2016-07-12 16:56:08 (GMT)
committersolotandem2016-07-12 16:56:08 (GMT)
commite1853f50aff0b0365798cc9c5290eb30b1d4a865 (patch)
tree29ab292291fa30178a1267d6bc9e83545b45c905
parent10046789c2c8e5ee88705a28af4e60f49a90858c (diff)
Prevent unauthenticated remote code execution.7.x-1.37.x-1.x
Only allow command line invocation of the 'coder_upgrade.run.php' script by the 'exec' call within the submit handler of coder_upgrade.
-rw-r--r--coder_upgrade/scripts/coder_upgrade.run.php15
1 files changed, 15 insertions, 0 deletions
diff --git a/coder_upgrade/scripts/coder_upgrade.run.php b/coder_upgrade/scripts/coder_upgrade.run.php
index d78b6b7..b469ef2 100644
--- a/coder_upgrade/scripts/coder_upgrade.run.php
+++ b/coder_upgrade/scripts/coder_upgrade.run.php
@@ -51,6 +51,12 @@
* Copyright 2009-11 by Jim Berry ("solotandem", http://drupal.org/user/240748)
*/
+if (!script_is_cli()) {
+ // Without proper web server configuration, this script can be invoked from a
+ // browser and is vulnerable to misuse.
+ return;
+}
+
// Save memory usage for printing later (when code is loaded).
$usage = array();
save_memory_usage('start', $usage);
@@ -210,3 +216,12 @@ function error_handler($code, $message, $file, $line) {
}
throw new ErrorException($message, 0, $code, $file, $line);
}
+
+/**
+ * Returns boolean indicating whether script is being run from the command line.
+ *
+ * @see drupal_is_cli()
+ */
+function script_is_cli() {
+ return (!isset($_SERVER['SERVER_SOFTWARE']) && (php_sapi_name() == 'cli' || (is_numeric($_SERVER['argc']) && $_SERVER['argc'] > 0)));
+}