[Pkg-mediawiki-devel] Bug#499885: mediawiki-extensions: $dir variable name conflict in /etc/mediawiki-extensions/extensions.php

Anon Sricharoenchai anon.hui at gmail.com
Tue Sep 23 10:22:33 UTC 2008 

Package: mediawiki-extensions
Version: 1.3
Severity: important
Severity: minor

*** Please type your report below this line ***

According to /etc/mediawiki-extensions/extensions.php:

$dir = "/etc/mediawiki-extensions/extensions-enabled";

// Including all enabled extensions.
if ( is_dir( $dir )
   &&
     $dh = opendir( $dir ) ) {
        while ( ( $file = readdir( $dh ) ) !== false ) {
            if ( preg_match( "/.php$/",$file ) && is_readable($dir .
DIRECTORY_SEPARATOR . $file) ) {
                include_once( $dir . DIRECTORY_SEPARATOR . $file );
            }
        }
        closedir( $dh );
     }

1. /etc/mediawiki-extensions/extensions.php use the variable $dir which
   will conflict with CategoryTree.php
2. In /etc/mediawiki-extensions/extensions.php, $dir is assigned with
   value "/etc/mediawiki-extensions/extensions-enabled".
3. When some extensions, NewestPages.php, CategoryTree.php, for example,
   has been included, it will assign $dir with value
   "/usr/share/mediawiki-extensions"
4. The subsequence call of is_readable($dir . DIRECTORY_SEPARATOR . $file)
   in /etc/mediawiki-extensions/extensions.php will be logically incorrect.
   Fortunately, the files in "/etc/mediawiki-extensions/extensions-enabled"
   will usually be the symlink to the files of the same name in
   "/usr/share/mediawiki-extensions".  So,
      * "/etc/mediawiki-extensions/extensions-enabled/file1.php" and
      * "/usr/share/mediawiki-extensions/file1.php"
   is usually the same file.
5. Althouth this bug does not expose in this package, however, it is
   logically incorrect.  Instead of using $dir,
   /etc/mediawiki-extensions/extensions.php should use other varialble
   name that is unlikely to conflict with any variables in the included
   extension.


-- System Information:
Debian Release: testing/unstable
  APT prefers warty-updates
  APT policy: (800, 'warty-updates'), (800, 'warty-security'), (800,
'warty-backports'), (800, 'warty'), (700, 'hoary-updates'), (700,
'hoary-security'), (700, 'hoary-backports'), (700, 'hoary'), (600,
'breezy-updates'), (600, 'breezy-security'), (600,
'breezy-backports'), (600, 'breezy'), (599, 'dapper-updates'), (599,
'dapper-security'), (599, 'dapper-backports'), (599, 'dapper'), (500,
'gutsy-backports'), (500, 'feisty-backports'), (500, 'edgy-backports')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-52-386
Locale: LANG=C, LC_CTYPE=thai (charmap=TIS-620)

More information about the Pkg-mediawiki-devel mailing list