From 9de6b3acac8432e32e21d05c154e50904f88a393 Mon Sep 17 00:00:00 2001 From: Tyler Young Date: Tue, 13 Feb 2018 19:57:22 -0500 Subject: [PATCH 1/3] mitigate CVE-2018-6389 for wp-admin/load-scripts.php --- wp-admin/load-scripts.php | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/wp-admin/load-scripts.php b/wp-admin/load-scripts.php index 8a0ee3c17fb3..e93c7eee1a5a 100644 --- a/wp-admin/load-scripts.php +++ b/wp-admin/load-scripts.php @@ -5,30 +5,35 @@ * * Set this to error_reporting( -1 ) for debugging. */ -error_reporting( 0 ); +error_reporting(0); /** Set ABSPATH for execution */ if ( ! defined( 'ABSPATH' ) ) { define( 'ABSPATH', dirname( dirname( __FILE__ ) ) . '/' ); } -define( 'WPINC', 'wp-includes' ); - $load = $_GET['load']; -if ( is_array( $load ) ) { +if ( is_array( $load ) ) $load = implode( '', $load ); -} $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load ); $load = array_unique( explode( ',', $load ) ); -if ( empty( $load ) ) { +if ( empty($load) ) exit; + +function get_file($path) { + + if ( function_exists('realpath') ) + $path = realpath($path); + + if ( ! $path || ! @is_file($path) ) + return false; + + return @file_get_contents($path); } -require( ABSPATH . 'wp-admin/includes/noop.php' ); -require( ABSPATH . WPINC . '/script-loader.php' ); -require( ABSPATH . WPINC . '/version.php' ); +require( ABSPATH . 'wp-admin/admin.php' ); $compress = ( isset( $_GET['c'] ) && $_GET['c'] ); $force_gzip = ( $compress && 'gzip' == $_GET['c'] ); From 24f0d521eaf9572e61dfac750eeca88af0a1dd46 Mon Sep 17 00:00:00 2001 From: Tyler Young Date: Tue, 13 Feb 2018 20:00:01 -0500 Subject: [PATCH 2/3] mitigate CVE-2018-6389 for wp-admin/load-styles.php --- wp-admin/load-styles.php | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/wp-admin/load-styles.php b/wp-admin/load-styles.php index 82dacef60a61..caebad90becf 100644 --- a/wp-admin/load-styles.php +++ b/wp-admin/load-styles.php @@ -5,19 +5,13 @@ * * Set this to error_reporting( -1 ) for debugging */ -error_reporting( 0 ); +error_reporting(0); /** Set ABSPATH for execution */ if ( ! defined( 'ABSPATH' ) ) { define( 'ABSPATH', dirname( dirname( __FILE__ ) ) . '/' ); } -define( 'WPINC', 'wp-includes' ); - -require( ABSPATH . 'wp-admin/includes/noop.php' ); -require( ABSPATH . WPINC . '/script-loader.php' ); -require( ABSPATH . WPINC . '/version.php' ); - $load = $_GET['load']; if ( is_array( $load ) ) { $load = implode( '', $load ); @@ -25,10 +19,22 @@ $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load ); $load = array_unique( explode( ',', $load ) ); -if ( empty( $load ) ) { +if ( empty($load) ) exit; + +function get_file($path) { + + if ( function_exists('realpath') ) + $path = realpath($path); + + if ( ! $path || ! @is_file($path) ) + return false; + + return @file_get_contents($path); } +require( ABSPATH . 'wp-admin/admin.php' ); + $compress = ( isset( $_GET['c'] ) && $_GET['c'] ); $force_gzip = ( $compress && 'gzip' == $_GET['c'] ); $rtl = ( isset( $_GET['dir'] ) && 'rtl' == $_GET['dir'] ); From 22f90ec750c2c6e1ff36f54ef40d99b3a662b31c Mon Sep 17 00:00:00 2001 From: Tyler Young Date: Tue, 13 Feb 2018 20:02:50 -0500 Subject: [PATCH 3/3] Delete noop.php --- wp-admin/includes/noop.php | 114 ------------------------------------- 1 file changed, 114 deletions(-) delete mode 100644 wp-admin/includes/noop.php diff --git a/wp-admin/includes/noop.php b/wp-admin/includes/noop.php deleted file mode 100644 index 134bef7efecc..000000000000 --- a/wp-admin/includes/noop.php +++ /dev/null @@ -1,114 +0,0 @@ -