Skip to content

Commit

Permalink
MC-13633: File Read Configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
Oleksandr Gorkun committed Jan 25, 2019
1 parent 0122d0b commit eb820e0
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions app/bootstrap.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
* Environment initialization
*/
error_reporting(E_ALL);
stream_wrapper_unregister('phar');
#ini_set('display_errors', 1);

/* PHP version validation */
Expand Down

2 comments on commit eb820e0

@ToonSpinISAAC
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @AlexMaxHorkun,

This change breaks, among other things, n98-magerun2. The description "file read configuration" is a little vague, could you please explain why this change was made?

Thanks!

@sshymko
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's a security measure against unserialize vulnerabilities exploitable via phar:// streams:
https://github.com/s-n-t/presentations/raw/master/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It-wp.pdf

Please sign in to comment.