https://bugzilla.wikimedia.org/show_bug.cgi?id=26164
Summary: Potential html injection when the database server isn't available Product: MediaWiki Version: 1.17-svn Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: Normal Component: General/Unknown AssignedTo: wikibugs-l@lists.wikimedia.org ReportedBy: platoni...@gmail.com Bug for tracking the potential html injection when the database server isn't available fixed in r77422. Wikis which set $wgServer in their LocalSettings or are in a virtual host would never be vulnerable. For sites which show the wiki in the default host, it will depend on how forgiving is their webserver and php stack for that garbled input, although some kind of foolable proxy —moreover wrongly caching errors (or the default output buffering is disabled and something incorrectly sent a previous text)— would also need to be present in order to make that useful for a potential attacker. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l