https://bugzilla.wikimedia.org/show_bug.cgi?id=31256
Chad H. <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|need-review |reviewed CC| |[email protected] --- Comment #8 from Chad H. <[email protected]> 2011-11-22 20:45:13 UTC --- (In reply to comment #4) > Created attachment 9134 [details] > Customable blacklist. > > This is the patch. $wgAntiSpoofBlacklist is a global array. It can be set > before including AntiSpoof.php, or modified after. > Using isset() like this makes the extension vulnerable to register_globals. You should unconditionally define it (with the default values) and users can extend it by doing $wgAntiSpoofBlacklist[] = 0x1234; Or can overwrite it entirely by doing $wgAntiSpoofBlacklist = array( 0x1234 ); The is_array() check should be moved into checkUnicodeString() and die() should be replaced with throwing a MWException. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
