https://bugzilla.wikimedia.org/show_bug.cgi?id=18236
Summary: potentially insecure message in Extension:regexBlock
Product: MediaWiki extensions
Version: any
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: Normal
Component: General/Unknown
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected]
Depends on: 18235
In Extension:regexBlock,
there is a message
regexblock-unblock-error
having a parameter $1
which is an invalid (nonexisting) user name.
Likely, it should be enclosed in <nowiki>
tag in the message, since it may include
arbitary code.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
