https://bugzilla.wikimedia.org/show_bug.cgi?id=38170
badon <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |critical --- Comment #10 from badon <[email protected]> --- It looks like the default value for max_input_vars is 1000, so ReplaceText could detect when there are more than 1000 search results, and automatically use that as a default limit value, and then deliver a different error message that prompts the user to proceed with that limit, or enter another limit and run the search again. It appears that the max_input_vars parameter in PHP exists for the purpose of reducing the effectiveness of some types of DoS attacks. As such, this bug report and bug 43472 are relevant for security, so leaving a user with only a workaround that requires access to the server configuration AND compromising security, should be discouraged. So, I'm elevating both bug reports to "critical" severity. I decided against "major" severity because the known issues section on the extension page: https://www.mediawiki.org/wiki/Extension:Replace_Text#Known_issues mentions the possibility that some replacements may not actually be done, which constitutes a loss of data that may or may not be recoverable after a partial replace has been done. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
