[Bug 20496] New: 'changedfilter' parameter accepts arbitrary wikitext

bugzilla-daemon Thu, 03 Sep 2009 14:04:21 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=20496


           Summary: 'changedfilter' parameter accepts arbitrary wikitext
           Product: MediaWiki extensions
           Version: any
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: Normal
         Component: AbuseFilter
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected]


e.g.
http://en.wikipedia.org/wiki/Special:AbuseFilter?result=success&changedfilter={{Special:Recentchanges}}

I don't think this allows for any bad things to happen but it might be better
to validate the parameter.


-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 20496] New: 'changedfilter' parameter accepts arbitrary wikitext

Reply via email to