https://bugzilla.wikimedia.org/show_bug.cgi?id=57474
Web browser: ---
Bug ID: 57474
Summary: Very easy to spoof revert notification
Product: MediaWiki extensions
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: Unprioritized
Component: Echo
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected]
Classification: Unclassified
Mobile Platform: ---
Open a page's edit window
Add a input value of 'wpUndidRevision' with some valid revid. Save.
Whoever made that edit will receive an extremely confusing Echo notification.
This can easily be exploited by adding the same parameter to an edit made via
the API. A warning will be displayed, but the notification is still sent.
Ideas on how to fix:
Temporary: Check that $rev->getTitle() == $article->getTitle()
Maybe also look into using sha1's to only show reverts for exact reverts.
Long term: Find some other way than using a request value like wpUndidRevision
to trigger a notification.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
