https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #3 from Chris Steipp <[email protected]> --- I'm still working through this, but wanted to get these documented so they can be fixed sooner. * {{done}} The sql handling really needed extra sanitization (otherwise, prevention of sqli depended on several classes all correctly sanitizing and calling the db handler a certain way). This was addressed in gerrit 98759. * includes/ParsoidUtils.php. Needs to disable external entities in createDOM * includes/Templating.php, Line 349, a suppressed revision can be displayed by removing the message. Unlikely it can be maliciously exploited, but not good code. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
