https://bugzilla.wikimedia.org/show_bug.cgi?id=21261

Peter Potrowl <peter...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #6862|0                           |1
        is obsolete|                            |

--- Comment #4 from Peter Potrowl <peter...@gmail.com> 2010-03-09 10:08:32 UTC 
---
Created an attachment (id=7186)
 --> (https://bugzilla.wikimedia.org/attachment.cgi?id=7186)
This fixes the problem but might not be safe

I have a very simple solution which consists in removing the brackets ('[' and
']') from the list of forbidden entities in a URL.

This modifies 3 regular expressions: 2 in Parser.php and 1 in Sanitizer.php

However, it should be checked by someone competent because I don't know the
possible implications in terms of security (there might be a good reason why
the brackets were forbidden).

I also note that currently, we do not check whether a URL is valid before
adding a link to it (eg. http://thisisan\invalidtest is transformed to a link).
But I found no explanation on mediawiki.org about what should be a valid (or
invalid) URL.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to