MZMcBride <> changed:

           What    |Removed                     |Added
                URL|                            |
                   |                            |iki/extension:GlobalCssJs

--- Comment #5 from MZMcBride <> ---
(In reply to Chris Steipp from comment #3)
> With the caveats that Kunal put on the extension's page (account compromise
> if you're not correctly using CentralAuth or shared user tables), the
> security looks ok.
> The site global scripts allow admins on the central site to fully control
> the wikis using wgUseGlobalSiteCssJs, including elevating their own
> privileges, so obviously should be used with extreme caution.

Is this bug resolved/fixed then?

You are receiving this mail because:
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to