[Bug 58438] Security review of GlobalCssJs extension

bugzilla-daemon Mon, 24 Mar 2014 10:17:58 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=58438


Chris Steipp <cste...@wikimedia.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #6 from Chris Steipp <cste...@wikimedia.org> ---
(In reply to MZMcBride from comment #5)
> (In reply to Chris Steipp from comment #3)
> > With the caveats that Kunal put on the extension's page (account compromise
> > if you're not correctly using CentralAuth or shared user tables), the
> > security looks ok.
> > 
> > The site global scripts allow admins on the central site to fully control
> > the wikis using wgUseGlobalSiteCssJs, including elevating their own
> > privileges, so obviously should be used with extreme caution.
> 
> Is this bug resolved/fixed then?

Yes

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 58438] Security review of GlobalCssJs extension

Reply via email to