Bawolff <> changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
                 CC|                            |
         Resolution|                            |FIXED

--- Comment #2 from Bawolff <> 2010-09-10 01:47:22 UTC ---
committed fix to svn in r72699. (basically same as original poster, but use
escaping functions that also do other troublesome characters).

This was somewhat of a security issue (XSS), as an evil person could insert
code into mediawiki namespace, but not so much as theirs easier ways to be evil
if you have privs to edit mediawiki namespace.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

Wikibugs-l mailing list

Reply via email to