https://bugzilla.wikimedia.org/show_bug.cgi?id=25091

Bawolff <bawolff...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |bawolff...@gmail.com
         Resolution|                            |FIXED

--- Comment #2 from Bawolff <bawolff...@gmail.com> 2010-09-10 01:47:22 UTC ---
committed fix to svn in r72699. (basically same as original poster, but use
escaping functions that also do other troublesome characters).

This was somewhat of a security issue (XSS), as an evil person could insert
code into mediawiki namespace, but not so much as theirs easier ways to be evil
if you have privs to edit mediawiki namespace.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to