Summary: Potential html injection when the database server
                    isn't available
           Product: MediaWiki
           Version: 1.17-svn
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: Normal
         Component: General/Unknown

Bug for tracking the potential html injection when the database server isn't
available fixed in r77422.

Wikis which set $wgServer in their LocalSettings or are in a virtual
host would never be vulnerable.

For sites which show the wiki in the default host, it will depend on how
forgiving is their webserver and php stack for that garbled input, although
some kind of foolable proxy —moreover wrongly caching errors (or the default
output buffering is disabled and something incorrectly sent a previous text)—
would also need to be present in order to make that useful for a potential

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to