[Bug 30039] ParserFunctions + Variables: tighter integration.

bugzilla-daemon Thu, 28 Jul 2011 19:20:31 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=30039


Happy-melon <happy.melon.w...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |happy.melon.w...@gmail.com

--- Comment #1 from Happy-melon <happy.melon.w...@gmail.com> 2011-07-29 
02:20:24 UTC ---
In installations where ParserFunctions is installed but Variables is not,
$wgExtVariables is undefined, and so referencing it is a register_globals
vulnerability.

The ParserFunctions extension should not contain references to the Variables
extension in the same way that core code should not contain references to
extensions.  You should include hooks in ParserFunctions and hook functions in
Variables which handle the actual processing (and could happily be used by
other extensions).  It's fine to tweak the code flow in ParserFunctions to
ensure you can pass the right things to the hook.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 30039] ParserFunctions + Variables: tighter integration.

Reply via email to