csteipp added a comment. I'm not sure what kinds of regexes are expected here, so can't give great guidance on the best solution. Theomowmde's solution of only allowing admins to add them will prevent mass exploitation, but would still allow admins to attack the server in the case of another pcre exploit. So I'd prefer to not rely on that.
How important is this feature? Assuming it's really needed, you could probably do a couple of things, - Only allow a subset of regex expressions-- if all you need is for people to say, "\w+" or "[0-9]*", then that should be possible - Have a sandboxed service (shell out to a confined binary, or make it a web service) that does the regex processing - Implement a descriptive language that always generates safe regexes TASK DETAIL https://phabricator.wikimedia.org/T101467 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: csteipp Cc: thiemowmde, Jonaskeutel, Wikidata-Quality-Constraints, Aklapper, Lydia_Pintscher, Liuxinyu970226, Tamslo, csteipp, Andreasburmeister, Wikidata-bugs, aude _______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
