User "Nikerabbit" changed the status of MediaWiki.r89637. Old Status: new New Status: fixme
User "Nikerabbit" also posted a comment on MediaWiki.r89637. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/89637#c17723 Commit summary: Initial commit of new extension Notificator Comment: You need to do a lot more escaping of things you output into html. I also think we already have a function for validating email address. +global $wgPasswordSender, $ngFromAddress; +if(! $ngFromAddress) $ngFromAddress = $wgPasswordSender; Don't do that, it is security vulnerability. I assume this extension was written a long time ago? _______________________________________________ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
