[MediaWiki-CodeReview] [MediaWiki r104505]: Revision status changed

MediaWiki Mail Mon, 28 Nov 2011 15:55:42 -0800

User "Hashar" changed the status of MediaWiki.r104505.

Old Status: new
New Status: ok


Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/104505
Commit summary:

* (bug 32276) Skins were generating output using the internal page title which 
would allow anonymous users to determine wheter a page exists, potentially 
leaking private data. In fact, the curid and oldid request parameters would
  allow page titles to be enumerated even when they are not guessable.
* (bug 32616) action=ajax requests were dispatched to the relevant internal 
functions without any read permission checks being done. This could lead to 
data leakage on private wikis.

_______________________________________________
MediaWiki-CodeReview mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview

[MediaWiki-CodeReview] [MediaWiki r104505]: Revision status changed

Reply via email to