[MediaWiki-CodeReview] [MediaWiki r104509]: Revision status changed

Sun, 11 Dec 2011 19:16:35 -0800 

"Tim Starling" changed the status of MediaWiki.r104509 to "ok"
URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/104509

Old status:  new
> New status: ok

Commit summary for MediaWiki.r104509:

* (bug 32276) Skins were generating output using the internal page title which 
would allow anonymous users to determine wheter a page exists, potentially 
leaking private data. In fact, the curid and oldid request parameters would
  allow page titles to be enumerated even when they are not guessable.
* (bug 32616) action=ajax requests were dispatched to the relevant internal 
functions without any read permission checks being done. This could lead to 
data leakage on private wikis

_______________________________________________
MediaWiki-CodeReview mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview

Reply via email to