Last modified: 2013-10-23 18:17:06 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T35985, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 33985 - Setting protocol relative wikilinks (urls) circumvents blacklist
Setting protocol relative wikilinks (urls) circumvents blacklist
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
General/Unknown (Other open bugs)
1.18.x
All All
: High major (vote)
: ---
Assigned To: Sam Reed (reedy)
: shell
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-01-27 10:13 UTC by billinghurst
Modified: 2013-10-23 18:17 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description billinghurst 2012-01-27 10:13:01 UTC 
By use of the protocol relative urls, one is able to create urls that circumvent the blacklist

eg. [//skiptest.info skiptest]] will form a clickable functional url

I have tested at meta against the global spamlist, and at local wiki against the Mediawiki:Spam-blacklist at that wiki, both times success (if you call that success <urk>)
Comment 1 Umherirrender 2012-01-30 20:48:45 UTC 
Already fixed with r107857. I have tagged the revision for merge to live site.
Comment 2 Rob Lanphier 2012-01-30 22:45:01 UTC 
Tagging as "shell" for Sam to deploy when he gets a chance
Comment 3 Sam Reed (reedy) 2012-01-31 16:51:20 UTC 
Doned!
Comment 4 Mark A. Hershberger 2012-02-03 18:11:32 UTC 
Note that bug 34179 was created as a result of how this was fixed.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links