Last modified: 2012-12-13 11:21:41 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T42551, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 40551 - Check insertDefaultSites in Utils.php


Summary:	Check insertDefaultSites in Utils.php

Status:	VERIFIED FIXED

Product:	MediaWiki extensions
Classification:	Unclassified
Component:	WikidataRepo (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Unprioritized normal (vote)
Target Milestone:	---
Assigned To:	Wikidata bugs

URL:
Whiteboard:	storypoints: 2
Keywords:

Depends on:
Blocks:	40573
	Show dependency tree / graph

Reported:	2012-09-27 11:12 UTC by abraham.taherivand
Modified:	2012-12-13 11:21 UTC (History)
CC List:	3 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description abraham.taherivand 2012-09-27 11:12:05 UTC

Comment 1 jeblad 2012-09-28 10:34:47 UTC

The way that you're passing in a function to insertDefaultSites in Utils.php makes a security evaluation difficult. I'm not sure what your intent was behind that syntax, but it would be better to either have a whitelist of function names, or possibly use the builtin debugging functions if you're only trying to get debugging information.

Comment 2 Jens Ohlig 2012-10-01 10:55:52 UTC

Fixed by Tim Starling in I394c33f3ef06d09bae32fa875a33c93b3131daed

Comment 3 Anja Jentzsch 2012-11-29 12:42:38 UTC

Verified in Wikidata demo time for sprint 18

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links