Last modified: 2012-12-09 17:23:50 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T44626, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 42626 - Placeholder for bugs related to security audit of REPO
Placeholder for bugs related to security audit of REPO
Status: VERIFIED FIXED
Product: MediaWiki extensions
Classification: Unclassified
WikidataRepo (Other open bugs)
unspecified
All All
: Highest critical (vote)
: ---
Assigned To: denny vrandecic
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-02 16:16 UTC by jeblad
Modified: 2012-12-09 17:23 UTC (History)
6 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description jeblad 2012-12-02 16:16:08 UTC 
Can't find the correct bug, using this as a placeholder for now.

There are several bugs reported in an email. This lists the issues and fixes for the repo.


* This code pattern is used a lot in the api, and allows CSRF:
$editEntity->attemptSave(... , ..., isset( $params['token'] ) ?
$params['token'] : false );
* Permissions (authorization checks) are very inconsistently checked.
They need to be checked to at least enable admins to block people
abusing the site.

./repo/includes/actions/ViewEntityAction.php
* Please escape $labelText on line 170, or use setPageTitle

./repo/includes/api/ApiCreateClaim.php
* CSRF

./repo/includes/api/ApiGetEntities.php
* No authorization checking

./repo/includes/api/ApiRemoveClaims.php
* CSRF
* No authorization checking

./repo/includes/api/ApiSearchEntities.php
* Need to filter or whitelist the search regex chars, to prevent DoS
* No authorization checks

./repo/includes/api/ApiSetClaimValue.php
* CSRF

./repo/includes/api/ApiSetReference.php
* CSRF

./repo/includes/ItemDisambiguation.php
* Please xss escape label on Line 114

./repo/includes/specials/SpecialCreateEntity.php
* No authorization (should execute call parent?)
* double escaping of Html::input values

./repo/includes/specials/SpecialEntitiesWithoutLabel.php
* CSRF for search (minor)

./repo/includes/specials/SpecialEntityData.php
* Please sanity check the maxage / smaxage values from request

./repo/includes/specials/SpecialItemByTitle.php
* Please ensure that the redirect url doesn't point back to this page
and create an infinite loop

./repo/includes/specials/SpecialListDatatypes.php
* Please xss espcape $dataTypeId line 46

./repo/includes/specials/SpecialNewProperty.php
* No Authorization

./repo/includes/specials/SpecialWikibaseQueryPage.php
* Please us Html/Xml builders in outputResults() for sanity

./repo/includes/store/sql/EntityPerPageTable.php
* addEntityContent: Race condition (Read from slave, write to master)
Comment 1 Andre Klapper 2012-12-03 10:03:56 UTC 
jeblad: I don't understand what is meant by "Can't find the correct bug, using this as a placeholder for now". That there should be a bug report already? 
If so, it might be in the "Security" product instead.
Comment 2 denny vrandecic 2012-12-05 16:10:30 UTC 
We resolved them internally, without a bug.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links