Last modified: 2014-08-30 20:45:15 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T49450, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 47450 - No proper HTML escaping
No proper HTML escaping
Status: RESOLVED FIXED
Product: Wiki Loves Monuments
Classification: Unclassified
API (Other open bugs)
unspecified
All All
: Unprioritized major
: ---
Assigned To: Platonides
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-04-20 12:50 UTC by Maarten Dammers
Modified: 2014-08-30 20:45 UTC (History)
9 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Maarten Dammers 2013-04-20 12:50:56 UTC 
Reported bij theDJ:

We have a bug with filenames with quotes in them.

file: http://commons.wikimedia.org/wiki/File:Vakwerkboerderij_%22Menzo%22_-_Zuidgevel_-_RM_15285_01.JPG

api request:
http://toolserver.org/~multichill/monapi/api.php?action=images&imcountry=nl&imid=15285&format=html&props=img_name

Generated html:
<a href="http://commons.wikimedia.org/wiki/File:Vakwerkboerderij_" menzo"_-_zuidgevel_-_rm_15285_01.jpg"=""><img src="http://upload.wikimedia.org/wikipedia/commons/thumb/9/98/Vakwerkboerderij_" menzo"_-_zuidgevel_-_rm_15285_01.jpg="" 100px-vakwerkboerderij_"menzo"_-_zuidgevel_-_rm_15285_01.jpg"=""></a>

Possible njection attack vector.
Comment 1 Platonides 2013-04-21 17:47:27 UTC 
Introduced by r266 - r269 in 2011-08-01. Fixed in r1055.

Please update your local copy.
Comment 2 Alex Monk 2013-04-21 19:46:16 UTC 
That's https://fisheye.toolserver.org/changelog/erfgoed?cs=1055 but I'm pretty sure that '..' is not valid PHP.
Comment 3 Platonides 2013-04-21 20:22:58 UTC 
Fixed in r1056
Comment 4 Alex Monk 2013-05-18 00:26:31 UTC 
If this is fixed on the live TS copy, please move this bug out of the security area.
Comment 5 Alex Monk 2013-09-04 12:25:14 UTC 
Platonides?
Comment 6 Alex Monk 2014-08-29 17:57:13 UTC 
When can we get this moved out of the Security component?
Comment 7 Alex Monk 2014-08-29 19:13:27 UTC 
Moving to "Tool labs tools". It's not quite the right product, but it's the closest I could find.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links