Last modified: 2006-11-28 03:17:16 UTC
I am not sure how to report this, but somehow someone was able to create an artificial link to an external website. The 'article' tab at the top of the article actually links to an external website, as well. Is this simply an text escaping bug, or could it be the lead-in to a malicious exploit? Some links: http://www.marveldatabase.com/index.php?title=/Giant-Size_X-Men_1&curid=37033&action=history http://www.marveldatabase.com/index.php?title=Special:Contributions&target=U53rn4m3 http://www.marveldatabase.com/index.php?title=Special:Recentchanges&from=20061127020848&limit=100000 (Scroll to the end of recent changes in the 3rd link.)
Your site configuration is a little fragile, with articles placed directly at the root URL. (I recommend against this for many reasons.) Pages starting with "/" thus end up with local URL paths starting with "//", which some browsers may interpret similarly to "http://". See the linked patch on bug 98 for how to disable all pages beginning with "/". Going to go ahead and dupe this to bug 98, since the bogus "/" is the issue. *** This bug has been marked as a duplicate of 98 ***
Thanks Brion, I spotted that extra / after I posted, but I wanted to make sure there was nothing security related, so I left the bug open for you to review. Thanks. :)