Last modified: 2012-12-09 17:23:50 UTC
Can't find the correct bug, using this as a placeholder for now. There are several bugs reported in an email. This lists the issues and fixes for the repo. * This code pattern is used a lot in the api, and allows CSRF: $editEntity->attemptSave(... , ..., isset( $params['token'] ) ? $params['token'] : false ); * Permissions (authorization checks) are very inconsistently checked. They need to be checked to at least enable admins to block people abusing the site. ./repo/includes/actions/ViewEntityAction.php * Please escape $labelText on line 170, or use setPageTitle ./repo/includes/api/ApiCreateClaim.php * CSRF ./repo/includes/api/ApiGetEntities.php * No authorization checking ./repo/includes/api/ApiRemoveClaims.php * CSRF * No authorization checking ./repo/includes/api/ApiSearchEntities.php * Need to filter or whitelist the search regex chars, to prevent DoS * No authorization checks ./repo/includes/api/ApiSetClaimValue.php * CSRF ./repo/includes/api/ApiSetReference.php * CSRF ./repo/includes/ItemDisambiguation.php * Please xss escape label on Line 114 ./repo/includes/specials/SpecialCreateEntity.php * No authorization (should execute call parent?) * double escaping of Html::input values ./repo/includes/specials/SpecialEntitiesWithoutLabel.php * CSRF for search (minor) ./repo/includes/specials/SpecialEntityData.php * Please sanity check the maxage / smaxage values from request ./repo/includes/specials/SpecialItemByTitle.php * Please ensure that the redirect url doesn't point back to this page and create an infinite loop ./repo/includes/specials/SpecialListDatatypes.php * Please xss espcape $dataTypeId line 46 ./repo/includes/specials/SpecialNewProperty.php * No Authorization ./repo/includes/specials/SpecialWikibaseQueryPage.php * Please us Html/Xml builders in outputResults() for sanity ./repo/includes/store/sql/EntityPerPageTable.php * addEntityContent: Race condition (Read from slave, write to master)
jeblad: I don't understand what is meant by "Can't find the correct bug, using this as a placeholder for now". That there should be a bug report already? If so, it might be in the "Security" product instead.
We resolved them internally, without a bug.