Last modified: 2013-11-15 11:08:18 UTC
Created attachment 13048 [details] Fix the bug If bogus text is put into MediaWiki:Scribunto-doc-page-name, it can cause a PHP fatal error in Scribunto::isDocPage: Call to a member function getPrefixedText() on a non-object Since this function is called from the ArticleViewHeader hook, and could be triggered by placing an {{#invoke}} in messages used for other actions, it's a possibility to effectively break the entire site. This is mitigated by the bug requiring the 'editinterface' right, since people who have that should be trustworthy enough to not break things. Patch to fix it is attached.
Actually, I think we can address this publicly. There are plenty of ways someone with editinterface could DoS the wiki, so I don't think we probably need to keep this hidden. But thanks for addressing it!
Ok, patch in Gerrit momentarily.
Change 80376 had a related patch set uploaded by Anomie: Fix possible fatal error https://gerrit.wikimedia.org/r/80376
Change 80376 merged by jenkins-bot: Fix possible fatal error https://gerrit.wikimedia.org/r/80376
Change 95416 had a related patch set uploaded by MarkAHershberger: Fix possible fatal error https://gerrit.wikimedia.org/r/95416
Change 95416 abandoned by MarkAHershberger: Fix possible fatal error https://gerrit.wikimedia.org/r/95416
No open patches to review here (backport patches got abandoned), hence resetting status to RESOLVED FIXED. Backport_to_Stable flag might be set to "-" by hexmode.