r11948 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r11947‎ \| r11948 \| r11949 >
Date:	11:14, 4 December 2005
Author:	vibber
Status:	old
Tags:
Comment:	* (bug 4165) Correct validation for user language selection (data taint)
Modified paths:	/branches/REL1_5/phase3/RELEASE-NOTES (modified) (history)

Diff [purge]

Index: branches/REL1_5/phase3/RELEASE-NOTES
—	—	@@ -3,7 +3,24 @@
4	4	Security reminder: MediaWiki does not require PHP's register_globals
5	5	setting since version 1.2.0. If you have it on, turn it off if you can.
6	6
	7	+== MediaWiki 1.5.3 ==
7	8
	9	+December 4, 2005
	10	+
	11	+MediaWiki 1.5.3 is a security and bugfix maintenance release.
	12	+
	13	+Validation of the user language option was broken by a code change in
	14	+May 2005, opening the possibility of remote code execution as this
	15	+parameter is used in forming a class name dynamically created with
	16	+eval().
	17	+
	18	+The validation has been corrected in this version. All prior 1.5 release
	19	+and prelease versions are affected; 1.4 and earlier and not affected.
	20	+
	21	+Additionally several bugs have been fixed; see the changelog later in
	22	+this file for a complete list.
	23	+
	24	+
8	25	== MediaWiki 1.5.2 ==
9	26
10	27	November 2, 2005
—	—	@@ -919,6 +936,7 @@
920	937	* Move parentheses out of <a> link in Special:Contributions
921	938	* (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength
922	939	* (bug 4035) Fix prev/next revision links on edit page
	940	+* (bug 4165) Correct validation for user language selection (data taint)
923	941
924	942
925	943	=== Caveats ===

Revision	Commit summary	Author	Date
r11946	* (bug 4165) Correct validation for user language selection (data taint)	vibber	10:53, 4 December 2005
r11947	* (bug 4165) Correct validation for user language selection (data taint)	vibber	11:09, 4 December 2005

01:58, 13 October 2010 😂 (talk | contribs) changed the status of r11948 [removed: new added: old]