r44602 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r44601‎ \| r44602 \| r44603 >
Date:	08:36, 15 December 2008
Author:	tstarling
Status:	ok
Tags:
Comment:	Disable index.php and wh_generate.php by default -- potential XSS vulnerabilities.
Modified paths:	/trunk/extensions/wikihiero/index.php (modified) (history) /trunk/extensions/wikihiero/wh_generate.php (modified) (history)

Diff [purge]

Index: trunk/extensions/wikihiero/index.php
—	—	@@ -24,6 +24,9 @@
25	25	//
26	26	//////////////////////////////////////////////////////////////////////////
27	27
	28	+echo "This script is insecure and shouldn't be used on a public wiki.\n";
	29	+exit( 1 );
	30	+
28	31	$IP = getenv( 'MW_INSTALL_PATH' );
29	32	if ( $IP === false ) {
30	33	$IP = dirname( __FILE__ ) .'/../..';
Index: trunk/extensions/wikihiero/wh_generate.php
—	—	@@ -24,6 +24,10 @@
25	25	//
26	26	//////////////////////////////////////////////////////////////////////////
27	27
	28	+echo "This script is insecure and shouldn't be used on a public wiki.\n";
	29	+exit( 1 );
	30	+
	31	+
28	32	include "wh_main.php";
29	33
30	34	if(array_key_exists("lang", $_GET)) {

Revision	Commit summary	Author	Date
r44604	Backport r44602 to 1.12 and 1.13	tstarling	08:38, 15 December 2008

19:20, 15 December 2008 Aaron Schulz (talk | contribs) changed the status of r44602 [removed: new added: ok]