r48916 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r48915‎ \| r48916 \| r48917 >
Date:	12:46, 27 March 2009
Author:	jojo
Status:	resolved (Comments)
Tags:
Comment:	support return_to GET parameter in add_category
Modified paths:	/trunk/extensions/Collection/Collection.body.php (modified) (history)

Diff [purge]

Index: trunk/extensions/Collection/Collection.body.php
—	—	@@ -101,7 +101,7 @@
102	102	self::limitExceeded();
103	103	return;
104	104	} else {
105		~~- $wgOut->redirect( $title->getFullURL() );~~
	105	+ $wgOut->redirect( $wgRequest->getVal( 'return_to', $title->getFullURL() ) );
106	106	}
107	107	$wgUser->invalidateCache();
108	108	return;

#Comment by Brion VIBBER (talk | contribs) 19:19, 7 April 2009

We generally don't allow redirects with arbitrary URLs as this may be a spam/security issue. Needs validation or use of an internal title?

#Comment by Tim Starling (talk | contribs) 04:10, 2 June 2009

We don't allow redirects to interwiki titles either, unless they have iw_local. The code has several interwiki redirect vulnerabilities.

#Comment by Jbeigel (talk | contribs) 12:54, 3 June 2009

Changed in r51398: now using title instead of URL

14:58, 6 June 2009 Tim Starling (talk | contribs) changed the status of r48916 [removed: fixme added: resolved]
19:19, 7 April 2009 Brion VIBBER (talk | contribs) changed the status of r48916 [removed: new added: fixme]