r63439 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r63438‎ \| r63439 \| r63440 >
Date:	22:52, 8 March 2010
Author:	demon
Status:	ok
Tags:
Comment:	Merge r63436 RELEASE-NOTES to 1.16 HISTORY
Modified paths:	/branches/REL1_16/phase3/HISTORY (modified) (history)

Diff [purge]

Index: branches/REL1_16/phase3/HISTORY
—	—	@@ -278,6 +278,9 @@
279	279	* (bug 16343) Non-existing, but in use, category pages can be "go" match hits
280	280	* Fixed a CSS validation issue which allowed external images to be included
281	281	into wikis where that is disallowed by configuration.
	282	+* Fixed a data leakage vulnerability for private wikis using img_auth.php or
	283	+ similar image access authentication schemes. Check user permissions before
	284	+ streaming out scaled images from thumb.php.
282	285
283	286	== API changes in 1.15 ==
284	287	* (bug 16858) Revamped list=deletedrevs to make listing deleted contributions

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r63436	* MFT r63431: Fix data leakage from thumb.php for wikis where access to image...	tstarling	22:49, 8 March 2010

Status & tagging log

06:09, 9 March 2010 MaxSem (talk | contribs) changed the status of r63439 [removed: new added: ok]