Interesting idea!
Is there *maybe* there some kind SQL injection attack?
E.g. I saved an evil data source like so: ======================================= <data table="Companies'; insert into user set user_id = '9999', user_name = 'Nickj2', user_email = 'address@name'; insert into user_groups set ug_user = '9999', ug_group = 'sysop'; insert into user_groups set ug_user = '9999', ug_group = 'bureaucrat'; " template="Infobox company"> name=Microsoft founded=1492 revenue=$8 </data> =======================================
And then the all pages list from the table namespace only showed the 3 test tables: http://www.kennel17.co.uk/testwiki/index.php?title=Special%3AAllpages&fr...
So that says to me that *maybe* it did something (otherwise I would expect the test 3 + this one).
Of course, I then tried to use the "reset and email me my password" function to get admin rights to see if it was working, but there was no such user :-(
www.kennel17.co.uk/testwiki
I'm probably going to regret asking this, but with a hostname like that I just have to ask: What happened to kennels numbered one through sixteen inclusive?
All the best, Nick.