Jens Frank wrote:
Modified Files: DifferenceEngine.php Log Message: BUG#244 Backed out changes done in Patch 1.33 due to major security problems. HTML tags were not escaped and it was possible to execute arbitrary javascript code
Can you give me an example of two article texts such that the diff between them produces this security problem?
Thanks, Timwi
On Mon, Aug 30, 2004 at 01:30:44PM +0100, Timwi wrote:
Jens Frank wrote:
Modified Files: DifferenceEngine.php Log Message: BUG#244 Backed out changes done in Patch 1.33 due to major security problems. HTML tags were not escaped and it was possible to execute arbitrary javascript code
Can you give me an example of two article texts such that the diff between them produces this security problem?
http://mediawiki.mormo.org/index.php?title=Difftest&diff=0&oldid=598...
Currently mormo is running the broken version.
Regards,
JeLuF
On Tue, Aug 31, 2004 at 12:01:32AM +0200, Jens Frank wrote:
On Mon, Aug 30, 2004 at 01:30:44PM +0100, Timwi wrote:
Jens Frank wrote:
Modified Files: DifferenceEngine.php Log Message: BUG#244 Backed out changes done in Patch 1.33 due to major security problems. HTML tags were not escaped and it was possible to execute arbitrary javascript code
Can you give me an example of two article texts such that the diff between them produces this security problem?
http://mediawiki.mormo.org/index.php?title=Difftest&diff=0&oldid=598...
Currently mormo is running the broken version.
It's apparently related to the external C-DiffEngine. The bug only occurs when wgUseExternalDiffEngine is set to true.
JeLuF
wikitech-l@lists.wikimedia.org