[Mediawiki-l] Re: How do I change the default skin for users that are both logged in as well as not logged in?

Jan Steinman Jan at Bytesmiths.com
Tue Dec 20 07:47:03 UTC 2005


> From: Brion Vibber <brion at pobox.com>
>
> Alistair Johnson wrote:
>> Here's a script we use to copy preferences from one user to all  
>> users for MW
>> 1.4.x. YMMV.
>
> This snippet appears to be vulnerable to SQL injection attacks. A  
> cleverly
> written signature or other option on the model row could probably  
> be used to
> overwrite everyone else's passwords or such.

Since this is used for copying *one* user's preferences to all the  
other users, and assuming you'd be pretty careful about selecting  
that one to copy, and also assuming that this script would only be  
run by trusted individuals in a trusted environment, what's the problem?

I'm not being facetious; I just want to know if I missed something  
important.

(BTW: I just ported my static HTML "Van" pages, below, to MW 1.5.3.)

:::: You can't solve a problem with the same kind of thinking that  
created it in the first place. -- Albert Einstein
:::: Jan Steinman <http://www.Bytesmiths.com/Van>




More information about the MediaWiki-l mailing list