[Mediawiki-l] Security - MediaWiki 1.9.2
Roger Chrisman
roger at rogerchrisman.com
Wed Mar 7 23:45:01 UTC 2007
I just had a scare...
My LocalSettings.php file *displayed in the browser* at top of any wiki
page view! (Actually I only saw it at top of Main_page and top of
Search results page before I panicked and reverted the edit in
LocalSettings.php that had caused this.)
What happened
---------------------
In LocalSettings.php I had edited my $wgSpamRegex from this:
$wgSpamRegex = "/\<.*style.*?(display|position|overflow|visibility|
height)\s*:.*?>/i";
to this which caused this line and all below it in LocalSettings.php to
show in browser!:
$wgSpamRegex = "/(Tramadol|\<.*style.*?(display|position|overflow|
visibility|height)\s*:.*?>)/i";
Both entries were single lines of course; line breaks here for email.
Did I screwed up the Regex while adding "(Tramadol|" and ")" to it?
Why did the new $wgSpamRegex line and everything below it in
LocalSettings.php show up at top of *wiki page views in browser
(Konqueror) window*?
Luckily my MySQL pw and username are *above* that in LocalSettings.php
so they did not get out.
I'm running the wiki, http://Wikigogy.org, with default MediaWiki and no
extensions on a commercial web host and viewed it from home in
Konqueror browser.
* MediaWiki: 1.9.2
* PHP: 5.2.1 (cgi)
* MySQL: 4.1.21-standard-log
I keep LocalSettings.php mode 600 and owned my myself.
How did half of it get out?
--
Roger Chrisman :-) http://Wikigogy.org - free resources
for teachers of English as a second or foreign language
More information about the MediaWiki-l
mailing list