csteipp created this task. csteipp added subscribers: Andreasburmeister, csteipp, Tamslo, Liuxinyu970226, Lydia_Pintscher, Aklapper, Wikidata-Quality-Constraints. csteipp added projects: Wikidata, Wikidata-Quality-Constraints, Security-Reviews.
TASK DESCRIPTION As is, the CSV value can be used as a DoS vector, or in the worst case exploit stuff like http://www.openwall.com/lists/oss-security/2015/06/01/6. The regex either needs to be sanitized to a known good expression, or this check needs to be removed TASK DETAIL https://phabricator.wikimedia.org/T101467 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: csteipp Cc: Wikidata-bugs, dominic.sauer, Jonaskeutel, soeren.oldag, Tamslo, Tobi_WMDE_SW, Aklapper, Lydia_Pintscher, Liuxinyu970226, csteipp, Andreasburmeister, aude _______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs