[Bug 61115] Drop URL parameter setlang

bugzilla-daemon Sat, 22 Mar 2014 06:49:02 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=61115


Nemo <federicol...@tiscali.it> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #5 from Nemo <federicol...@tiscali.it> ---
(In reply to Fomafix from comment #4)
> setlang is a security risk. Here is a demonstrator for this risk:
> https://bugzilla.wikimedia.org/attachment.cgi?id=14788

Your attachment only proves that the security risk you claim is actually
standard behaviour: you have two inclusions there, one of a setlang call and
one of userlogout; if userlogout is acceptable, setlang is too.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 61115] Drop URL parameter setlang

Reply via email to