https://bugzilla.wikimedia.org/show_bug.cgi?id=24199
Summary: DynamicPageList2 has security issues Product: MediaWiki extensions Version: any Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: Normal Component: DynamicPageList2 AssignedTo: wikibugs-l@lists.wikimedia.org ReportedBy: bawolff...@gmail.com I fixed some XSS vulnerabilities in r68811 - However I still feel there are problems with this extension. *The playing with $wgRawHtml - this in itself is not a security vulnerability, but makes it easy to give yourself problems. before r68811 the following: <DPL> category = Africa count= 2 resultsfooter=<html><script>alert('d')</script></html> </DPL> Did bad things because resultsfooter was interpreted as if $wgRawHtml was on. I think I got most of those types of issues in r68811, but I am not really familiar with the extension's options at all, so its quite likely i missed something (esp for the find and replace options). **The approach of using wiki-syntax mixed with <html> sections seems like a bad idea. It seems as if it'd be better to use either wiki-syntax only or html only then you wouldn't have to worry about escaping for both ways (but thats just my opinion after reading the code for 10 minutes, perhaps there is valid reason to do that)... *The ordercollation option does not seem to be escaped when put in the sql... This is just after a brief scan through the code when trying to fix Bug 22675 - I wouldn't be surprised if there are other issues. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l