Ladsgroup added a comment.
On the lua side of things: You can reproduce this problem by setting the language to almost anything other than a valid one like "uselang=???" <https://commons.wikimedia.org/wiki/Category:Kingdom_of_Romania?uselang=???>. The good news is that I couldn't break out of the string so it's not an injection vulnerability AFAIK but this can be fixed rather easily in the lua side. I will try to make a patch. TASK DETAIL https://phabricator.wikimedia.org/T245062 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Tarrow, Ladsgroup Cc: Rosalie_WMDE, Tarrow, Agusbou2015, Ladsgroup, hoo, Jakob_WMDE, Liuxinyu970226, Krinkle, Addshore, WMDE-leszek, Jdforrester-WMF, Aklapper, Un1tY, Hook696, Daryl-TTMG, RomaAmorRoma, 0010318400, E.S.A-Sheild, Iflorez, darthmon_wmde, alaa_wmde, Meekrab2012, joker88john, CucyNoiD, Nandana, NebulousIris, Gaboe420, Versusxo, Majesticalreaper22, Giuliamocci, Adrian1985, Cpaulf30, Lahi, Gq86, Af420, Darkminds3113, Bsandipan, Lordiis, GoranSMilovanovic, Adik2382, Th3d3v1ls, Ramalepe, Liugev6, QZanden, LawExplorer, WSH1906, Lewizho99, Maathavan, _jensen, rosalieper, Scott_WUaS, Jonas, Wikidata-bugs, aude, Ricordisamoa, Lydia_Pintscher, Mbch331, Rxy, Jay8g, Krenair
_______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs