dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4567ba7) | patch
* (bug 32276) Skins were generating output using the internal page title which would...
authorSam Reed <reedy@users.mediawiki.org>
Mon, 28 Nov 2011 23:18:55 +0000 (23:18 +0000)
committerSam Reed <reedy@users.mediawiki.org>
Mon, 28 Nov 2011 23:18:55 +0000 (23:18 +0000)
commit7141742914cb1554809676d30911416bd2024cf9
tree133586100738adbfdc6fc69fda955bcc56a3200etree | snapshot
parent4567ba7adf5cebab08b72cae276f42a325601c8dcommit | diff
* (bug 32276) Skins were generating output using the internal page title which would allow anonymous users to determine wheter a page exists, potentially leaking private data. In fact, the curid and oldid request parameters would
  allow page titles to be enumerated even when they are not guessable.
* (bug 32616) action=ajax requests were dispatched to the relevant internal functions without any read permission checks being done. This could lead to data leakage on private wikis.
includes/AjaxDispatcher.php diff | blob | history
includes/OutputPage.php diff | blob | history
includes/SkinTemplate.php diff | blob | history
includes/Wiki.php diff | blob | history
Wiklou, le Wiki du Wiklou