On 04/03/13 23:37, Jonathan Wiltshire wrote:
> The problem is apparently introduced in r83855 and at this stage, I do not
> believe it affects stable, though I would not be confident enough to be sure
> yet.
Stable is based on 1.15.5, branched on r48811
It "only" affects since mediawiki 1.18
--
Thorsten Glaser wrote:
> Does Mediawiki have an API which you can pass some
> string of HTML which will throw out all unknown or
> “unsafe” (whatever that means) tags, tidy it up to
> produce valid XHTML, and return that? Otherweise,
> I guess Suggests: php-htmlpurifier and using that
> if existent
http://www.mediawiki.org/wiki/Extension:RSS_Reader seems to live
exclusively at the wiki page, instead of being at a repository.
Injection vulnerabilities are quite common in these kind of extensions.
With a quick glance, it misses to escape the output everywhere.
Just edit the page when fixing t
On 13/09/12 18:01, Moritz Muehlenhoff wrote:
> On Fri, Aug 31, 2012 at 06:34:38PM +0200, Julien Cristau wrote:
>> On Fri, Aug 31, 2012 at 10:37:25 +0200, Thorsten Glaser wrote:
>>
>>> The Release Notes say that 1.19.2 is a security-fix release,
>>> and does not list any unrelated changes. Question
On 11/07/12 09:38, Thorsten Glaser wrote:
>> b) MediaWiki resourceloader will automatically minify the javascript
>> sent to the user. It doesn't need (nor should) be preminified.
>
> That doesn’t have anything to do with what’s in the Debian
> binary packages of the various ECMAscript libraries,
How does json-js block mediawiki-extensions?
Please note that:
a) MediaWiki ships with a copy of jQuery since 1.17
b) MediaWiki resourceloader will automatically minify the javascript
sent to the user. It doesn't need (nor should) be preminified.
--
To UNSUBSCRIBE, email to debian-bugs-rc-req
6 matches
Mail list logo
