User "Siebrand" changed the status of MediaWiki.r98772.

Old Status: new
New Status: fixme

User "Siebrand" also posted a comment on MediaWiki.r98772.

Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/98772#c23666
Commit summary:

Fixing i18n topics of r98627

Comment:

<source lang="sql">
SELECT smw_title AS val, '".wfMsg("fptc-categoryname")."' AS att</source>
This is an SQL injection vulnerability for any MediaWiki user (sysop by 
default) that is allowed to change [[MediaWiki:fptc-categoryname]].

_______________________________________________
MediaWiki-CodeReview mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview

Reply via email to