User "Siebrand" changed the status of MediaWiki.r98772. Old Status: new New Status: fixme
User "Siebrand" also posted a comment on MediaWiki.r98772. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/98772#c23666 Commit summary: Fixing i18n topics of r98627 Comment: <source lang="sql"> SELECT smw_title AS val, '".wfMsg("fptc-categoryname")."' AS att</source> This is an SQL injection vulnerability for any MediaWiki user (sysop by default) that is allowed to change [[MediaWiki:fptc-categoryname]]. _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
