Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F10577973
0001-T178451-REL1_29.patch
Reedy (Sam Reed)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
Reedy
Nov 2 2017, 10:37 PM
2017-11-02 22:37:29 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
0001-T178451-REL1_29.patch
View Options
From dffdbc54acc5b38f0f38c097c322a9b8833e2848 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Wed, 18 Oct 2017 05:28:43 +0000
Subject: [PATCH] SECURITY: Escape internal error message
This message contains the request url, which is semi-user controlled.
Most browsers percent escape < and > so its probably not exploitable
(curl is an exception here), but nonetheless its not good.
Bug: T178451
Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6
---
RELEASE-NOTES-1.29 | 2 ++
1 file changed, 2 insertions(+)
diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 35e69697d7..914990598d 100644
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -10,6 +10,8 @@ This not a release yet!
* Fixed case of SpecialRecentChanges class usage.
* (T174255) Declare uploadCount property in importDump.php.
* (T163646) Pass a string not an int to mysql_real_escape_string().
+* (T178451) SECURITY Potential XSS when $wgShowExceptionDetails = false and browser
+ sends non-standard url escaping.
== MediaWiki 1.29.1 ==
--
2.14.1
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5059338
Default Alt Text
0001-T178451-REL1_29.patch (1 KB)
Attached To
Mode
T168823: Tracking bug for 1.27.4/1.28.3/1.29.2 security releases
Attached
Detach File
T178451: XSS when $wgShowExceptionDetails=false and browser sends non-standard url escaping
Attached
Detach File
Event Timeline
Log In to Comment