Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F10720206
0001-T178451-REL1_28.patch
Reedy (Sam Reed)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
Reedy
Nov 10 2017, 10:20 PM
2017-11-10 22:20:31 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
0001-T178451-REL1_28.patch
View Options
From 13e2a9dc59fbd61cd2a4ba9c963d7029a8766c6a Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Wed, 18 Oct 2017 05:28:43 +0000
Subject: [PATCH 1/2] SECURITY: Escape internal error message
This message contains the request url, which is semi-user controlled.
Most browsers percent escape < and > so its probably not exploitable
(curl is an exception here), but nonetheless its not good.
Bug: T178451
Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6
---
RELEASE-NOTES-1.28 | 2 ++
1 file changed, 2 insertions(+)
diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index b916d23768..870f9c33ab 100644
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -17,6 +17,8 @@ This is not a release yet!
* (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
* (T174255) Declare uploadCount property in importDump.php.
* Updated dev dependancy phpunit/phpunit from v4.8.24 to v4.8.36.
+* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and browser
+ sends non-standard url escaping.
== MediaWiki 1.28.1 ==
--
2.14.1
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5081074
Default Alt Text
0001-T178451-REL1_28.patch (1 KB)
Attached To
Mode
T168823: Tracking bug for 1.27.4/1.28.3/1.29.2 security releases
Attached
Detach File
T178451: XSS when $wgShowExceptionDetails=false and browser sends non-standard url escaping
Attached
Detach File
Event Timeline
Log In to Comment