As reported by Yorick Koster:
To: security@wikimedia.org From: Yorick Koster Subject: SyntaxHighlight MediaWiki exension allows injection of arbitrary Pygments options Organization: Securify B.V. Hi, I've found a security vulnerability in the SyntaxHighlight extension. The details are attached. A quick fix would be to cast the start parameter to int. // Starting line number if ( isset( $args['start'] ) ) { $options['linenostart'] = (int)$args['start']; } Cheers, Yorick -- Yorick Koster Co-founder Securify
Original e-mail attachments: