As reported by Yorick Koster:
To: security@wikimedia.org
From: Yorick Koster
Subject: SyntaxHighlight MediaWiki exension allows injection of arbitrary Pygments options
Organization: Securify B.V.
Hi,
I've found a security vulnerability in the SyntaxHighlight extension.
The details are attached. A quick fix would be to cast the start
parameter to int.
// Starting line number
if ( isset( $args['start'] ) ) {
$options['linenostart'] = (int)$args['start'];
}
Cheers,
Yorick
--
Yorick Koster
Co-founder
SecurifyOriginal e-mail attachments: