Whitelisted URLs can appear outside the top domain name
Closed, ResolvedPublic


Author: madrat

With ConfirmEdit you can whitelist URLs that you don't want to require a CAPTCHA using the MediaWiki:captcha-addurl-whitelist page. However you can't just whitelist a specific domain without a spammer being able to exploit it by adding the domain somewhere else in the URL.

For example: if you add wikimedia\.org to whitelist the wikimedia.org domain,
will all be able to bypass the CAPTCHA.

Version: unspecified
Severity: normal

bzimport added a subscriber: Unknown Object (MLST).
bzimport set Reference to bz14154.
bzimport created this task.Via LegacyMay 16 2008, 6:27 PM
Nakon added a comment.Via ConduitMay 16 2008, 6:41 PM

You can add a boundary by using \bdomain\.com\b .

brion added a comment.Via ConduitMay 16 2008, 7:15 PM

The generated regex wasn't properly anchored, so would match later in the URL than it should.

Fixed in r34932; also made it match both http and https.

Add Comment