Maniphest T20298

Security problem with supressing redirects
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	Lolsimon
	Apr 1 2009, 8:59 AM

Description

For sysops, the rename function has since a few weeks also a function to suppress the redirect. Of course, this is a useful function, but I have seen there are some serious security problems in this new feature.

On the originally page where the page was, nothing can be seen that the page is renamed. When they rename a page with the supressing option, they are easily able to let a page disappearing, and it's very hard to see who did this and where the page actually is, esecially on a larger wiki such as nl.wikipedia (many moderators, logs etc.)

In the deletion logs of the page, there should be visible that the page has been renamed without redirect, so it's possible to see who did this and to see where the page is now. But now it's almost impossible when a page dissapeares, to see who dit this and where the page is!

This is a pretty serious security thread, which should be fixed very soon (or set it off until there is a fix)!

(this bug should also be added to the Mediawiki category)

Version: unspecified
Severity: normal

Details

Reference: bz18298

Event Timeline

• bzimport raised the priority of this task from to Unbreak Now!.Nov 21 2014, 10:32 PM

• bzimport added a project: MediaWiki-Redirects.

• bzimport set Reference to bz18298.

• bzimport added a subscriber: Unknown Object (MLST).

Lolsimon created this task.Apr 1 2009, 8:59 AM

mike.lifeguard+bugs wrote:

*** This bug has been marked as a duplicate of bug 16950 ***

Luke081515 removed a subscriber: • wikibugs-l-list.Jan 28 2016, 6:04 PM

Security problem with supressing redirectsClosed, ResolvedPublicActions

Description

Details

Event Timeline

Security problem with supressing redirects
Closed, ResolvedPublic
Actions