Page MenuHomePhabricator

Add security limits to the Wikifunctions system to maintain stability and integrity of the content
Closed, ResolvedPublic

Related Objects

StatusSubtypeAssignedTask
OpenBUG REPORTNone
ResolvedJdforrester-WMF
ResolvedBTullis
ResolvedJdforrester-WMF
ResolvedJdforrester-WMF
ResolvedDVrandecic
Resolvedgengh
ResolvedDVrandecic
ResolvedDVrandecic
Resolvedgengh
ResolvedJdforrester-WMF
Resolvedgengh
Resolvedgengh
Resolvedgengh
Resolvedgengh
Resolvedgengh
Resolvedgengh
Resolvedgengh
Resolvedgengh
Resolvedgengh
Resolvedgengh
Resolvedgengh
Resolvedgengh
ResolvedDVrandecic
Resolved maryyang
Resolvedcmassaro
Resolvedori
ResolvedJdforrester-WMF
Resolvedcmassaro
Resolvedcmassaro

Event Timeline

Questions:

  • what happens if a generic function returning a built-in type is given as the type of an instance? this could allow community members to breach their permission limits
  • currently, any community member can create types; is there a bug to capture this?

Questions:

  • what happens if a generic function returning a built-in type is given as the type of an instance? this could allow community members to breach their permission limits

You mean by basically creating a function that returns an instance of a built-in type even though the user would not be allowed to store that instance directly? That shouldn't be a problem. It wouldn't work for nominals, and for non-nominals it shouldn't matter. But please reopen if I missed something.

  • currently, any community member can create types; is there a bug to capture this?

We put creating types behind an additional right, see T299601

DVrandecic claimed this task.