mod_security(2) does weird things, like cause apache to serve a 500 error if people use words like "select" in an article. Since there is no error given to user, people blame us.
we should detect with get_apache_modules() and warn user when installing mediawiki about this, because this sort of "security" is just stupid
Version: 1.20.x
Severity: enhancement
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Invalid | Ciencia_Al_Poder | T17350 Getting strange 403 errors when trying to edit with following text: | |||
| Resolved | Jackmcbarn | T41463 Installer should detect mod_security(2) via get_apache_modules() and give warning |
And oh look, I was poking around in Installer.php today, and noticed we actually already do this.
But there appears to be a mod_security2 we still need to check for (I think, need to do some googling)
Change 161669 had a related patch set uploaded by Jackmcbarn:
Improve mod_security warning
I'm also wondering if we should add something to Special:Version that says if mod_security(2) is loaded, so that we can point it out immediately to users when they show us their wiki with these random problems.
(In reply to Jackmcbarn from comment #3)
I'm also wondering if we should add something to Special:Version that says
if mod_security(2) is loaded, so that we can point it out immediately to
users when they show us their wiki with these random problems.
Eh, that seems like a slippery slope. Anyways, probably out of scope for this bug.