Can't find the correct bug, using this as a placeholder for now.
There are several bugs reported in an email. This lists the issues and fixes for the repo.
- This code pattern is used a lot in the api, and allows CSRF:
$editEntity->attemptSave(... , ..., isset( $params['token'] ) ?
$params['token'] : false );
- Permissions (authorization checks) are very inconsistently checked.
They need to be checked to at least enable admins to block people
abusing the site.
./repo/includes/actions/ViewEntityAction.php
- Please escape $labelText on line 170, or use setPageTitle
./repo/includes/api/ApiCreateClaim.php
- CSRF
./repo/includes/api/ApiGetEntities.php
- No authorization checking
./repo/includes/api/ApiRemoveClaims.php
- CSRF
- No authorization checking
./repo/includes/api/ApiSearchEntities.php
- Need to filter or whitelist the search regex chars, to prevent DoS
- No authorization checks
./repo/includes/api/ApiSetClaimValue.php
- CSRF
./repo/includes/api/ApiSetReference.php
- CSRF
./repo/includes/ItemDisambiguation.php
- Please xss escape label on Line 114
./repo/includes/specials/SpecialCreateEntity.php
- No authorization (should execute call parent?)
- double escaping of Html::input values
./repo/includes/specials/SpecialEntitiesWithoutLabel.php
- CSRF for search (minor)
./repo/includes/specials/SpecialEntityData.php
- Please sanity check the maxage / smaxage values from request
./repo/includes/specials/SpecialItemByTitle.php
- Please ensure that the redirect url doesn't point back to this page
and create an infinite loop
./repo/includes/specials/SpecialListDatatypes.php
- Please xss espcape $dataTypeId line 46
./repo/includes/specials/SpecialNewProperty.php
- No Authorization
./repo/includes/specials/SpecialWikibaseQueryPage.php
- Please us Html/Xml builders in outputResults() for sanity
./repo/includes/store/sql/EntityPerPageTable.php
- addEntityContent: Race condition (Read from slave, write to master)
Version: unspecified
Severity: critical