Page MenuHomePhabricator

WikiEditor interprets names of predefined Object prototype methods as valid language names
Closed, ResolvedPublic

Event Timeline

Fomafix created this task.Jan 13 2015, 12:33 PM
Fomafix claimed this task.
Fomafix raised the priority of this task from to Medium.
Fomafix updated the task description. (Show Details)
Fomafix added a project: WikiEditor.
Fomafix changed Security from None to Software security bug.
Fomafix added a subscriber: Fomafix.
Restricted Application changed the visibility from "Public (No Login Required)" to "Custom Policy". · View Herald TranscriptJan 13 2015, 12:33 PM
Restricted Application changed the edit policy from "All Users" to "Custom Policy". · View Herald Transcript
Restricted Application added a project: acl*security. · View Herald Transcript

I'm not sure how this could be exploited... But @Krinkle, should we have an Object.prototype.hasOwnProperty.call( object, ... ) check in autoLang?

Both https://gerrit.wikimedia.org/r/186006 and https://gerrit.wikimedia.org/r/184619 fixes this bug in WikiEditor. @gerritbot has possible no rights to post here.

I didn't find a possibility to exploit this bug.

Legoktm added a subscriber: Legoktm.
matmarex changed Security from Software security bug to None.
matmarex changed the visibility from "Custom Policy" to "Public (No Login Required)".
matmarex changed the edit policy from "Custom Policy" to "All Users".

Change 184619 merged by jenkins-bot:
Use "obj.hasOwnProperty( prop )" instead of "prop in obj"

https://gerrit.wikimedia.org/r/184619

matmarex closed this task as Resolved.Feb 5 2015, 12:39 PM
matmarex added a subscriber: matmarex.

Not a security issue, thankfully.

GOIII moved this task from Backlog to Closed on the WikiEditor board.Apr 3 2016, 9:53 AM
Restricted Application added a subscriber: Malyacko. · View Herald TranscriptApr 3 2016, 9:53 AM