Page MenuHomePhabricator
Feed Advanced Search

Jun 6 2021

Ckujau created T284397: Unhandled Exception ("RuntimeException"): Undefined offset: 5 when trying to access T16235.
Jun 6 2021, 1:12 PMPhabricator

Jan 30 2020

Ckujau added a comment to T228544: Nessus Scan Revealed High Finding.

OK, understood. Thanks for clearing that up! 馃憤

Jan 30 2020, 8:29 PMSecurity, Performance-Team (Radar), MediaWiki-ResourceLoader, MediaWiki-API, Vuln-Inject, Security-Team
Ckujau added a comment to T228544: Nessus Scan Revealed High Finding.

While I understand that there's no SQL query executed here, is it really harmless to have Mediawiki echo everything back that is passed in the URL? In a Mediawiki 1.34.0 installation I get:

Jan 30 2020, 12:32 PMSecurity, Performance-Team (Radar), MediaWiki-ResourceLoader, MediaWiki-API, Vuln-Inject, Security-Team

Aug 10 2016

Ckujau added a comment to T78159: Fix superfluous Warning: is_executable(): open_basedir restriction in effect in /includes/GlobalFunctions.php on line 2809.

IMHO adding /bin/bash to open_basedir should not be recommended. This directive is often used to explicitly limit file system access for PHP. Allowing PHP to call a system shell doesn't sound like a good idea to me. (MW 1.26 here, the warning is logged 3 times for each picture upload, but no UI errors - only includes/limit.sh is never called, of course.)

Aug 10 2016, 6:24 AMMediaWiki-General

Jun 9 2016

Ckujau added a watcher for MediaWiki-extensions-Lockdown: Ckujau.
Jun 9 2016, 3:31 AM