Thanks for reaching out Golmore. I've removed the CSS extension tag and added a Cite extension tag.

I approve this change. Please add @Enst80 to the group.

Thanks @Enst80 and @jrchamp for making this happen.

I don't have VisualEditor setup anywhere. Can you provide some additional details on what the error is?

Thanks @Enst80. Lots of great updates. :-D

Sounds great, thanks.

Hi Stefan,

Thanks everyone. I haven't had a chance to look yet, but I will make time
this weekend.

I didn't get as far as I wanted, but I have posted my progress so far.

@kwisatz @Andreasfink Thanks for the contributions. I'm working on this today through Monday (long weekend). I hope to get a review up in Gerrit to receive comments during this time.

Thanks for the followup. Apache 2.0 is compatible with GPL 3.0 and MediaWiki can be distributed under GPL 3.0, but not everything GPL 2.0 can be distributed under GPL 3.0.

Took a brief look and I noticed it is licensed under Apache 2.0. I like that license, but it isn't compatible with GPL 2.0 which MediaWiki is licensed under. Any rewrite to replace this extension will need to be licensed under GPL 2.0.

It needs a rewrite anyways. I'll try and take a look this weekend.

@Yaron_Koren, if all currently known attacks are blacklisted, that is certainly better than not. However, the issue of the blacklist itself still remains. For example, did you block all exploitable keywords and functions in each RDBMS?

Documentation like that seems like an appropriate solution.

How would you choose the rows/columns?

Hi Bultro,

Hi Davcza,

Thanks for your quick action today Yaron.

It might be worth recommending to users that they ensure Cargo is configured to use a separate database, with a separate unprivileged database account. That configuration will mitigate the major risks. Currently the Cargo FAQ indicates that its use of SQL is safe.