Page MenuHomePhabricator

Ckujau (Christian Kujau)
User

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Tuesday

  • Clear sailing ahead.

User Details

User Since
Oct 22 2014, 6:24 PM (361 w, 4 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
Ckujau [ Global Accounts ]

Recent Activity

Jun 6 2021

Ckujau created T284397: Unhandled Exception ("RuntimeException"): Undefined offset: 5 when trying to access T16235.
Jun 6 2021, 1:12 PM · Phabricator

Jan 30 2020

Ckujau added a comment to T228544: Nessus Scan Revealed High Finding.

OK, understood. Thanks for clearing that up! 👍

Jan 30 2020, 8:29 PM · Security, Performance-Team (Radar), MediaWiki-ResourceLoader, MediaWiki-API, Vuln-Inject, Security-Team
Ckujau added a comment to T228544: Nessus Scan Revealed High Finding.

While I understand that there's no SQL query executed here, is it really harmless to have Mediawiki echo everything back that is passed in the URL? In a Mediawiki 1.34.0 installation I get:

Jan 30 2020, 12:32 PM · Security, Performance-Team (Radar), MediaWiki-ResourceLoader, MediaWiki-API, Vuln-Inject, Security-Team

Aug 10 2016

Ckujau added a comment to T78159: Fix superfluous Warning: is_executable(): open_basedir restriction in effect in /includes/GlobalFunctions.php on line 2809.

IMHO adding /bin/bash to open_basedir should not be recommended. This directive is often used to explicitly limit file system access for PHP. Allowing PHP to call a system shell doesn't sound like a good idea to me. (MW 1.26 here, the warning is logged 3 times for each picture upload, but no UI errors - only includes/limit.sh is never called, of course.)

Aug 10 2016, 6:24 AM · MediaWiki-General

Jun 9 2016

Ckujau added a watcher for MediaWiki-extensions-Lockdown: Ckujau.
Jun 9 2016, 3:31 AM