Feb 6 2018
I approve this change. Please add @Enst80 to the group.
Apr 18 2017
Apr 17 2017
Apr 11 2017
I don't have VisualEditor setup anywhere. Can you provide some additional details on what the error is?
Mar 25 2017
Thanks @Enst80. Lots of great updates. :-D
Mar 19 2017
Sounds great, thanks.
Mar 13 2017
Mar 7 2017
Thanks everyone. I haven't had a chance to look yet, but I will make time
Sep 6 2016
I didn't get as far as I wanted, but I have posted my progress so far.
Sep 3 2016
Aug 31 2016
Thanks for the followup. Apache 2.0 is compatible with GPL 3.0 and MediaWiki can be distributed under GPL 3.0, but not everything GPL 2.0 can be distributed under GPL 3.0.
Took a brief look and I noticed it is licensed under Apache 2.0. I like that license, but it isn't compatible with GPL 2.0 which MediaWiki is licensed under. Any rewrite to replace this extension will need to be licensed under GPL 2.0.
It needs a rewrite anyways. I'll try and take a look this weekend.
Jun 12 2016
@Yaron_Koren, if all currently known attacks are blacklisted, that is certainly better than not. However, the issue of the blacklist itself still remains. For example, did you block all exploitable keywords and functions in each RDBMS?
Documentation like that seems like an appropriate solution.
May 18 2016
Mar 20 2016
How would you choose the rows/columns?
Mar 19 2016
Dec 15 2015
Oct 11 2015
Sep 30 2015
Mar 29 2015
Thanks for your quick action today Yaron.
Mar 14 2015
It might be worth recommending to users that they ensure Cargo is configured to use a separate database, with a separate unprivileged database account. That configuration will mitigate the major risks. Currently the Cargo FAQ indicates that its use of SQL is safe.