![]() This was fixed along with improving how the mangling was done for format=json, and allowing sites to disable the mangling using $wgMangleFlashPolicy. ( bug 66776, bug 71478) SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling.( T126685) Globally throttle password attempts.( T110143) strip markers can be used to get around html attribute escaping in (many?) parser tags.( T132874) API action=move is not rate limited.( T133507) Careless use of $wgExternalLinkTarget is insecure.( T130947) Diff generation should use PoolCounter.( T98313) Graphs can leak tokens, leading to CSRF.( T122807) Check php crypto primatives.( T103239) Patrol allows click catching and patrolling of any page. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |