Page MenuHomePhabricator
Create Task
Maniphest T35985

Setting protocol relative wikilinks (urls) circumvents blacklist
Closed, ResolvedPublic
Actions

Description

By use of the protocol relative urls, one is able to create urls that circumvent the blacklist

eg. [//skiptest.info skiptest]] will form a clickable functional url

I have tested at meta against the global spamlist, and at local wiki against the Mediawiki:Spam-blacklist at that wiki, both times success (if you call that success <urk>)

Version: 1.18.x
Severity: major

Details

Reference
bz33985

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 12:08 AM
bzimport added projects: MediaWiki-General, Shell.
bzimport set Reference to bz33985.
Billinghurst created this task.Jan 27 2012, 10:13 AM
Umherirrender added a comment.Jan 30 2012, 8:48 PM

Already fixed with r107857. I have tagged the revision for merge to live site.

RobLa-WMF added a comment.Jan 30 2012, 10:45 PM

Tagging as "shell" for Sam to deploy when he gets a chance

Reedy added a comment.Jan 31 2012, 4:51 PM

Doned!

MarkAHershberger added a comment.Feb 3 2012, 6:11 PM

Note that bug 34179 was created as a result of how this was fixed.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL