Page MenuHomePhabricator
Create Task
Maniphest T37023

Failure in the spam blacklist to match protocol relative urls
Closed, ResolvedPublic
Actions

Description

Author: marcosoconnor

Description:
The spam-blacklist doesn't filters a url that is not specified the protocol, but links properly MediaWiki. Taking http or https depending on whether the server is secure or not. This can be used to skip the filter.

Example: odioalosmexicanos\.wordpress

http://es.wikipedia.org/wiki/MediaWiki:Spam-blacklist

http://es.wikipedia.org/w/index.php?action=edit&oldid=54363790

Version: unspecified
Severity: major

Details

Reference
bz35023

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 12:15 AM
bzimport added a project: SpamBlacklist.
bzimport set Reference to bz35023.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Mar 7 2012, 4:02 AM
DonRumata added a comment.Apr 15 2012, 11:14 PM

Confirmed. Urls without protocol can be used to avoid the Spam Blacklist.

Platonides added a comment.Jul 14 2012, 5:42 PM

Fixed in https://gerrit.wikimedia.org/r/15671

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL