diff options
| author | Brion Vibber <brion@users.mediawiki.org> | 2007-01-09 07:29:44 +0000 |
|---|---|---|
| committer | Brion Vibber <brion@users.mediawiki.org> | 2007-01-09 07:29:44 +0000 |
| commit | d102e470e79918482f119dcfacb7e3d5430e9022 (patch) | |
| tree | 5eee9b79a522e7f6f782d6a7868d86d84015c836 | |
| parent | ba1597eb6af8560f96980802f89b9ccf2fdd0f4a (diff) | |
xss ajax fix1.7.2
Notes
http://mediawiki.org/wiki/Special:Code/MediaWiki/19018
| -rw-r--r-- | RELEASE-NOTES | 18 | ||||
| -rw-r--r-- | includes/AjaxDispatcher.php | 2 | ||||
| -rw-r--r-- | includes/DefaultSettings.php | 2 |
3 files changed, 20 insertions, 2 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 1128374f5e5d..75f2cff93c20 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -3,14 +3,32 @@ Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it *off* if you can. + == MediaWiki 1.7.2 == +January 9, 2007 + * Note about $wgUploadSizeWarning using byte * Update to German bookstore list (de) * (bug 6680) Added localisation for Dutch bookstore list (nl) * (bug 6708) Minor updates to Russian translation (ru) * (bug 6730) Clearer usage of message 'titlematch' in German translation (de) * Added direction mark to Special:Listredirects +* XSS fix in AJAX module + +An XSS injection vulnerability was located in the AJAX support module, +affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax +is enabled. + +There is no danger in the default configuration, with $wgUseAjax off. + +If you are using an extension based on the optional AJAX module, +either disable it or upgrade to a version containing the fix: + +* 1.9: fixed in 1.9.0rc2 +* 1.8: fixed in 1.8.3 +* 1.7: fixed in 1.7.2 +* 1.6: fixed in 1.6.9 == MediaWiki 1.7.1 == diff --git a/includes/AjaxDispatcher.php b/includes/AjaxDispatcher.php index 2084c3667a5f..9b6c4bb39ad7 100644 --- a/includes/AjaxDispatcher.php +++ b/includes/AjaxDispatcher.php @@ -67,7 +67,7 @@ class AjaxDispatcher { wfProfileIn( 'AjaxDispatcher::performAction' ); if (! in_array( $this->func_name, $wgAjaxExportList ) ) { - echo "-:{$this->func_name} not callable"; + echo "-:" . htmlspecialchars( (string)$this->func_name ) . " not callable"; } else { echo "+:"; $result = call_user_func_array($this->func_name, $this->args); diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index eb3539ed39a0..39a6fb5f5411 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -32,7 +32,7 @@ require_once( 'includes/SiteConfiguration.php' ); $wgConf = new SiteConfiguration; /** MediaWiki version number */ -$wgVersion = '1.7.1'; +$wgVersion = '1.7.2'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; |