Template:SQL injection alert/doc
From Bonkipedia
This is a documentation subpage for Template:SQL injection alert. It contains usage information, categories and other content that is not part of the original Template page. |
Template:SQL injection alert/doc
- Description
- Adds an alert box describing a SQL injection vulnerability in including Extension page. Also adds including page to Category:Extensions with SQL injection vulnerabilities
- If your extension was tagged with this template please read
- For extension developers and extension users: SQL injection
- Specifically for extension developers: Security for developers
- Example
{{SQL injection alert|~~~~}}
- Creates
<translate> Warning:</translate> <translate> The code or configuration described here poses a major security risk.</translate> <translate> Site administrators:</translate> <translate> You are advised against using it until this security issue is resolved.</translate> <translate> Problem:</translate> <translate> Vulnerable to SQL injection attacks, because it passes user input directly into SQL commands.</translate> <translate> This may lead to user accounts being hijacked, wiki content being compromised, private data being leaked, malware being injected, and the entire wiki content being erased, among other things.</translate> Daniel Friesen (Dantman) 02:03, 2 January 2012 (UTC) <translate> Solution:</translate> <translate> make proper use of MediaWiki's database class instead of concatenating raw sql</translate> Daniel Friesen (Dantman) 02:03, 2 January 2012 (UTC) |