Template:SQL injection alert/doc: Difference between revisions
From Bonkipedia
[[mw:]]>Baris6161TURK mNo edit summary |
ManfredoDo (talk | contribs) m (1 revision imported: Template documentation pages) |
(No difference)
| |
Latest revision as of 18:02, 12 November 2022
 | This is a documentation subpage for Template:SQL injection alert. It contains usage information, categories and other content that is not part of the original Template page. |
Template:SQL injection alert/doc
- Description
- Adds an alert box describing a SQL injection vulnerability in including Extension page. Also adds including page to Category:Extensions with SQL injection vulnerabilities
- If your extension was tagged with this template please read
- For extension developers and extension users: SQL injection
- Specifically for extension developers: Security for developers
- Example
{{SQL injection alert|~~~~}}
- Creates
 | <translate> Warning:</translate> <translate> The code or configuration described here poses a major security risk.</translate> <translate> Site administrators:</translate> <translate> You are advised against using it until this security issue is resolved.</translate> <translate> Problem:</translate> <translate> Vulnerable to SQL injection attacks, because it passes user input directly into SQL commands.</translate> <translate> This may lead to user accounts being hijacked, wiki content being compromised, private data being leaked, malware being injected, and the entire wiki content being erased, among other things.</translate> Daniel Friesen (Dantman) 02:03, 2 January 2012 (UTC) <translate> Solution:</translate> <translate> make proper use of MediaWiki's database class instead of concatenating raw sql</translate> Daniel Friesen (Dantman) 02:03, 2 January 2012 (UTC) |
