Template:SQL injection alert: Difference between revisions
From Bonkipedia
[[mw:]]>Shirayuki (use translation aware transclusion) |
ManfredoDo (talk | contribs) m (1 revision imported: Template documentation pages) |
(No difference)
|
Latest revision as of 18:05, 12 November 2022
<translate> Warning:</translate> <translate> The code or configuration described here poses a major security risk.</translate> <translate> Site administrators:</translate> <translate> You are advised against using it until this security issue is resolved.</translate> <translate> Problem:</translate> Vulnerable to SQL injection attacks, because it passes user input directly into SQL commands. This may lead to user accounts being hijacked, wiki content being compromised, private data being leaked, malware being injected, and the entire wiki content being erased, among other things. <translate> Solution:</translate> make proper use of MediaWiki's database class instead of concatenating raw sql |
- Description
- Adds an alert box describing a SQL injection vulnerability in including Extension page. Also adds including page to Category:Extensions with SQL injection vulnerabilities
- If your extension was tagged with this template please read
- For extension developers and extension users: SQL injection
- Specifically for extension developers: Security for developers
- Example
{{SQL injection alert|~~~~}}
- Creates
<translate> Warning:</translate> <translate> The code or configuration described here poses a major security risk.</translate> <translate> Site administrators:</translate> <translate> You are advised against using it until this security issue is resolved.</translate> <translate> Problem:</translate> <translate> Vulnerable to SQL injection attacks, because it passes user input directly into SQL commands.</translate> <translate> This may lead to user accounts being hijacked, wiki content being compromised, private data being leaked, malware being injected, and the entire wiki content being erased, among other things.</translate> Daniel Friesen (Dantman) 02:03, 2 January 2012 (UTC) <translate> Solution:</translate> <translate> make proper use of MediaWiki's database class instead of concatenating raw sql</translate> Daniel Friesen (Dantman) 02:03, 2 January 2012 (UTC) |