Page MenuHomePhabricator
Create Task
Maniphest T3128

[cache:...] considered harmful
Closed, DeclinedPublic
Actions

Description

Author: sam

Description:
The [cache:...] construct is used as a shortcut to Google's cache. This can be
useful, but
since the link is not displayed as an external link, the user can be mislead
into clicking
harmful links if he/she does not check the URL in the browser's status bar.

Even worse, [cache:...] can be combined with #REDIRECT and lead the user to
virtually any
page, with the URL appearing totally harmless. The attached URL illustrates
this. Also,
putting things like #REDIRECT [cache:doom3.zoy.org] in a page can also be used
to abuse
Javascript and crash browsers. It can probably be used for phishing.

Proposed fix: remove 'Cache' from maintenance/interwiki.sql .

Version: 1.3.x
Severity: critical
URL: http://fr.wikipedia.org/User:Sam Hocevar/goatse

Details

Reference
bz1128
TitleReferenceAuthorSource BranchDest Branch
Declare platform_eng specilfic hdfs artifact cache directoryrepos/data-engineering/airflow-dags!119ottoplatform_eng_artifactsmain
Declare platform_eng specilfic hdfs artifact cache directoryrepos/data-engineering/airflow-dags!118ottoplatform_eng_artifactsmain
Fix a handful of minor bugs within the Semgrep Merge Toolrepos/security/semgrep-merge-tool!3sbassettscotts-prod-deploy-testing-fixes-T312807main
Customize query in GitLab

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 21 2014, 8:00 PM
bzimport added a project: MediaWiki-General.
bzimport set Reference to bz1128.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Dec 18 2004, 4:07 PM
brion added a comment.Dec 18 2004, 8:48 PM

Nothing wrong with it as in interwiki; the problem is that interwiki redirects aren't currently handled appropriately. They're not
restricted to local wikis, and have other problems.

MarkAHershberger added a comment.Mar 13 2011, 5:46 PM

Changing all WONTFIX high priority bugs to lowest priority (no mail should be generated since I turned it off for this.)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL