Difference between revisions of "MediaWiki"

From Nick Jenkins
Jump to: navigation, search
(HTML Validation or PHP errors or SQL errors)
(Completely fixed)
Line 13: Line 13:
 
  <a href=" porno videos ">home video porn</a>  3417 <a href=" porno video ">xxx asian porn xxx</a>  ezdibb
 
  <a href=" porno videos ">home video porn</a>  3417 <a href=" porno video ">xxx asian porn xxx</a>  ezdibb
  
== Completely fixed ==
+
It's serious <a href=" clips ">gay porn movies</a> 8[[ <a href=" blog ">thumb vintage porno</a> ouc
 
+
Things belong here if they now give valid HTML, don't cause PHP errors/warnings or SQL errors/warnings, and don't cause Tidy warnings.
+
 
+
{| border="1"
+
! Test
+
! Wiki Source
+
! Validate HTML
+
! Tidy HTML
+
! [[#Definition of Security Aspects|Security<br>aspects?]]
+
! Fixed in
+
! Visible<br>Artefacts?
+
! Notes and any extra info.
+
|-
+
| <s>[[MediaWiki/Parser7]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser7|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser7 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser7}}</s>
+
| No
+
| 1.6.1
+
| No.
+
| Completely fixed in 1.6.1 - valid HTML, no artefacts, no tidy errors.
+
|-
+
| <s>[[MediaWiki/Parser13]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser13|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser13 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser13}}</s>
+
| <s>Yes</s> No.
+
| 1.6.6
+
| No.
+
| <s>sDrops the '<a href="xxx' string. [http://mail.wikipedia.org/pipermail/wikitech-l/2006-April/034659.html Explanation for this + Parser14 + Parser14-table].</s> Completely fixed in 1.6.6.
+
|-
+
| <s>[[MediaWiki/Parser14]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser14|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser14 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser14}}</s>
+
| <s>Yes</s> No.
+
| 1.6.6
+
| <s>Yes</s> No.
+
| <s>TOC insertion</s> Completely fixed in 1.6.6.
+
|-
+
| <s>[[MediaWiki/Parser14-table]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser14-table|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser14-table W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser14-table}}</s>
+
| <s>Yes</s> No.
+
| 1.6.6
+
| <s>Yes</s> No.
+
| <s>TOC insertion</s> Completely fixed in 1.6.6.
+
|-
+
| <s>[[MediaWiki/Parser17]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser17|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser17 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser17}}</s>
+
| <s>Yes</s> No.
+
| 1.6.1
+
| No.
+
| Completely fixed in 1.6.1 - valid HTML, no artefacts, no tidy errors.
+
|-
+
| <s>[[MediaWiki/Parser18]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser18|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser18 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser18}}</s>
+
| <s>Yes</s> No.
+
| 1.6.1
+
| No.
+
| Completely fixed in 1.6.1 - valid HTML, no artefacts, no tidy errors.
+
|-
+
| <s>[[MediaWiki/Parser19]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser19|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser19 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser19}}</s>
+
| <s>Yes</s> No.
+
| 1.6.1
+
| No.
+
| Completely fixed in 1.6.1 - valid HTML, no artefacts, no tidy errors.
+
|-
+
| <s>[[MediaWiki/Parser21]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser21|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser21 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser21}}</s>
+
| <s>Yes</s> No.
+
| 1.6.6
+
| No.
+
| Completely fixed in 1.6.6 - valid HTML, no artefacts, no tidy errors.
+
|-
+
| <s>[[MediaWiki/Parser22]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser22|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser22 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser22}}</s>
+
| <s>Yes</s> No.
+
| 1.6.6
+
| No.
+
| <s>Double links injection.</s> Completely fixed in 1.6.6 - valid HTML, no artefacts, no tidy errors.
+
|-
+
| <s>[[MediaWiki/Parser27]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser27|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser27 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser27}}</s>
+
| No.
+
| r14480
+
| No.
+
| PHP warning in Sort extension, fixed in [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-May/015460.html r14480].
+
|-
+
| <s>[[MediaWiki/Parser32]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser31|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser31 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser31}}</s>
+
| <s>Yes</s> No.
+
| 1.6.7
+
| No.
+
| [http://mail.wikipedia.org/pipermail/wikitech-l/2006-June/035974.html User-specified JavaScript execution]. Must be running an experimental extension, so most installations are<br />NOT affected. Wiki text not released yet. [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-June/015491.html Fixed in trunk by r14511], and fixed in 1.6.7.
+
|-
+
| <s>[[MediaWiki/Parser35]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser35|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser35 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser35}}</s>
+
| <s>Yes</s> No.
+
| 1.6.7
+
| No.
+
| Limited attribute injection using CharInsert extension + Math extension.
+
|-
+
| <s>[[MediaWiki/Parser38]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser38|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser38 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser38}}</s>
+
| <s>Yes</s> No.
+
| 1.6.7
+
| No.
+
| Limited attribute injection using CharInsert extension + Cite extension.
+
|-
+
| <s>[[MediaWiki/Parser42]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser42|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser42 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser42}}</s>
+
| <s>Yes</s> No.
+
| 1.6.7
+
| No.
+
| Section heading abuse for gave Tidy error, strange page rendering, and a limited attribute injection.
+
|-
+
| <s>[[MediaWiki/Parser43]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser43|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser43 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser43}}</s>
+
| <s>Yes</s> No.
+
| 1.6.7
+
| No.
+
| [http://mail.wikipedia.org/pipermail/wikitech-l/2006-June/036085.html XSS Arbitrary JavaScript execution and HTML insertion]. Fixed in 1.6.7 and fixed in [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-June/015565.html r14585] for trunk.
+
|-
+
| <s>[[MediaWiki/Parser44]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser44|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser44 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser44}}</s>
+
| No.
+
| r14733
+
| No.
+
| PHP warning in InputBox extension in E_ALL with bad input. [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-June/015713.html Fixed in r14733].
+
|-
+
| <s>[[MediaWiki/Parser41]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser41|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser41 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser41}}</s>
+
| <s>Yes</s> No.
+
| [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-June/015524.html r14544]
+
| No.
+
| Wikitext of death (causes internal Parser error). Fixed in 1.7, but not in 1.6.
+
|-
+
| <s>[[MediaWiki/Parser48]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser48|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser48 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser48}}</s>
+
| <s>Yes</s> No.
+
|
+
| No.
+
| $wgAllowExternalImages is enabled by default in 1.6 stable, but it is turned off in 1.7 and Trunk by default.<br />This can be abused on a 1.6 wiki to create a page which when viewed will log the user off.
+
|-
+
| <s>[[MediaWiki/Parser2]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser2|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser2 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser2}}</s>
+
| No
+
|
+
| No
+
|-
+
| <s>[[MediaWiki/Parser20]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser20|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser20 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser20}}</s>
+
| No
+
|
+
| No.
+
| Nowiki allows malformed URI (e.g. generates multi-line hrefs). Passes W3C validation, but tidy gives warnings, and the<br>links don't act like normal links (in Firefox, at least) - clicking on them does nothing.
+
|-
+
| <s>[[MediaWiki/Parser23]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser23|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser23 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser23}}</s>
+
| No.
+
|
+
| No.
+
| Pre allows malformed URI. Fails validation (unlike nowiki).
+
|-
+
| <s>[[MediaWiki/Parser45]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser45|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser45 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser45}}</s>
+
| No.
+
| [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-June/015710.html r14730]
+
| <s>Yes</s> No.
+
| PHP notices on the page history with bad input + E_ALL.
+
|-
+
| <s>[[MediaWiki/Parser46]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser46|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser46 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser46}}</s>
+
| No.
+
|
+
| <s>Yes</s> No.
+
| Bad input on Page History that causes SQL error.
+
|-
+
| <s>[[MediaWiki/Parser50]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser50|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser50 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser50}}</s>
+
| No
+
|
+
| <s>Yes</s> No.
+
| Gives PHP fatal error on bad input on Special:Userlogin
+
|-
+
| <s>[[MediaWiki/Parser47]]</s>
+
| <s>[[Special:Export/MediaWiki/Parser47|Export Wiki Source]]</s>
+
| <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser47 W3C Validator]</s>
+
| <s>{{tidy-html|page=MediaWiki/Parser47}}</s>
+
| No.
+
|
+
| <s>Yes</s> No.
+
| Two PHP notices on Special:Contributions with bad input + E_ALL.
+
|}
+
  
 
==Logged in bugzilla==
 
==Logged in bugzilla==

Revision as of 16:53, 6 July 2008

Hello visitor! If you found this page, then you probably wanted something else. Here are links to what you're probably looking for:

Now back to your regularly scheduled programming....

Various MediaWiki 1.7.1 and extension parser tests, that fail HTML validation and/or have potential security issues. There is a MediaWiki bug report covering this. Some were found by hand, but most of these were found by fuzz testing of MediaWiki, using a modified PHP port of the Python port of mangleme. The original source code is available, although the version now in the MediaWiki trunk is much more current. Lastly, all the MediaWiki tests listed below are released into the public domain, and as such you're welcome to incorporate them into any software you like, under any license you like.

Very funny pictures <a href=" engines ">momspornvideo</a> 7327 <a href=" porn women ">free porno downloads</a> 187134 

<a href=" porno videos ">home video porn</a>  3417 <a href=" porno video ">xxx asian porn xxx</a>  ezdibb

It's serious <a href=" clips ">gay porn movies</a> 8[[ <a href=" blog ">thumb vintage porno</a> ouc

Logged in bugzilla

Lately most new things have been logged in bugzilla, which makes them easier to track.

There is a small amount of overlap between this page and bugzilla, namely for the following bugs:

Test Wiki Source Validate HTML Tidy HTML Security
aspects? 		Fixed in Visible
Artefacts? 		Notes and any extra info.
MediaWiki/Parser51 Export Wiki Source W3C Validator Tidy HTML No Yes PHP warnings on malformed cookie session_id on Special:Userlogin. Also logged as MediaZilla:6538

Definition of Security Aspects

For the above table, "security aspect" is defined as anything that causes the start of a tag to be missing, or the end to be missing, or attributes of any type that should not be there to be injected. For example:

  • <p><td><s></p> would not be considered to have a security aspect because all the tags are appearing ok (are not malformed), although it is invalid HTML.
  • <a href="http://as<td></td><td class="external free"><p>user text here would be considered to have a security aspect because the "href" string is not properly terminated, and so the "external free" part is injected as attributes.
  • A string missing the start of a tag would also be considered to have a security aspect - e.g. <th>|||||" class="external free" title="https://||||||" rel="nofollow">https://</th> - because the <a href="xxx part has been cut off. Probably not exploitable - but certainly a worse category of bug than just getting tags in the wrong order.

So to sum up: if tags are just in the wrong order, but are otherwise complete and well-formed, then it is not a security issue; otherwise it is considered to potentially be, and is listed as "Yes" in the above table.

Retrieved from "http://nickj.org/index.php?title=MediaWiki&oldid=3055"