Difference between revisions of "MediaWiki"
From Nick Jenkins
m |
m |
||
| Line 1: | Line 1: | ||
Various MediaWiki 1.6.7 and extension parser tests, that fail HTML validation and/or have potential security issues. There is a [[:MediaZilla:5066|MediaWiki bug report]] covering this. Some were found by hand, but most of these were found by [http://www.cs.wisc.edu/~bart/fuzz/fuzz.html fuzz testing] of MediaWiki, using a modified PHP port of [http://www.securiteam.com/tools/6Z00N1PBFK.html the Python port] of [http://www.securityfocus.com/archive/1/378632/2004-10-15/2004-10-21/0 mangleme]. The [http://files.nickj.org/MediaWiki/wiki-mangleme.phps source code is available], although the [http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/maintenance/wiki-mangleme.php version now in the MediaWiki trunk] is probably more current ([http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/maintenance/wiki-mangleme.php?view=log changelog]). Lastly, all the MediaWiki tests listed below are released into the public domain, and as such you're welcome to incorporate them into any software you like, under any license you like. | Various MediaWiki 1.6.7 and extension parser tests, that fail HTML validation and/or have potential security issues. There is a [[:MediaZilla:5066|MediaWiki bug report]] covering this. Some were found by hand, but most of these were found by [http://www.cs.wisc.edu/~bart/fuzz/fuzz.html fuzz testing] of MediaWiki, using a modified PHP port of [http://www.securiteam.com/tools/6Z00N1PBFK.html the Python port] of [http://www.securityfocus.com/archive/1/378632/2004-10-15/2004-10-21/0 mangleme]. The [http://files.nickj.org/MediaWiki/wiki-mangleme.phps source code is available], although the [http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/maintenance/wiki-mangleme.php version now in the MediaWiki trunk] is probably more current ([http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/maintenance/wiki-mangleme.php?view=log changelog]). Lastly, all the MediaWiki tests listed below are released into the public domain, and as such you're welcome to incorporate them into any software you like, under any license you like. | ||
| − | == | + | == Security items == |
| + | None currently. | ||
| − | == | + | == HTML Validation or PHP errors or SQL errors == |
| − | + | ||
| − | + | ||
{| border="1" | {| border="1" | ||
| Line 77: | Line 76: | ||
| bgcolor=grey | Yes | | bgcolor=grey | Yes | ||
| Shrinks font, moves the left navigation bar down about 160 pixels, strikes out almost all text. | | Shrinks font, moves the left navigation bar down about 160 pixels, strikes out almost all text. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| [[MediaWiki/Parser8]] | | [[MediaWiki/Parser8]] | ||
| Line 128: | Line 118: | ||
| No. | | No. | ||
| [http://mail.wikipedia.org/pipermail/wikitech-l/2006-April/034637.html Explanation]. Security aspects [http://svn.wikimedia.org/viewvc/mediawiki?view=rev&sortby=date&revision=13441 fixed in 1.6.1], although still fails W3C Validation. | | [http://mail.wikipedia.org/pipermail/wikitech-l/2006-April/034637.html Explanation]. Security aspects [http://svn.wikimedia.org/viewvc/mediawiki?view=rev&sortby=date&revision=13441 fixed in 1.6.1], although still fails W3C Validation. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| [[MediaWiki/Parser15]] | | [[MediaWiki/Parser15]] | ||
| Line 173: | Line 136: | ||
| No. | | No. | ||
| <s>Generates Tidy error due to <th> tags out of order.</s> <s>[http://mail.wikipedia.org/pipermail/wikitech-l/2006-April/034770.html As of 1.6.1, dropped the '<a href="xxx' string.</s>]<br> Security aspects fixed in 1.6.6, although still fails W3C Validation. | | <s>Generates Tidy error due to <th> tags out of order.</s> <s>[http://mail.wikipedia.org/pipermail/wikitech-l/2006-April/034770.html As of 1.6.1, dropped the '<a href="xxx' string.</s>]<br> Security aspects fixed in 1.6.6, although still fails W3C Validation. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| [[MediaWiki/Parser20]] | | [[MediaWiki/Parser20]] | ||
| Line 209: | Line 145: | ||
| No. | | No. | ||
| Nowiki allows malformed URI (e.g. generates multi-line hrefs). Passes W3C validation, but tidy gives warnings, and the<br>links don't act like normal links (in Firefox, at least) - clicking on them does nothing. | | Nowiki allows malformed URI (e.g. generates multi-line hrefs). Passes W3C validation, but tidy gives warnings, and the<br>links don't act like normal links (in Firefox, at least) - clicking on them does nothing. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| [[MediaWiki/Parser23]] | | [[MediaWiki/Parser23]] | ||
| Line 281: | Line 199: | ||
| <s>Yes</s> No. | | <s>Yes</s> No. | ||
| Attribute injection in Cite extension fixed in [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-May/015380.html r14400], and visual aspects fixed in [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-May/015379.html r14399] | | Attribute injection in Cite extension fixed in [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-May/015380.html r14400], and visual aspects fixed in [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-May/015379.html r14399] | ||
| + | |- | ||
| + | | [[MediaWiki/Parser33]] | ||
| + | | [[Special:Export/MediaWiki/Parser33|Export Wiki Source]] | ||
| + | | [http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser33 W3C Validator] | ||
| + | | {{tidy-html|page=MediaWiki/Parser33}} | ||
| + | | No. | ||
| + | | | ||
| + | | bgcolor=grey | Yes. | ||
| + | | Numerous Tidy errors (using both the command-line version, and the Firefox plugin, but not with the web version) | ||
| + | |- | ||
| + | | [[MediaWiki/Parser34]] | ||
| + | | [[Special:Export/MediaWiki/Parser34|Export Wiki Source]] | ||
| + | | [http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser34 W3C Validator] | ||
| + | | {{tidy-html|page=MediaWiki/Parser34}} | ||
| + | | No. | ||
| + | | | ||
| + | | bgcolor=grey | Yes. | ||
| + | | Whacky page rendering, indents the nav bar from the left margin and into body text. | ||
| + | |} | ||
| + | |||
| + | |||
| + | |||
| + | == Completely fixed == | ||
| + | |||
| + | {| border="1" | ||
| + | ! Test | ||
| + | ! Wiki Source | ||
| + | ! Validate HTML | ||
| + | ! Tidy HTML | ||
| + | ! [[#Definition of Security Aspects|Security<br>aspects?]] | ||
| + | ! Fixed in | ||
| + | ! Visible<br>Artefacts? | ||
| + | ! Notes and any extra info. | ||
| + | |- | ||
| + | | <s>[[MediaWiki/Parser7]]</s> | ||
| + | | <s>[[Special:Export/MediaWiki/Parser7|Export Wiki Source]]</s> | ||
| + | | <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser7 W3C Validator]</s> | ||
| + | | <s>{{tidy-html|page=MediaWiki/Parser7}}</s> | ||
| + | | No | ||
| + | | 1.6.1 | ||
| + | | No. | ||
| + | | Completely fixed in 1.6.1 - valid HTML, no artefacts, no tidy errors. | ||
| + | |- | ||
| + | | <s>[[MediaWiki/Parser13]]</s> | ||
| + | | <s>[[Special:Export/MediaWiki/Parser13|Export Wiki Source]]</s> | ||
| + | | <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser13 W3C Validator]</s> | ||
| + | | <s>{{tidy-html|page=MediaWiki/Parser13}}</s> | ||
| + | | <s>Yes</s> No. | ||
| + | | 1.6.6 | ||
| + | | No. | ||
| + | | <s>sDrops the '<a href="xxx' string. [http://mail.wikipedia.org/pipermail/wikitech-l/2006-April/034659.html Explanation for this + Parser14 + Parser14-table].</s> Completely fixed in 1.6.6. | ||
| + | |- | ||
| + | | <s>[[MediaWiki/Parser14]]</s> | ||
| + | | <s>[[Special:Export/MediaWiki/Parser14|Export Wiki Source]]</s> | ||
| + | | <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser14 W3C Validator]</s> | ||
| + | | <s>{{tidy-html|page=MediaWiki/Parser14}}</s> | ||
| + | | <s>Yes</s> No. | ||
| + | | 1.6.6 | ||
| + | | <s>Yes</s> No. | ||
| + | | <s>TOC insertion</s> Completely fixed in 1.6.6. | ||
| + | |- | ||
| + | | <s>[[MediaWiki/Parser14-table]]</s> | ||
| + | | <s>[[Special:Export/MediaWiki/Parser14-table|Export Wiki Source]]</s> | ||
| + | | <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser14-table W3C Validator]</s> | ||
| + | | <s>{{tidy-html|page=MediaWiki/Parser14-table}}</s> | ||
| + | | <s>Yes</s> No. | ||
| + | | 1.6.6 | ||
| + | | <s>Yes</s> No. | ||
| + | | <s>TOC insertion</s> Completely fixed in 1.6.6. | ||
| + | |- | ||
| + | | <s>[[MediaWiki/Parser17]]</s> | ||
| + | | <s>[[Special:Export/MediaWiki/Parser17|Export Wiki Source]]</s> | ||
| + | | <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser17 W3C Validator]</s> | ||
| + | | <s>{{tidy-html|page=MediaWiki/Parser17}}</s> | ||
| + | | <s>Yes</s> No. | ||
| + | | 1.6.1 | ||
| + | | No. | ||
| + | | Completely fixed in 1.6.1 - valid HTML, no artefacts, no tidy errors. | ||
| + | |- | ||
| + | | <s>[[MediaWiki/Parser18]]</s> | ||
| + | | <s>[[Special:Export/MediaWiki/Parser18|Export Wiki Source]]</s> | ||
| + | | <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser18 W3C Validator]</s> | ||
| + | | <s>{{tidy-html|page=MediaWiki/Parser18}}</s> | ||
| + | | <s>Yes</s> No. | ||
| + | | 1.6.1 | ||
| + | | No. | ||
| + | | Completely fixed in 1.6.1 - valid HTML, no artefacts, no tidy errors. | ||
| + | |- | ||
| + | | <s>[[MediaWiki/Parser19]]</s> | ||
| + | | <s>[[Special:Export/MediaWiki/Parser19|Export Wiki Source]]</s> | ||
| + | | <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser19 W3C Validator]</s> | ||
| + | | <s>{{tidy-html|page=MediaWiki/Parser19}}</s> | ||
| + | | <s>Yes</s> No. | ||
| + | | 1.6.1 | ||
| + | | No. | ||
| + | | Completely fixed in 1.6.1 - valid HTML, no artefacts, no tidy errors. | ||
| + | |- | ||
| + | | <s>[[MediaWiki/Parser21]]</s> | ||
| + | | <s>[[Special:Export/MediaWiki/Parser21|Export Wiki Source]]</s> | ||
| + | | <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser21 W3C Validator]</s> | ||
| + | | <s>{{tidy-html|page=MediaWiki/Parser21}}</s> | ||
| + | | <s>Yes</s> No. | ||
| + | | 1.6.6 | ||
| + | | No. | ||
| + | | Completely fixed in 1.6.6 - valid HTML, no artefacts, no tidy errors. | ||
| + | |- | ||
| + | | <s>[[MediaWiki/Parser22]]</s> | ||
| + | | <s>[[Special:Export/MediaWiki/Parser22|Export Wiki Source]]</s> | ||
| + | | <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser22 W3C Validator]</s> | ||
| + | | <s>{{tidy-html|page=MediaWiki/Parser22}}</s> | ||
| + | | <s>Yes</s> No. | ||
| + | | 1.6.6 | ||
| + | | No. | ||
| + | | <s>Double links injection.</s> Completely fixed in 1.6.6 - valid HTML, no artefacts, no tidy errors. | ||
|- | |- | ||
| <s>[[MediaWiki/Parser27]]</s> | | <s>[[MediaWiki/Parser27]]</s> | ||
| Line 314: | Line 346: | ||
| <s>{{tidy-html|page=MediaWiki/Parser29}}</s> | | <s>{{tidy-html|page=MediaWiki/Parser29}}</s> | ||
| No. | | No. | ||
| − | | | + | | r14475 |
| No. | | No. | ||
| Invalid <left> tag on bad timeline extension input. Fixed in [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-May/015455.html r14475]. | | Invalid <left> tag on bad timeline extension input. Fixed in [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-May/015455.html r14475]. | ||
| Line 323: | Line 355: | ||
| <s>{{tidy-html|page=MediaWiki/Parser30}}</s> | | <s>{{tidy-html|page=MediaWiki/Parser30}}</s> | ||
| No. | | No. | ||
| − | | | + | | N/A. |
| No. | | No. | ||
| Bogus - unable to reproduce problem. | | Bogus - unable to reproduce problem. | ||
|- | |- | ||
| − | | [[MediaWiki/Parser31]] | + | | <s>[[MediaWiki/Parser31]]</s> |
| − | | [[Special:Export/MediaWiki/Parser31|Export Wiki Source]] | + | | <s>[[Special:Export/MediaWiki/Parser31|Export Wiki Source]]</s> |
| − | | [http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser31 W3C Validator] | + | | <s>[http://validator.w3.org/check?uri=http://nickj.org/MediaWiki/Parser31 W3C Validator]</s> |
| − | | {{tidy-html|page=MediaWiki/Parser31}} | + | | <s>{{tidy-html|page=MediaWiki/Parser31}}</s> |
| − | | | + | | <s>Yes</s> No. |
| − | | | + | | 1.6.7 |
| No. | | No. | ||
| Limited attribute injection using inputbox extension + another extension. | | Limited attribute injection using inputbox extension + another extension. | ||
| Line 344: | Line 376: | ||
| No. | | No. | ||
| [http://mail.wikipedia.org/pipermail/wikitech-l/2006-June/035974.html User-specified JavaScript execution]. Must be running an experimental extension, so most installations are<br />NOT affected. Wiki text not released yet. [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-June/015491.html Fixed in trunk by r14511], and fixed in 1.6.7. | | [http://mail.wikipedia.org/pipermail/wikitech-l/2006-June/035974.html User-specified JavaScript execution]. Must be running an experimental extension, so most installations are<br />NOT affected. Wiki text not released yet. [http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-June/015491.html Fixed in trunk by r14511], and fixed in 1.6.7. | ||
| − | | | + | |} |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | |||
Revision as of 07:23, 16 June 2006
Various MediaWiki 1.6.7 and extension parser tests, that fail HTML validation and/or have potential security issues. There is a MediaWiki bug report covering this. Some were found by hand, but most of these were found by fuzz testing of MediaWiki, using a modified PHP port of the Python port of mangleme. The source code is available, although the version now in the MediaWiki trunk is probably more current (changelog). Lastly, all the MediaWiki tests listed below are released into the public domain, and as such you're welcome to incorporate them into any software you like, under any license you like.
Contents
Security items
None currently.
HTML Validation or PHP errors or SQL errors
| Test | Wiki Source | Validate HTML | Tidy HTML | Security aspects? |
Fixed in | Visible Artefacts? |
Notes and any extra info. |
|---|---|---|---|---|---|---|---|
| MediaWiki/Parser1 | Export Wiki Source | W3C Validator | Tidy HTML | No | Yes | Stikes out almost all text. Explanation for this + Parser1-hidden + Parser2 + Parser3 + Parser4 + Parser5. | |
| MediaWiki/Parser1-hidden | Export Wiki Source | W3C Validator | Tidy HTML | No | Yes | Hides almost all text, which also makes all page links unavailable. | |
| MediaWiki/Parser2 | Export Wiki Source | W3C Validator | Tidy HTML | No | No | ||
| MediaWiki/Parser3 | Export Wiki Source | W3C Validator | Tidy HTML | No | No | ||
| MediaWiki/Parser4 | Export Wiki Source | W3C Validator | Tidy HTML | No | No | ||
| MediaWiki/Parser5 | Export Wiki Source | W3C Validator | Tidy HTML | No | Yes | Shrinks font, moves the top page action links up about 5 pixels and left about 10 pixels. | |
| MediaWiki/Parser6 | Export Wiki Source | W3C Validator | Tidy HTML | No | Yes | Shrinks font, moves the left navigation bar down about 160 pixels, strikes out almost all text. | |
| MediaWiki/Parser8 | Export Wiki Source | W3C Validator | Tidy HTML | No | No | ||
| MediaWiki/Parser9 | Export Wiki Source | W3C Validator | Tidy HTML | No | No | ||
| MediaWiki/Parser10 | Export Wiki Source | W3C Validator | Tidy HTML | No | No | ||
| MediaWiki/Parser11 | Export Wiki Source | W3C Validator | Tidy HTML | |
No. | Explanation. Security aspects fixed in 1.6.1, although still fails W3C Validation. | |
| MediaWiki/Parser12 | Export Wiki Source | W3C Validator | Tidy HTML | |
No. | Explanation. Security aspects fixed in 1.6.1, although still fails W3C Validation. | |
| MediaWiki/Parser15 | Export Wiki Source | W3C Validator | Tidy HTML | No | No. | | |
| MediaWiki/Parser16 | Export Wiki Source | W3C Validator | Tidy HTML | |
No. | Security aspects fixed in 1.6.6, although still fails W3C Validation. | |
| MediaWiki/Parser20 | Export Wiki Source | W3C Validator | Tidy HTML | No | No. | Nowiki allows malformed URI (e.g. generates multi-line hrefs). Passes W3C validation, but tidy gives warnings, and the links don't act like normal links (in Firefox, at least) - clicking on them does nothing. | |
| MediaWiki/Parser23 | Export Wiki Source | W3C Validator | Tidy HTML | No. | No. | Pre allows malformed URI. Fails validation (unlike nowiki). | |
| MediaWiki/Parser24 | Export Wiki Source | W3C Validator | Tidy HTML | |
No. | | |
| MediaWiki/Parser25 | Export Wiki Source | W3C Validator | Tidy HTML | |
No. | | |
| MediaWiki/Parser25-variant1 | Export Wiki Source | W3C Validator | Tidy HTML | |
No. | | |
| MediaWiki/Parser25-variant2 | Export Wiki Source | W3C Validator | Tidy HTML | |
No. | | |
| MediaWiki/Parser26 | Export Wiki Source | W3C Validator | Tidy HTML | |
|
Attribute injection in Cite extension fixed in r14400, and visual aspects fixed in r14399 | |
| MediaWiki/Parser33 | Export Wiki Source | W3C Validator | Tidy HTML | No. | Yes. | Numerous Tidy errors (using both the command-line version, and the Firefox plugin, but not with the web version) | |
| MediaWiki/Parser34 | Export Wiki Source | W3C Validator | Tidy HTML | No. | Yes. | Whacky page rendering, indents the nav bar from the left margin and into body text. |
Completely fixed
| Test | Wiki Source | Validate HTML | Tidy HTML | Security aspects? |
Fixed in | Visible Artefacts? |
Notes and any extra info. |
|---|---|---|---|---|---|---|---|
| |
|
|
|
No | 1.6.1 | No. | Completely fixed in 1.6.1 - valid HTML, no artefacts, no tidy errors. |
| |
|
|
|
|
1.6.6 | No. | |
| |
|
|
|
|
1.6.6 | |
|
| |
|
|
|
|
1.6.6 | |
|
| |
|
|
|
|
1.6.1 | No. | Completely fixed in 1.6.1 - valid HTML, no artefacts, no tidy errors. |
| |
|
|
|
|
1.6.1 | No. | Completely fixed in 1.6.1 - valid HTML, no artefacts, no tidy errors. |
| |
|
|
|
|
1.6.1 | No. | Completely fixed in 1.6.1 - valid HTML, no artefacts, no tidy errors. |
| |
|
|
|
|
1.6.6 | No. | Completely fixed in 1.6.6 - valid HTML, no artefacts, no tidy errors. |
| |
|
|
|
|
1.6.6 | No. | |
| |
|
|
|
No. | No. | PHP warning, fixed in r14480. | |
| |
|
|
|
|
1.6.7 | No. | Limited attribute injection using Sort extension + another extension (References in this example). Can no longer reproduce, is certainly fixed in 1.6.7. |
| |
|
|
|
|
1.6.7 | No. | Limited attribute injection using Sort extension + another extension (Math in this example). |
| |
|
|
|
No. | r14475 | No. | Invalid <left> tag on bad timeline extension input. Fixed in r14475. |
| |
|
|
|
No. | N/A. | No. | Bogus - unable to reproduce problem. |
| |
|
|
|
|
1.6.7 | No. | Limited attribute injection using inputbox extension + another extension. |
| |
|
|
|
|
1.6.7 | No. | User-specified JavaScript execution. Must be running an experimental extension, so most installations are NOT affected. Wiki text not released yet. Fixed in trunk by r14511, and fixed in 1.6.7. |
Definition of Security Aspects
For the above table, "security aspect" is defined as anything that causes the start of a tag to be missing, or the end to be missing, or attributes of any type that should not be there to be injected. For example:
- <p><td><s></p> would not be considered to have a security aspect because all the tags are appearing ok (are not malformed), although it is invalid HTML.
- <a href="http://as<td></td><td class="external free"><p>user text here would be considered to have a security aspect because the "href" string is not properly terminated, and so the "external free" part is injected as attributes.
- A string missing the start of a tag would also be considered to have a security aspect - e.g. <th>|||||" class="external free" title="https://||||||" rel="nofollow">https://</th> - because the <a href="xxx part has been cut off. Probably not exploitable - but certainly a worse category of bug than just getting tags in the wrong order.
So to sum up: if tags are just in the wrong order, but are otherwise complete and well-formed, then it is not a security issue; otherwise it is considered to potentially be, and is listed as "Yes" in the above table.
