[Pkg-mediawiki-devel] Bug#685324: Local File Inclusion Vulnerability in contrib script

Steven Chamberlain steven at pyro.eu.org
Tue Aug 21 22:41:43 UTC 2012

tags 685324 = security upstream patch

Bug affects an example script in the documentation only.

Untrusted paths are used by file() and opendir().  A patch committed
upstream tries to sanitise the inputs. [1]

But these and other user-supplied data are still echoed out unescaped,
so I think would allow XSS if someone used the script on a public-facing
webserver.  The code looks like it might have all sorts of other issues.

It seems obsoleted by cssgen2.php, which does not need to accept user
input at all.  That is distributed already in php-geshi

So I suggest removing the cssgen.php file altogether.  Thank you.


Steven Chamberlain
steven at pyro.eu.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bug685324.patch
Type: text/x-patch
Size: 15254 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20120821/af1173dc/attachment.bin>

More information about the Pkg-mediawiki-devel mailing list