I found these vulnerabilities while trying to setup seccheck. Although
I'm not sure whether seccheck recognised them, I'm sure that they exist
since I did manual tests, and it's possible to inject custom scripts
with these.
Change-Id: I97804be8352a1b784d483195edb29e363a0c616e
This is taken from I6a57a28f22600aafb2e529587ecce6083e9f7da4 and makes
all the needed changes to make phan pass. Seccheck will instead fail,
but since it's not clear how to fix it (and it is non-voting), for the
moment we may merge this and enable phan on IC.
Bug: T192325
Change-Id: I77648b6f8e146114fd43bb0f4dfccdb36b7ac1ac
This should fix every error with excluded rules, leaving only the one
for $wgTitle. A double check would be nice in order to avoid regressions
due to stupid mistakes.
Bug: T178007
Change-Id: I22c179f3a01d652640304b59e43fcb5b5a9abac3
Hopefully this is really the last one: the tiny form at the bottom of
Special:AbuseLog/# to access private details.
Bug: T132284
Change-Id: I3f91beb482b3b85e12b65464914b0ac57ec983df
Public comments are parsed in some places and they are
shown as plain text in others. Always show them as
plain text instead of parse them.
Bug: T173249
Bug: T141670
Change-Id: I173ffab1a99c1536cca260b76be0d95a4966b139
The IP is currently displayed as plain text. Add instead userLinks in
the usual way to provide some handy links for CUs.
Bug: T188600
Change-Id: I47ee007f450f06a1a19b4c7598373a952efbe06a
Users can choose whether they want to see entries
that changed the wiki or didn't (or they can apply
no filter).
Bug: T159061
Change-Id: I6cee9b001c26c4bbc837131781deef27d5e3ef1a