Last modified: 2013-04-16 08:53:11 UTC
In various places within the Uniwiki Custom Toolbar extension, user-supplied text (either from within pages, messages, or POST\GET data) is injected in to JavaScript without sanitization - this poses a possible security vulnerability and would likely cause the extension to malfunction if a quotation mark were included in any of the pieces of text. The following lines in CustomToolbar.php are possibly affected: 152, 159, 166, 331, 332, and 333.
Clarified bug summary so I don't get scared when I see it.
According to one of its developer (Mark), Uniwiki extensions for MediaWiki are not under active development anymore "and it is safe to declare them obsolete/wontfix." It is unlikely that there will be any further active development. Closing this report as WONTFIX as part of Bugzilla Housekeeping and adding the whitespace entry "extension[unmaintained]". Please feel free to reopen this bug report in the future if anyone takes the responsibility for active development again.