Last modified: 2010-11-29 16:40:35 UTC
Bug for tracking the potential html injection when the database server isn't available fixed in r77422. Wikis which set $wgServer in their LocalSettings or are in a virtual host would never be vulnerable. For sites which show the wiki in the default host, it will depend on how forgiving is their webserver and php stack for that garbled input, although some kind of foolable proxy —moreover wrongly caching errors (or the default output buffering is disabled and something incorrectly sent a previous text)— would also need to be present in order to make that useful for a potential attacker.
Correction: r77423