Last modified: 2008-05-16 19:15:46 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T16154, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 14154 - Whitelisted URLs can appear outside the top domain name
Whitelisted URLs can appear outside the top domain name
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
ConfirmEdit (CAPTCHA extension) (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-16 18:27 UTC by Paul Lange
Modified: 2008-05-16 19:15 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Paul Lange 2008-05-16 18:27:33 UTC 
With ConfirmEdit you can whitelist URLs that you don't want to require a CAPTCHA using the MediaWiki:captcha-addurl-whitelist page. However you can't just whitelist a specific domain without a spammer being able to exploit it by adding the domain somewhere else in the URL.

For example: if you add wikimedia\.org to whitelist the wikimedia.org domain,
http://examplewikimedia.org/
http://wikimedia.org.example.com/
http://example.com/?http://wikimedia.org/
will all be able to bypass the CAPTCHA.
Comment 1 Nakon 2008-05-16 18:41:15 UTC 
You can add a boundary by using \bdomain\.com\b .
Comment 2 Brion Vibber 2008-05-16 19:15:46 UTC 
The generated regex wasn't properly anchored, so would match later in the URL than it should.

Fixed in r34932; also made it match both http and https.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links