Last modified: 2009-04-01 20:43:07 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T20298, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 18298 - Security problem with supressing redirects
Security problem with supressing redirects
Status: RESOLVED DUPLICATE of bug 16950
Product: MediaWiki
Classification: Unclassified
Redirects (Other open bugs)
unspecified
All All
: Highest normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-01 08:59 UTC by Lolsimon
Modified: 2009-04-01 20:43 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Lolsimon 2009-04-01 08:59:38 UTC
For sysops, the rename function has since a few weeks also a function to suppress the redirect. Of course, this is a useful function, but I have seen there are some serious security problems in this new feature.

On the originally page where the page was, nothing can be seen that the page is renamed. When they rename a page with the supressing option, they are easily able to let a page disappearing, and it's very hard to see who did this and where the page actually is, esecially on a larger wiki such as nl.wikipedia (many moderators, logs etc.)

In the deletion logs of the page, there should be visible that the page has been renamed without redirect, so it's possible to see who did this and to see where the page is now. But now it's almost impossible when a page dissapeares, to see who dit this and where the page is!


This is a pretty serious security thread, which should be fixed very soon (or set it off until there is a fix)!


(this bug should also be added to the Mediawiki category)
Comment 1 Mike.lifeguard 2009-04-01 20:43:07 UTC

*** This bug has been marked as a duplicate of bug 16950 ***

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links