Last modified: 2005-12-04 11:39:38 UTC
Not untainted uselang parameter is passed to eval(), in
setupLangObj function in Setup.php.
This causes server-/client-side serious security problem.
This shows 'test'.
Fixed on CVS HEAD and REL1_5, in 1.5.3 release. Bug was introduced in May 2005, bad regexp replacing a
(Since our bugzilla is public, consider reporting serious security issues by private e-mail. We'll get
a fix out as fast as we can, but if you posted at a bad time of day it might be sitting in public for
hours before it's read by us.)