Last modified: 2006-12-15 10:07:33 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 4823 - CAPTCHA can be fooled by html-comments in the URL
CAPTCHA can be fooled by html-comments in the URL
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Normal normal with 5 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
http://test.wikipedia.org/w/index.php...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-01 11:34 UTC by Mathias Schindler
Modified: 2006-12-15 10:07 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Mathias Schindler 2006-02-01 11:34:21 UTC
http://<!-- -->www.spamurl.tld does not get noticed by the CAPTCHA thing
Comment 1 Rob Church 2006-02-01 13:38:17 UTC
I suppose the simplest solution is to strip out HTML comments before doing
processing on text with any extensions, hooks or hacks.
Comment 2 bdk 2006-03-09 06:33:53 UTC
*** Bug 5185 has been marked as a duplicate of this bug. ***
Comment 3 Tristan Miller 2006-10-21 01:05:29 UTC
I don't understand what this issue has to do with CAPTCHAs.  Can someone please
explain it to me?
Comment 4 Angela 2006-10-21 01:09:22 UTC
(In reply to comment #3)
> I don't understand what this issue has to do with CAPTCHAs.  Can someone please
> explain it to me?

Captchas are invoked if someone tries to save an external link on a page, but if
they start that link with http://<!-- -->www. instead of http://www. the captcha
is not invoked, making it easier for spam bots to save their spam.
Comment 5 Brion Vibber 2006-12-15 10:07:33 UTC
Fixed in r18349, using the parser to extract links as SpamBlacklist does.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links