Last modified: 2006-12-15 10:07:33 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T6823, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 4823 - CAPTCHA can be fooled by html-comments in the URL
CAPTCHA can be fooled by html-comments in the URL
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Normal normal with 5 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
http://test.wikipedia.org/w/index.php...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-01 11:34 UTC by Mathias Schindler
Modified: 2006-12-15 10:07 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Mathias Schindler 2006-02-01 11:34:21 UTC 
http://<!-- -->www.spamurl.tld does not get noticed by the CAPTCHA thing
Comment 1 Rob Church 2006-02-01 13:38:17 UTC 
I suppose the simplest solution is to strip out HTML comments before doing
processing on text with any extensions, hooks or hacks.
Comment 2 bdk 2006-03-09 06:33:53 UTC 
*** Bug 5185 has been marked as a duplicate of this bug. ***
Comment 3 Tristan Miller 2006-10-21 01:05:29 UTC 
I don't understand what this issue has to do with CAPTCHAs.  Can someone please
explain it to me?
Comment 4 Angela 2006-10-21 01:09:22 UTC 
(In reply to comment #3)
> I don't understand what this issue has to do with CAPTCHAs.  Can someone please
> explain it to me?

Captchas are invoked if someone tries to save an external link on a page, but if
they start that link with http://<!-- -->www. instead of http://www. the captcha
is not invoked, making it easier for spam bots to save their spam.
Comment 5 Brion Vibber 2006-12-15 10:07:33 UTC 
Fixed in r18349, using the parser to extract links as SpamBlacklist does.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links