Last modified: 2014-09-22 17:51:41 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T41463, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 39463 - Installer should detect mod_security(2) via get_apache_modules() and give warning
Installer should detect mod_security(2) via get_apache_modules() and give war...
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
Installer (Other open bugs)
1.20.x
All All
: Normal enhancement (vote)
: 1.25.0 release
Assigned To: Jackmcbarn
:
Depends on:
Blocks: 15350
  Show dependency treegraph
 
Reported: 2012-08-17 20:35 UTC by Bawolff (Brian Wolff)
Modified: 2014-09-22 17:51 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Bawolff (Brian Wolff) 2012-08-17 20:35:00 UTC 
mod_security(2) does weird things, like cause apache to serve a 500 error if people use words like "select" in an article. Since there is no error given to user, people blame us.

we should detect with get_apache_modules() and warn user when installing mediawiki about this, because this sort of "security" is just stupid
Comment 1 Bawolff (Brian Wolff) 2012-08-19 18:56:01 UTC 
And oh look, I was poking around in Installer.php today, and noticed we actually already do this.

But there appears to be a mod_security2 we still need to check for (I think, need to do some googling)
Comment 2 Gerrit Notification Bot 2014-09-20 15:30:44 UTC 
Change 161669 had a related patch set uploaded by Jackmcbarn:
Improve mod_security warning

https://gerrit.wikimedia.org/r/161669
Comment 3 Jackmcbarn 2014-09-20 15:31:52 UTC 
I'm also wondering if we should add something to Special:Version that says if mod_security(2) is loaded, so that we can point it out immediately to users when they show us their wiki with these random problems.
Comment 4 Gerrit Notification Bot 2014-09-22 17:38:58 UTC 
Change 161669 merged by jenkins-bot:
Improve mod_security warning

https://gerrit.wikimedia.org/r/161669
Comment 5 Kunal Mehta (Legoktm) 2014-09-22 17:51:41 UTC 
(In reply to Jackmcbarn from comment #3)
> I'm also wondering if we should add something to Special:Version that says
> if mod_security(2) is loaded, so that we can point it out immediately to
> users when they show us their wiki with these random problems.

Eh, that seems like a slippery slope. Anyways, probably out of scope for this bug.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links