Extension:Asksql
From MediaWiki.org
 |
WARNING: The code or configuration described here poses a major security risk.
Site administrators: You are advised against using it until this security issue is resolved. Problem: Vulnerable to SQL injection attacks, because it passes user input directly into SQL commands. This may lead to user accounts being hijacked, wiki content being compromised, private data being leaked, malware being injected, and the entire wiki content being erased, among other things. Solution: make proper use of MediaWiki's database class instead of concatenating raw sql |
 Release status: stable |
|||
|---|---|---|---|
| Implementation | Special page, Database | ||
| Description | Allows SQL queries through a special page in the wiki, without opening phpMyAdmin etc. | ||
| Author(s) | Brion Vibber | ||
| Last version | 2008-01-31 (2008-01-31) | ||
| MediaWiki | 1.12 and above | ||
| License | GPL | ||
| Download |
SVN [?]:
|
||
|
|||
|
|||
| Check usage and version matrix | |||
Asksql extension allows you to do SQL queries through Special:Asksql in the wiki, without opening phpMyAdmin etc.
Warning: Dangerous if not configured properly!
Installation [edit]
- Download and extract the files in a directory called "
Asksql" in your extensions/ folder. - Add the following code to your LocalSettings.php (at the bottom)
require_once( "$IP/extensions/Asksql/Asksql.php" ); $wgGroupPermissions['bureaucrat']['asksql'] = true;
Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
Configuration [edit]
On the individual pages for these settings, it says deprecated in 1.5, since this extension was split from core mediawiki in that version. If you've installed the extension, these settings apply regardless.
$wgAllowSysopQueriesSet to allow sysop queries (set totrueby default).$wgDBsqlpasswordThe password for $wgDBsqluser.$wgDBsqluserThe SQL user used for queries.
