Extension:Nuke Templating
From MediaWiki.org
 Release status: stable |
|||
|---|---|---|---|
| Implementation | Page action, User rights | ||
| Description | Provides the site administrator a way to police the usage of templates on a MediaWiki installation. | ||
| Author(s) | user:jldupont | ||
| Last version | 1.0 | ||
| MediaWiki | 1.8.2 | ||
| License | No license specified | ||
| Download | [1] | ||
|
|||
|
Check usage (experimental) |
|||
Contents |
[edit] Why is this useful ?
This extension is useful in environments where additional security prone capabilities are enabled e.g. Extension:Runphp page.
Please read about security issues with authorization extensions
[edit] Issue with Runphp
There is a security hole when Runphp based extensions are used. A malicious user can craft a page which contains templates which, once saved, parse to make up <runphp> (or equivalent) tags. The exploit uses the substitution templating function to achieve this feat.
 |
WARNING: the code or configuration described here poses a major security risk.
Problem: template is expanded in preview mode |
[edit] Features
- No code change
- Support for additional right templating. Integration with:
[edit] Source Code
Source Code and additional information can be found at [2].
