Extension:Nuke Templating
From MediaWiki.org
|
Nuke Templating Release status: stable |
|
|---|---|
| Implementation | Page action, User rights |
| Description | Provides the site administrator a way to police the usage of templates on a MediaWiki installation. |
| Author(s) | user:jldupont |
| Version | 1.0 |
| MediaWiki | 1.8.2 |
| Download | [1] |
| Hooks used | |
Contents |
[edit] Why is this useful ?
This extension is useful in environments where additional security prone capabilities are enabled e.g. Extension:Runphp page.
Please read about security issues with authorization extensions
[edit] Issue with Runphp
There is a security hole when Runphp based extensions are used. A malicious user can craft a page which contains templates which, once saved, parse to make up <runphp> (or equivalent) tags. The exploit uses the substitution templating function to achieve this feat.
| WARNING: the code or configuration described here poses a major security risk.
Problem: template is expanded in preview mode |
[edit] Features
- No code change
- Support for additional right templating. Integration with:
[edit] Source Code
Source Code and additional information can be found at [2].

